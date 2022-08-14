The number of cyber attacks is increasing because it is a profitable business for criminals, says Antti Partanen, the new CEO of IBM Finland. That’s why taking care of information security is a common concern for everyone.

Cyber ​​attacks the number has increased globally. The latest news about the attacks on the parliament’s website and the information systems of the news service STT deny that Finland is not a separate island from this phenomenon either.

On the contrary, says the recent CEO of the technology company IBM Finland Antti Partanen. Cybercrime is an organized, international activity that does not care about national borders.

“We should also wake up to that in this society. Some still naively think that this does not concern me. Finnish companies are under threat in the same way as others,” says Partanen.

Cyber ​​attacks the number has increased, the costs caused by them are increasing and they are becoming more complex, according to IBM’s recent Cost of Data Breach report.

For the report, IBM analyzed 550 global organizations that were targeted by a cyber attack between March 2021 and March 2022.

According to the report, the cost of security breaches has increased by 13 percent in two years, and on average one attack costs a company about $4.35 million.

Of the surveyed companies, 60 percent said that they had increased the price of products or services after the information security attack. Cyber ​​attacks therefore contribute to accelerating inflation even more.

A cyber attack costs consist of many different things. First of all, costs arise when data is lost.

For example, a Finnish construction consulting company To wax according to the company’s estimate, the targeted cyber attack wiped out up to half a year’s worth of work. So the work done has to be done again, which of course costs money.

Costs also arise when the company’s operations are interrupted due to information system problems. A company cannot function if employees cannot access its systems.

Finding out the extent of the damage and repairing it also costs a lot of money. In the worst case, the systems have to be rebuilt from scratch.

Ransomware cybercriminals who use it may also demand ransom from companies.

Is it worth paying the extortionist?

“It’s not worth it,” says Partanen to one.

“ “When you pay once, the extortionists get to know that you are ready to pay.”

According to an IBM report, companies that paid ransomware ransoms lost an average of $600,000 less than companies that did not.

However, the sum does not include the pot paid to criminals. When the amount of the ransom is included, the costs rise higher than for those companies that did not pay the ransom.

According to information security company Sophos, the average extorted amount rose to $812,000 last year.

Antti Partanen, CEO of IBM Finland.

Cyber ​​attacks the number is increasing because it is good business for criminals, says Partanen.

In addition to potential ransoms, cyber attackers gain income by selling stolen data. Valuable data can be personal data of customers and employees as well as confidential information, such as innovations or research results.

Partanen’s message is that individuals, companies and states should wake up and develop their own digital defense.

“The traditional model has been to build thicker walls and doors, i.e. it has been protected with firewalls and vpn. It is no longer today,” says Partanen.

According to Partanen, an information security strategy should be built at first.

“We believe in the zero trust model, i.e. ‘trust no one and make sure’. For example, with employees who work remotely, you should always make sure that they are who they say they are and check which device they use to access the network.”

New technology is needed to help with this. According to Partanen, artificial intelligence can be harnessed to identify vulnerabilities in the system faster than a human.

“ “If criminals are allowed to get ahead, we won’t be able to catch them anymore.”

Finally, you have to build a defense. It includes training against information security attacks.

Employees also need to be trained. Humans are typically the weakest link in an information security system. Common mistakes include, for example, overly easy and commonly used passwords and downloading non-secure applications to devices.

“No technology can prevent an employee from telling the company’s secrets to the outside world, but technology can create a work environment where it becomes more difficult to make mistakes and security breaches,” says Partanen.

IBM’s according to the report, as many as 83 percent of the companies included in the survey had been the target of a cyber attack more than once.

Then the costs arising from the attack will also be paid several times.

Preparation also has costs, but they should be proportionate to the risk of attack.

Partanen says that a good defense makes a company a less attractive target for attackers. A well-prepared company also recovers from an attack faster than others.

The better companies know how to defend themselves against cyber attackers, the worse business it is for the attackers. Over time, effective preparation could also lead to a decrease in the number of cyber attacks.

