By Klavs Andersen
Today, businesses are facing new and serious challenges when it comes to cybersecurity. The threats in cyberspace may be fatal to businesses and innovation is required to ensure efficient protection. Many businesses are not aware of the real threats and, therefore, they do not know how to protect themselves. At the same time, the explosion of cybercrime has implied that there is an acute lack of IT security experts, such as CISOs (Chief Information Security Officers). NNIT has developed a range of services to help businesses establish a proper level of security.
A few years ago, cyber criminals were typically young hackers spending their spare time trying to hack into ”interesting” systems or shut down entire systems for short or long periods of time - just for the triumph of succeeding. Today, the most serious threats come from professional and organized criminal groups with the very purpose of robbing businesses and their clients of money and business-critical data. This new threat makes it necessary for businesses to be proactive when it comes to IT security.
”The world has changed during these past few years. The business processes have been digitalized all the way from product development and production to customer management and sales. An increasing amount of business is conducted over the Internet and it makes organizations much more vulnerable to attacks on their systems,” Management Consultant John Clayton says.
"With the entire business online, the threat becomes significantly aggravated and organizations are forced to relate to a situation where the threat does not only consist of broad virus attacks.
Today, the IT criminals focus on organizations and their different business areas. They have much more sophisticated tools at their disposal than before and are able to get access to the organization’s network and stay hidden while they do their harmful deeds.
They disrupt the business and try to get access to data that can be sold to competitors or criminal groups. The attacks are much more sophisticated and they may be quite profitable.
In addition to the threat from cyberspace, the organizations are facing increasingly strict requirements from the public authorities on efficient data protection. They may risk paying heavy fines if they lose credit card information or other personal data to IT criminals,” John Clayton points out.
In recent years, several spectacular hacker attacks have attracted a lot of attention in the global press and cost millions of dollars and layoffs in the organizations that were affected by these attacks. This was, for example, the case of a big American retail chain, John Clayton explains:
”The hackers gained access to the retail chain’s payments system - probably by breaking into the IT systems of a subsupplier of airconditioning systems - and stole all the company’s credit card information. The case has cost almost 10 million dollars and, in addition to this, also cost the CEO and the IT Manager their jobs”.
The example serves to prove that IT security is no longer just an issue for the CIO, the nature of the threats and the significant financial consequences require the management to get involved in the protection of the IT systems against any kind of attack.
Kidnapping of vital data where hackers encrypt data, for instance by means of so-called “ransomware”, and then demand large amounts of money to decrypt it has become a very serious threat in the past few years:
NNIT estimates that this type of cyber blackmail combined with other types of data theft has developed into a billion-dollar business for professional IT criminals.
The threats are not only aimed at the finances of the organizations, but may deprive them of their competitive power because the hackers also try to steal their intellectual property, John Clayton points out:
”It may, for instance, be product development data or patents, which is the basis of the entire business. The crown jewels of the business are becoming more and more at risk”.
He adds that the weak links in the chain are often quite ordinary people:
”The hackers focus on the weak links, for instance through phishing where they take over people’s computers and use them as tools to collect data and transfer it to their own systems”.
Today, cybercrime has the potential to harm not just the virtual world, such as websites, emails, and computer systems, but it may also have significant consequences to the physical world. Consequently, IT security has become an extensive and complex job. It is not just an off-the-shelf item that the businesses can go out and buy.
The entire organization has to be involved and this at a pace that allows for the new security strategies to be implemented successfully. Unfortunately, a lot of Danish businesses do not have the resources to deal with data protection, critical systems, and regulatory requirements all at once. It is almost impossible to have a team of security experts on duty 24/7 and at the same time be updated on the threat picture and the legislation, which change all the time. This is exactly where NNIT can help.
Please contact Helge Skov Djernes at email@example.com or +45 3075 8868 if you want to learn more about how NNIT can help you enhance your IT security.