I am not writing to scare you, but to reassure you.
Currently, all conversations with business leaders either start or end with cyber risks or hybrid threats and how to combat them. Despite the gloom, this is a positive thing. Cyberattacks are a more dangerous threat than many of us care to admit, and the responsible thing is to talk about them in a solution-oriented manner.
Taking care of the security and continuity of a company is not only a business issue. Cyberattacks have made us conscious of the most dangerous consequences – human suffering.
In Finland, many remember how a massive data breach at the psychotherapy center Vastaamo tarnished its management and lead to the company's bankruptcy. Regrettably, the bigger and more significant damage is often left unaddressed. Looting patient information from Vastaamo and leaking it to criminals was a national disaster and it’s still ongoing. The irreparable damage and suffering caused to around 40,000 Finns remains.
Under an ever-increasing threat – together and alone
The digital operating environment of Finnish society is being bombarded by experimental troublemakers, professional criminals, and the cyber forces of foreign states. For a long time now, the Finnish National Cyber Security Centre's cyber weather forecast has been reporting on the increased risks, threats, and successful attacks in the digital environment. The cyber night is upon us.
In the traditional domain of defense and protection, defense forces protect us from external attackers while the police and guards restrain internal evildoers.
When it comes to cyberattacks, companies and individuals must fight against them relying mainly on their own strength and skills, together and alone.
We are waging a difficult protection battle against hostilities. Alone and together, we can increase cyber security and build iron fences on digital borders. But the means of a professional or state attacker are powerful, and out of thousands and hundreds of thousands of attacks they only need to succeed once. The consequences can be devastating.
Photo: Christina Forsgård, who specializes in cyber crises, led a cyber crisis simulation exercise for the international PrivacyRules alliance in Lisbon using Netprofile's H72 model. The participants were lawyers specializing in cyber crises, as well as IT experts and communication professionals from more than 20 different countries.
Companies have plenty to guard
Many of the daily battles and defensive victories in cyberspace have become commonplace. The continuous cyber bombardment keeps organizations on their toes, especially those that have a key role in keeping up the national security of supply. Technical protection level is increased with repeated additional investments, and rightly so.
However, at the same time companies should prepare themselves for the unwanted situation where a significant cyber risk materializes despite all protection, and the situation cannot be controlled with everyday means, resources, and methods of operation.
Companies have understood that the technical protection level requires continuous development. What many of them fail to realize is that also crisis planning and training for exceptional situations needs equal attention.
The same skills and processes used with everyday routines will not be useful in leading or managing a crisis. Very few companies are under continuous pressure from unexpected events. Therefore, it is essential to prepare for exceptional situations with skills and processes tailored for them.
The challenges of the cyber night are multifaceted. So, let's prepare and practice the swordmanship of crisis management together. Cyber nights can be conquered by cyber knights!
Read more about Netprofile's H72 cyber crisis management model and the service we offer.
