Are we taking cybersecurity seriously enough?

27 Aug 2018

There are many examples of companies and organisations that have paid a high price for a lack of information security, both financially and in terms of their reputation. But why aren’t more resources and a higher priority given to preparing for cyberattacks?

The Danish shipping company Maersk says that the cyberattack against them in 2017 cost the company between 200–300 million dollars. Utility companies are suffering from cyber-related malfunctions in several places around the world, for example in Ukraine. There are many more examples.

ship

The term often mentioned alongside cybersecurity is cyber-resilience. Cyber-resilience is the resistance to a possible cyberattack and consists of technology combined with people and processes in the organisation and how well you manage to connect these technical aspects with your business aspects.

But how much energy and money are really put into cybersecurity?

87 % haven’t learned from previous mistakes

According to a survey by the Global Economist Intelligence Unit (EIU), most organisations invest less than 1-2% percent of their revenues in cyber-resilience.

The average cost of financing cyber-resilience is approximately 1.7% of the revenue.

The survey, conducted among 450 companies worldwide, shows a lack of ability to learn from previous cyberattacks - only 13% of board members feel that their organisation has learned from past mistakes in cybersecurity. Likewise, few people say that their level is above average compared to competitors when drawing lessons from a cyberattack. Only 15% of companies indicate that they spend enough on the proactive part of cybersecurity in cyber-resilience.

Too much faith in technology

The latest technology and the most skilled IT department are not enough to defend against cyber-related threats. The management and board must have an ambition to put cybersecurity high on the agenda.

Today’s cybercapacity extends beyond technical solutions - if there is no willingness to prioritise security awareness internally, investing in products is a waste of time.

Too much faith in their own ability

When we look at the Swedish market we see that 90 % of companies consider themselves to have better cybersecurity compared to their competitors. More than a third even state that they are leaders in cybersecurity.

So how is it that we believe we know all about cybersecurity? Are we just being naïve? Perhaps there is a psychological idea that what hasn’t happened won’t happen. A kind of “It’s been OK so far” mentality.

attack

But in reality, cybercrime is increasing and the average time it takes to discover that you are under attack is 191 days. This means that you can make the decision not to prioritise cybersecurity while an attacks is actually taking place.

Too few companies have sufficient priority in cybersecurity. Only a quarter of companies have appointed someone in the board to be responsible for the organisation's cybersecurity. 43 % do not have any insurance against cyber threats, although a hacker attack is estimated to cost about 30 million SEK.

Belief in the future

It's time to take security seriously to avoid high risks and costs that could be much more than investing in building a security-conscious organisation. Businesses today are direct targets for many cyberattacks and companies that depend on IT systems for operation, monitoring and governance are particularly vulnerable.

Information that needs to be protected should be identified and new processes introduced to eliminate the risk of information leakage.

If you are transparent and take proper care of information security, you have every opportunity to show yourself as being competitive in many contexts, such as recruitment, new business partnerships and to encourage customers to start or continue using your digital services. It's time to take cybersecurity seriously.

2023-11-22

Secure digitalisation

What is ransomware?

What can the effects be when you are struck by a ransomware attack? And what can be done to minimise the consequences?

2023-10-24

Cross Domain Solutions

Data diodes - an effective alternative to air gaps

Have you chosen not to connect the systems to the outside world using air gaps? There are other solutions that are more secure and more cost-effective.

2023-10-10

Critical Infrastructure

The cyber threats to critical infrastructure operational technology (OT) – how to protect your operations

The threats to critical infrastructure are constantly increasing and therefore systematic work with concrete cybersecurity measures is vital.

2023-09-12

Digital responsibility

How to secure your logging

To reduce the risks of centralised logging, a solution is needed that protects both log data and all connected systems.

2023-08-30

Digital responsibility

How to conduct secure updates

Avoid security risks with updates by using the right security solutions.

2023-08-15

Secure digitalisation

How to achieve secure remote access

Many organisations depend on remote access through RDP, for example to allow suppliers to perform maintenance or for operating personnel for monitoring.

2023-06-21

Stay secure during the summer

Summer season is a time when many attackers strike, as many businesses wind down for vacation time. We give you 5 tips and a simple summer security checklist!

2023-06-08

Secure digitalisation

7 tips to strengthen the security of your supply chain

Because they can be both devastating and have far-reaching consequences, all businesses simply need to review the security of their supply chain.

2023-05-24

Cross Domain Solutions

What types of data diodes are there?

