Växjö Central Hospital, first to have medical records on tablets
On 15 January 2019, the Swedish Security Service issued a press release stating that there are deficiencies in the work carried out on digital security at authorities and companies in Sweden.
On 15 January 2019, the Swedish Security Service issued a press release stating that there are deficiencies in the work carried out on digital security at authorities and companies in Sweden. The same press release made clear that the intelligence threat against Sweden is significant and the Swedish Security Service encourages organisations and society in general to undertake extensive work to reduce the gap between threat and protection.
It is good that the Swedish Security Service is so clear in expressing itself about the situation. Digital security in general at many Swedish companies is deficient and neither is it sufficiently prioritised. It is therefore important that the problem is coming to the surface so that companies appreciate its seriousness.
From a digital security perspective, it is alarming how many companies meriting protection are currently consciously keeping people in the dark about their shortcomings and even regarding digital hacking out of fear of a poor reputation and fines that can be levied in accordance with GDPR and NIS.
Even when there is sufficient awareness and budget in the companies, we often observe how implementation is deficient. The work must therefore be given significantly greater priority in order to address the seriousness of the situation.
Today no more than 20% of all Swedish medium-sized and large companies have functional protection. The problem is that many of them rely entirely on traditional passwords, firewalls and virus programs, but the truth is that the hackers learned long ago to overcome this type of protection.
The Swedish Security Service's press release highlights some of the major risks of poor protection - leaked trade secrets and personal data. In distinction from military threats and terrorism, areas in which society is protected, companies do not have the same overall protection. Today it is entirely up to each individual organisation to arrange its own protection for its digital assets, despite the fact that hacking does not just damage the companies, but can also damage society in various ways.
The forces that want to access digital assets are invisible, In distinction from those that entail physical threats. That might be why it is hard to really grasp how simply an invisible enemy can systematically, and with great patience, survey a business. Qualified assets such as source code and design drawings are usually reasonably well protected. So, instead, less protected material in companies' ecosystems is surveyed, such as correspondence with subcontractors, law offices, advertising agencies, quotations, reports and social networks. Based on this, the enemy creates an effective picture of the business. We must quite simply stop thinking that this just happens to others.
We believe that coordination and cooperation is required in order for cyber security to achieve sufficient quality in Swedish companies within a reasonable time. When each individual business tries to develop its own protection, it produces inferior security and moreover requires more resources.
More services are now needed for companies which make it possible to share costs and experiences with others.
Niklas Anderson, Partner Manager and co-founder of SecMaker
Share this article