March 30, 2015

How to protect against cyber attacks in a digitalised world (Part 1)

Mikael Salonaho

Chief Risk Officer, Tieto

Without data communication or IT, it would be very difficult for any organization or company to operate. We have become massively more dependent on ICT than we were a few years ago.

One of the backsides of digitalisation is that any disturbances in IT infrastructure and systems are immediately visible to a large number of users, whether in their professional or private lives.

This makes everything more visible and concrete, but it doesn't necessarily make us more vulnerable as long as we know how to act and protect ourselves in the cyber world, where bits and atoms are connecting.

What is a cyber threat and where does it come from?

Cyber security is a new buzzword for information security. It is something any organisation should be aware of and have a strategy and action plan for. In fact, it´s nothing new, only the bar has been raised much higher than before because the impact of it is larger and new threats appear at a much faster pace than before. Think about what is going on in the networks by groups like "script kiddies", hacktivists, criminals, and state financed players.

For instance, the launch of internet banks marked an important milestone in the growing attention of cyber security. Online banks eased our lives a lot, but also started raising questions. We have seen many attacks against them, such as recent severe Denial of Service (DoS) attacks, which aim to make harm, not to steal data.

Lately, the possibilities for different attacks have increased as more and more services are based on ICT and accessed through the Internet. Think about all the different business processes, automatic utility systems, Industrial Internet solutions, SCADA (supervisory control and data acquisition) systems, online shopping and online gaming / gambling.

There are a lot of possibilities for hackers who want to harm and cause inconveniences in the cyber world. This, of course, might increase the sentiment of insecurity, but in the end is mostly about a feeling, not a real security threat.

Then, there are of course attacks which aim to steal sensitive data and disrupt society. And these cause the real threat for the security. To stop these, we need to be prepared.

What can you do to protect?

Actually, we have been preparing for cyber attacks for more than 20 years, as the work that has been done in the area of IT/Information security also applies to cyber security. So, it´s basically nothing new. Old rules still apply.

The key rules are:

  • Keep your systems up to date
  • Educate your employees, so they are aware of the threats
  • Use the newest technologies to protect yourself
  • Make sure you are able to respond and act if something happens

Nevertheless, since there are more opportunities for mischief than before, it is not enough to do what you used to do -- you need to do much more of it now. Unfortunately, the bad guys are also very good at utilizing the newest technology, which has made their job much easier, and your job to defend much harder. Typically, the attacker has an easier task than the defender; all the attacker needs to do is find one flaw or vulnerability.

In cloud, data location matters

Protecting your systems and data in cloud does not differ in principle from traditional environments. Same rules apply to virtual environments, only again, you need to be more agile, better organized and more systematic than before. In practice, the only way to succeed in cloud is to protect the services by implementing the security in an automated and standardized way.

When using Cloud, it's very important to know where your data is located. For some organisations, such as public authorities or financial institutions, there are legislative requirements about data location. In these cases, data security and privacy are ensured by law.

A cloud provider who will run all your data in secure Nordic data centres is the right option if you want to know where your data really is and who has access to it. This is especially true for organisations belonging to the nation's critical infrastructure. These organisations are mandated by law to have certain degree of preparedness in place for different kind of situations, like crises.

It´s a tricky game we play against cyber criminals. On this blog, I have been setting the scene for cyber security. In my next blog, you will get more detailed information on how to protect against cyber attacks.

Mikael Salonaho works as Chief Risk Officer in Tieto and Risk Management Director in Tieto´s Managed Services. His mission is to maintain and improve risk management and security culture in the company for the benefit of both Tieto and its customers.

Stay up-to-date

Get all the latest blogs sent you now!