Digitalisation has given us a tool for instant global communication, the Internet. This development is basically positive in many ways, but unfortunately it also means that the possibilities of violating the networks of others are increasing. This since almost all devices connected to the Internet potentially can be hacked. Advanced cyber-attacks from various directions, even from state attackers in other countries, are therefore today unfortunately part of our everyday life.
What is the purpose of these attacks?
Cyber-attacks organised by states usually aim to overcome information that is important for the security of the country. The strategies behind a nations foreign policy, vulnerabilities in the society and the level of total defense are examples of information that attackers might be interested in.
Research results, development projects and patent applications are other important sources of information that can be a target from an attacker’s side. The purpose of this industrial espionage is, among other things, to boost their own industry and to generate competitive advantages.
How does the attackers act?
One of the most important approaches for an attacker, trying to get hold of socially important information, is to send malicious code to employees and their relatives. Since these emails often are very sophisticated, the recipient usually isn’t suspicious.
Other ways are to use online services for ordinary citizens or to place out malicious code to outsourcing companies or third-party vendors.
What can we do?
In order to detect these attacks and build effective protection against them, we need to increase our knowledge of cybersecurity. We need to establish our total defense by rebuilding a civil defense that is prepared for various types of attacks.
All companies, authorities and organisations also need to increase their awareness of the risk of IT attacks and realise the importance of working with information security issues in a continuous and structured manner. Annual risk and security analysis are a good start, as well as looking at how to work with network segmentation to ensure confidentiality.
If you need advice and guidance on how to think about cybersecurity, you are welcome to contact us at Advenica.