U

Start » Learning Centre » Know-how » How to protect yourself against cyberattacks

How to protect yourself against cyberattacks

Reports of cyberattacks are increasing - but it can be difficult to know how to protect yourself against this threat.

Reports of cyberattacks are increasing – but it can be difficult to know how to protect yourself against this threat.

The increasing cyber threat

A more digitalised world means more and more opportunities for attackers to strike. For example, the use of connected “smart” products, also called IoT devices, is increasing rapidly. The more products that are connected to your network, the more ways in exist for a potential attacker.

It has also become apparent recently that thinking about security yourself is no guarantee – if your suppliers do not do it. An attack against your supplier can affect you to a very large extent, depending on the part the supplier has in your business.

It has also become more common with cyberattacks with higher aims than making money – attacks on critical infastructure and national databases are today a fact and are something that can ultimately cost society money, sensitive information, and lives. Despite this, there is currently not enough competence in the cybersecurity area.

 

Different types of cyberattacks

There are several different types of possible cyberattacks:

Malware

Malicious software such as computer viruses, spyware, Trojan horses, and keyloggers.

Ransomware

Ransomware is a form of malware that locks or encrypts data until a ransom is paid which may or may not give the victim access to the files again.

Phishing Attacks

The dishonest presentation of e.g. an e-mail or fake website that enables someone to retrieve sensitive information from the person that has received the message/visited the link (for example passwords or credit card information).

Social engineering

The psychological manipulation of individuals to obtain confidential information – this often overlaps with phishing.

 

Types of cyberattacks

Cyberattacks can have serious consequences

Being exposed to a cyberattack can have serious consequences for the affected company/organisation:

  • Large productivity losses as the attack can lead to interruptions and even longer production stops. The attack can also result in a more lasting deterioration in productivity.
  • Leakage or even loss of personal information about customers. Intellectual property rights are also at risk of being stolen.
  • The trust and reputation of the company can be severely damaged, which can lead to difficulties in gaining new customers in the future and difficulties in obtaining financing.
  • Large costs can arise in connection to the attack, among other things to pay external service providers to solve the problems with shut down computers and more, but also for extra work internally to solve the situation. It can also entail costs if you as a company do not meet the various requirements placed on the business.
  • There is a risk that the company will be forced to close its entire business, at least temporarily, which for a lot of businesses that are based on the fact that they are constantly running is a serious threat.

Benefits of cybersecurity

The benefits of utilising cybersecurity are obvious, and include things like:

  • Protect networks and data from unauthorised access
  • Improved information security and business continuity management
  • Improved stakeholder confidence in your information security arrangements
  • Improved company credentials with the correct security controls in place
  • Faster recovery times in the event of a breach

Increase in major cyberattacks

In the past years, the reporting of major cyberattacks has hardly gone unnoticed.

 

IT companies

In 2020, the IT company SolarWinds was the victim of an attack where attackers installed malicious code in the company’s update for the Orion monitoring application. This in turn led to the malicious code being installed at SolarWind’s customers when they installed the update. Thus, the attack affected not only SolarWinds, but all their customers who downloaded the update – which was not a few.

 

Critical infrastructure

In 2021, Colonial Pipeline suffered a ransomware attack that resulted in them shutting down their oil pipelines. The attackers had accessed and encrypted large amounts of data at the company, which they demanded a $5 million ransom to decrypt. The choice to shut down the oil lines was to minimise the damage and to ensure that nothing harmful reached their OT system.

 

Cyberattacks

 

Retail

There have also been a number of major cyberattacks in Sweden recently. In June 2021, Bauhaus was hit by an extensive IT attack which caused technical problems for stores in several countries. In Sweden alone, 22 department stores and 4,000 employees were affected as e-commerce, connections, business systems and inventory data were down.

During the summer of 2021, there were reports of IT breakdowns regarding the food chain Coop. 800 Coop stores were forced to close for several days due to an IT attack that caused their payment system to shut down. The attack was part of a larger global event targeting the US software company Kaseya. Several other Swedish and international companies were affected by the same event, for example Apoteket Hjärtat, the train company SJ and the petrol chain St1.

