2 important pieces of advice on how society can become less vulnerable to IT attacks
Recently, the media has been flooded with news of IT attacks affecting large sections of society. This shows how vulnerable our society is and that the security thinking is not in line with the path of digitalisation. By setting higher security requirements and using solutions with high assurance, the attacks and their societal consequences could have been limited!
The number of IT attacks are increasing
Recently, we have been able to read about several different major IT attacks that have affected companies in various industries. In June this year, Bauhaus was hit by a major IT attack, which caused technical problems for stores in several countries. In Sweden alone, 22 department stores and 4,000 employees were affected when e-commerce, connections, business systems and inventory data were down.
Most recently, Coop, among others, has been affected. 800 Coop stores were forced to close due to an IT attack which hit their payment system. The attack is part of a larger global event targeting the American software company Kaseya. Several other Swedish and international companies have been affected by the same event, such as Apotek Hjärtat, the train company SJ and the St1 petrol chain.
In 2020, the IT company SolarWinds was also exposed to an attack where attackers installed malicious code in the company's update for the surveillance application Orion. This in turn led to the malicious code being installed on SolarWind's customers when they installed the update. The attack thus affected not only SolarWinds, but all their customers who downloaded the update – and they have a lot of customers.
First piece of advice: Set higher security requirements for suppliers - take digital responsibility
These attacks show how important it is to have security in focus. When using subcontractors, you must include the security requirements as a given part of the agreement. Because - do you know how future-proof the solution you choose to invest in actually is? Who is responsible if your solution is hacked in a few years? Whose digital responsibility is it?
To ensure that your information security solution is future-proof, it is therefore important that you ensure that your supplier has a way of working that means that it takes on the commitment to continue to be digitally responsible. Do they provide security updates throughout the life of the product/service? Do they do regular threat and security analyses? Is their product/solution future-proof? These are important questions that you need to ask your supplier.
Second piece of advice: Use high assurance technical solutions
To avoid becoming a target for the ever-increasing number of IT attacks, you should also review which IT security solutions you and your subcontractors use. Cybercriminals are advanced and standard solutions are not enough if you want to be sure of being protected. Solutions at a higher level are required - solutions that can guarantee security by being made to meet the highest security requirements.
You need high assurance technical solutions to be protected from IT attacks
Since it is difficult to measure security, using assurance instead is preferred in the security area. A definition of assurance in this field is "the degree of confidence that a product or system correctly performs its required security functions and that they cannot be circumvented". To produce products with high assurance, it is necessary to control every step from design to aftermarket. This means, among other things, that all work must take place under strong security protection. Only then it is possible to produce products that can guarantee the prevention of intrusion, data leakage and tampering with information worthy of protection - products that live up to the highest security requirements.
This is the type of product you need if you want the highest possible protection against IT attacks - high assurance solutions. You therefore need to make sure to invest in the right kind of solutions to avoid that it is not your company that will be exposed the next time!
Do you need help reviewing your IT security and what solutions you need? Advenica has extensive experience in the cybersecurity area and offers solutions that meet the very highest security requirements. Contact us today!