In this blog post, we will discuss the different data diodes that Advenica offers and how these can be used with or without software.

2023-03-22

Secure digitalisation

The only constant is that things change - the way cyber threats have evolved

Håkan Ahrefors, IT manager and security specialist at Advenica, reflects about the development of cyberattacks.

2023-03-08

Secure digitalisation

Digitalisation vs. security

Digitalisation has made our everyday life easier. But is security keeping up at the same pace so that we can trust that our digital services are safe?

2023-03-02

Secure digitalisation

The history of malware

The history of malware goes back further than most might think. We have listed some of the most significant ones in history so far!

2023-02-16

Compliance

NIS 2 has been published

The NIS 2 directive is now published, and the countdown has begun for the deadline that organisations in the EU must adopt the directive.

2023-02-09

Secure digitalisation

Trend scouting in cybersecurity

We have asked three of our cybersecurity experts to comment on trends for the new year. What do they think will happen in cybersecurity in 2023?

2023-02-02

Network segmentation

Segmentation – the constant security solution

A solution that has existed for a long time, and is still a secure approach today, is segmentation.

2023-01-19

Compliance

How to avoid sanctions from NIS 2

NIS 2 means that there will be a risk of large fines if requirements are not met. So how do you ensure that your organisation will not be hit by the sanctions?

2022-12-08

Cross Domain Solutions

3 security problems that authorities can solve with the help of data diodes

Authorities are increasingly exposed to various types of cyberattacks. To protect yourself, you need to raise the level of cybersecurity work.

2022-11-24

Compliance

What is The Cyber Resilience Act?

In this blog post, we will clarify what the Cyber Resilience Act is and what impact it will have.

2022-11-10

Network segmentation

What is logical separation?

In this blog post, we will explain what logical and physical separation is and what the perks are.

2022-10-25

Secure digitalisation

What can a lack of information security lead to?

In this blog post, we will explain the consequences of inadequate information security.

2022-10-12

Critical Infrastructure

Increased security for wind turbines

In an increasingly unstable world, we are seeing more and more attacks on critical infrastructure.

2022-09-28

Compliance

New proposed directive - NIS 2

There is a proposal for a new directive which originates from the NIS directive – this new proposed directive is called NIS 2.

2022-09-14

Compliance

NIS, GDPR and the Protective Security Act – what is the difference between them?

In this blog post, we will explain a handful of recently introduced security laws and regulations, and what sets them apart from each other.

2022-09-01

Digital responsibility

Building cyber resilience

ENISA and CERT-EU have listed a number of recommendations that all should follow for better cyber resilience – we have elaborated on two on them!

2022-08-18

Cross Domain Solutions

What a data diode can spare you

Some might hesitate to invest in cybersecurity. We will explain what a data diode can spare you!

2022-06-28

Secure digitalisation

How management can organise their business to avoid cyberattacks

In this blog post, we have listed a few things to consider to be able to avoid being affected by cyberattacks!

2022-06-14

Digital responsibility

Lack of competence in cybersecurity - a matter for management

The need for competencies and competence in cybersecurity is constantly increasing. But, there is a shortage of competence.

2022-06-01

Secure digitalisation

Is your network isolation leaking?

What if there was a leak in the network that you thought was isolated? Information security is more important than ever and requires structured work.

2022-05-18

Critical Infrastructure

How can energy companies become less vulnerable?

With more frequent and increasingly vicious cyberattacks, vulnerabilities in IT architecture pose a severe threat for energy companies.

2022-05-04

Secure digitalisation

5 tips for how you better can protect yourself against cyberattacks

In this blog post, we describe 5 important tips you should be aware of to better protect yourself against cyberattacks!

2022-04-20

Digital responsibility

Why CISOs should work with Cyber Risk Quantification (CRQ)

Cyberattacks are constantly increasing. Because of this, there is an increasing need for cyber risks to be measured and reported in financial terms.

2022-04-06

Corporate

Retailers new targets for cyberattacks

Many recent cyberattacks have been targeted at retailers who are becoming increasingly more vulnerable.

2022-02-09

Cross Domain Solutions

Log4j and Log4Shell – how can you protect yourself?

In December 2021, a vulnerability was found in the Java module Log4j. There are ways to protect yourself against this type of vulnerability!

2022-01-26

Cross Domain Solutions

What is the best way to protect your network?

We explain the functionalities of three solutions that can protect your network, so that you can better understand what might be the best one for you!