 

Municipalities

In December 2021, a serious malfunction was discovered in Kalix municipality’s IT system. In the afternoon of the same day, the municipality confirmed that it had been hit by a ransomware attack, which meant that the IT system had been locked by hackers who demanded a ransom to unlock it.

In connection to the attack, it emerged that on several occasions in recent years, criticism had been directed at the municipality’s IT security work and that it was unclear which shortcomings had been remedied since they were pointed out.

Threats against Sweden

Cyberattacks do not only mean lost money, trust or downtime, but can also have larger consequences that can affect society at large.

When it comes to critical infrastructure, a cyberattack can have disastrous consequences. The credit institute Moodys now mentions this sector as one of those that can have major consequences if they are exposed to a cyberattack. Not only can this affect Sweden’s economy, but it can also involve crashed electricity networks, contaminated water or hospitals that do not get access to medical records. These are just a few examples of the consequences that attacks on critical infrastructure can have on society.

 

Threats against Sweden

How to protect yourself against cyberattacks

Unfortunately, there is no one-time formula that allows you to completely protect yourself from all cyberattacks. But there is much you can do to prevent it from happening, but also ways to reduce the damage of an attack.

Read about four tips on how you can protect yourself and your business against cyberattacks:

 

1. Create a sustainable security culture

One thing that all organisations can do is to build a good security culture. Cybersecurity today is not only a technical challenge but also a human challenge – a matter of security culture. Criminals do not always only exploit technical deficiencies but often rely on people to access sensitive data and it is therefore the human factor that causes the most serious security breaches. Building and maintaining a strong security culture is therefore an extremely important part of cybersecurity work.

To improve the security culture, attitudes and behaviors must change. Organisations must see cybersecurity and security culture as a business-critical activity, and not as an isolated IT issue and management must prioritise the issue.

What should permeate the work with the security culture is to think of security as something that enables the work – it does not hinder it.

 

Segmentation

 

2. Segment your networks

Network segmentation reduces the risk and limits the damage of a cyberattack. Without it, there is a risk that sensitive information can leak or be manipulated, and that malware and ransomware can spread uncontrollably and quickly. Attackers do not normally take the direct path to the target, such as electricity distribution. Instead, they worm their way in via weak points far out in the architecture, via email or customer service, to reach their goal. State-funded attackers are also equipped with patience, prepared to work long-term doing everything in small steps, and are unfortunately often one step ahead. The harsh reality is that industrial control systems may have been attacked without anyone noticing.

When working with cybersecurity and segmenting your systems into security zones, it is a good idea to use risk analysis. In this way, you can avoid that the security work is carried out according to an undefined “ad hoc” method. In addition, it is often easier to explain and justify the investments you want to make if you can account for the risks you handle or reduce. The standard IEC 62443 is a good method to use when doing your risk-based zoning. Read more here!

 

3. Set higher security requirements for suppliers

To ensure that your information security solution is future-proof, it is important that you ensure that your supplier has a way of working that means that they take on the commitment to continue to be digitally responsible. Do they provide security updates throughout the life cycle of the product/service? Do they do regular threat and security analyses? Is their product/solution future-proof? These are important questions that you need to ask your supplier. Read more here!

 

Set higher requirements

 

4. Conduct secure updates

Nowadays, practically all businesses have to rely on software supply chains, even in the case of an on-premise IT infrastructure and local maintenance. Also, all software, whether it is an operating system or business application, need updates from vendors to implement new features, fix bugs or patch critical vulnerabilities. These updates are downloaded from the vendor, or from some other trusted party through the Internet. In some cases, some use portable media manually to decrease the risk of it to be tampered by a malicious outside actor. When implementing software updates, it is good security practice to use only trusted sources and verify the integrity of the update packages by checking that the HASH-sum of each downloaded package matches the sum informed by the vendor. But what if someone tampers with the package by placing additional payload, like a backdoor, ransomware or any other malicious content to the package at the source, the vendor? In this case, the vendor’s infrastructure would have been breached and the malicious content is placed to the software package without the vendor’s knowledge. For the businesses using or providing it to their customer, the integrity of the software packages would appear to be OK and the source would seem trustworthy.

 

Read our tips on how to protect yourself against cyberattacks!

Do you have questions? Do not hesitate to contact us!

New call-to-action


paper-cover_History-of-malware
 
 

Download guide

Related articles