You support national security

Why do the authorities choose to share a report like this with the public? Their motivation for sharing this information is to train the Norwegian population in digital security. Through Risiko 2024, they are shown the risks we face if the Norwegian population continues as they have always done. The hope of the authorities is probably that the report will open the eyes of companies and individuals who do not think about or care about digital security today. We who work with IT security every day dream that everyone thinks about digital security in the same way that people automatically lock the door, install an alarm or hire a security company for their company.

In the report, the security actors go to great lengths to explain why each individual person and each individual company has a responsibility. The Norwegian business community supports national security, but what does that mean?

Businesses in Norway buy from each other crosswise. We have up to several subcontractors on our list which ensures that we can deliver what we need to our market. So how does it affect security? Yes, what many people forget when looking for a subcontractor is to check their security procedures. Because even if you and your employees have the best routines and are as strict as you can, you still have security holes. They are located further down the supply chain.

Subcontractors can be hacked and lose everything, including your data, drawings, recipes and other business-critical information. Or they can get a number of targeted phishing attack (mail fraud) against them and be asked to pay out money, pay false invoices or share specific information about you. Suddenly they go bankrupt because large sums have disappeared, or maybe you get hacked because they shared the information the hackers needed to reach you.

You and your subcontractors employ people who must be trained in digital security. As a business, you must take responsibility for your digital security and hold your subcontractors accountable. That way we can ensure the Norwegian business community to a much greater extent. From a security perspective, knowledge is power. The expertise to recognize phishing attacks, fake websites and other scams can save your business. As a bonus, you can save grandma from the princes of Nigeria too. Isn't that nice?

Let's look at the six things you need to know

1. Get an overview of what you depend on to operate.

Map values, services and products that are fundamental to running your business. Identify potential threats, whether from external sources such as hackers or internal risk factors such as employee knowledge and expertise in the field. Mapping this is crucial to being able to create an overall security strategy. This may include carrying out risk assessments, assessing vulnerabilities in systems and networks, and establishing contingency plans for handling potential attacks or breaches of data security. Are you curious about what a contingency plan entails? Read more about it here: Contingency plan for IT: What it is and why you should have it

2. Are you a small business? The hackers don't think about that. Size doesn't matter here. Therefore, you must ensure that you have a solid infrastructure in place and a good security culture internally. Because although small businesses may not have the same resources as larger companies, they are still just as vulnerable to cyber attacks. Here, it is important to implement robust security protocols, including firewalls, anti-virus software, regular security updates and employee training in computer security. If you cannot do it yourself, we recommend getting an IT supplier who can assist you. These are important steps to protect yourself from potential threats.

3. Are you a subcontractor or do you have many subcontractors?

Then you should follow your routines and ensure that your partners do the same. You are most likely a tempting target! As part of a supply chain, you are a potential weakness that hackers can target to gain access to larger companies or organizations. Conducting thorough security audits of your own systems and processes, as well as communicating and working with your suppliers to ensure best practices for data security are followed throughout the supply chain, is critical. This may include establishing secure communication channels, implementing stricter authentication and access controls, as well as regularly auditing suppliers' security policies.

4. You as an individual can be a target.

As an individual, you are also vulnerable to cyber attacks, especially if you have access to sensitive data or resources that could be tempting for hackers. It's important to be aware of privacy and security risks, including limiting the sharing of personal information online, always being suspicious of unknown inquiries or requests, and implementing robust security protocols for devices and accounts you control.

5. Do you buy and import digital services from abroad?

When considering digital services from abroad, you must be aware of potential threats that may come with it. This includes not only hidden back doors, but also the risk of data leaks, intelligence collaboration and even sabotage. It is important that you do thorough work and risk assessments before purchasing foreign services and entering into agreements with foreign suppliers. What you can do is research the vendor's security practices, their certifications, check for past security breaches, and their reputation in the industry. In addition, you should consider implementing measures at your place such as encryption, network segmentation and monitoring to limit exposure and handle any security incidents if they occur.

6. Cyber ​​attacks are becoming more and more advanced.

With the growth we are seeing in advanced threat actors and the use of advanced technologies such as artificial intelligence (AI) in cyber attacks, it is necessary to understand how these attacks are evolving and adapt your security efforts accordingly. This requires you to gain a thorough understanding of attack techniques and vulnerabilities, but also learn your ability to use advanced tools and technologies to prevent cyber attacks from taking place. We recommend starting with AI and machine learning. Familiarize yourself with the tools before moving on. In the long run, you can use AI to detect anomalous activities and anomalies in your network traffic, and develop adaptive defenses that can adapt and respond continuously to threat actors' tactics. Investing in research, training and collaboration with security experts is essential to keep pace with the ever-changing nature of cyber threats and protect your business from future attacks.

Would you like to read the report yourself? You can find it here: Risk 2024.