The scope of digital attacks is continually increasing, which means that society is exposed to excessive vulnerability and risk in many areas. We need to stand together across industries and sectors if we are to prevent the accelerating growth in digital attacks. Openness and collaboration are essential.
The Norwegian National Security Authority’s report for 2014 makes clear that the internet is an attractive arena in which to steal information, conduct espionage and make criminal gains. According to the report, entitled Fokus 2014, the sources of serious digital threats range from state intelligence and security services to companies, terrorist and extremist groups, and organised hackers. The landscape is global and difficult to analyse.
Increasing number of attacks
According to the National Security Authority’s annual report, the number of threats that targeted Norway continued to increase in 2013. Its operations centres processed 15,815 internet security incidents last year, 50 of which were serious digital infiltration attempts.
In April of this year a new vulnerability was uncovered in the OpenSSL library, which became known popularly as Heartbleed. This is a reminder to all of us of how easily our systems can be compromised due to weaknesses in security modules that are common to many systems.
Sweeping it under the carpet
The number of cyber attacks that target Norwegian entities may threaten the economy, welfare standards and functions critical to society. Awareness surrounding these attacks is low. One contributory reason for this is that the victims of attacks often do not wish this to become public knowledge. Many fear the negative consequences that this can lead to. This is understandable, but I am of the opinion that greater openness as well as training based on real incidents is important to making Norway safer. As a society we need to reduce our vulnerability and to equip ourselves to deal with the increasing number of more advanced attacks. The IT industry has a key role to play in this, and we must work more closely together with other sectors, as well as with the public authorities.
More and more organisations are implementing measures designed to reduce the risk of attacks, and security is more often on the agenda than previously. One of the government’s focus areas is on developing the scale of expertise in Norway and strengthening cooperation in the security area. The government wants to increase its focus on advice and guidance, and has allocated NOK 16 million for this purpose in 2014. Implementing preventative security measures and improving expertise across society’s sectors are areas receiving much attention. As a participant in and representative of the IT industry, EVRY hopes to contribute more to this important work.
Securing the infrastructure that is critical to society
Over the last 12 to 18 months EVRY has seen the number of serious DDoS attacks more than double (attacks where someone tries to prevent access to web-based services). These attacks target some of our customers that provide services that are of great importance to society. We have for some considerable time recognised the importance of being proactive in order to keep the threat profile under control. This includes both technological and organisational investment, such as stronger infrastructure and automated defence mechanisms. The result of this is that the attacks have so far been stopped, and have had little or no consequences for our customers.
In addition to developing our expertise, improving the level of security and becoming more skilful at discovering and dealing with digital attacks, we need to regard digital attacks as criminal activity. As with other types of crime, digital attacks need to be dealt with seriously, and even if investigating them can be demanding, it is important that it is done. Increased awareness and high-quality collaboration with the police authorities are crucial for success, and we have a shared responsibility to achieve this.
Contact us to learn more