Editorial
Is it Possible to Predict how the Cyber Year 2021 will Unfold? // Aapo Cederberg
T
HE EXCEPTIONAL YEAR of 2020 has
ended, which has brought various aspects of cyber security into the limelight. The Covid-19 crisis has caused an unprecedented digital leap through teleworking and other new digital services. Alongside this digital leap, a cyber leap is also required in order for the security of electronic services to evolve simultaneously with digitalisation. In practice, this means creating a new and credible cyber culture. The management of every company and organisation must outline a logical course of action starting with proper cyber situational awareness and a continuous up-to-date cyber risk analysis. The role of senior management is to make timely decisions and allocate sufficient resources to develop people’s ability to adopt new innovative technologies and to embed a cyber security culture in line with company’s security culture and business strategy. Last year, we witnessed the increase of new variants of cyber operations and the consistent growth of cybercrime. The question arises as to whether this came as a shock? Maybe not, perhaps the alarming developments in the cyber world were not taken seriously. At the beginning of last March, FISC (Finnish Information Security Cluster), for the first time, organised an event where Finnish cyber security companies presented their estimates on cost of future cyber development. Corona, its explosive spread, and its impact on our operating environment were not mentioned in any forecast, however other costs were brought up in one way or another. Were they taken seriously, perhaps not? However, preparing for future cyber threats is a basic condition for the success of all companies especially in the future, as this past year has shown us. The Cyberwatch Finland team reviews the development of the cyber world through quarterly reviews and by developing foresight with, for example, an artificial intelligence-based cyber engine. Developing foresight however, is made difficult due to global interdependence.
Everything is connected and black swans are unavoidable. Global politics influence the direction of cyber operations and the selection of targets, and conversely, successful cyber operations always cause a political crisis. This link is stronger than ever before, and cyber attacks are increasingly used to influence political decision-making. Russia and China have strengthened their capabilities by building their own independent Internets including all applications and are improving their satellite systems. Securing one’s own operating conditions is important if one wants to paralyse the opponent’s operational capacity and at the same time safeguard one’s own financial interests. Global political tensions are rising, and this was quite evident in the target choices for cyber operations and their set goals. Examples of this are the attacks on FireEye and government structures in the United States. The risk of escalation increases when nuclear weapons are targeted, in particular the firing and control systems. Concerns about this development were also expressed by the Chief of the General Staff of the Russian Armed Forces, General Valery Gerasimov. At the same time, he denied that Russia had been behind the cyber operations against the US. This is essentially a cyber world “cat and mouse game”, that is being used to reach the desired results in information influence operations. The attacks on FireEye demonstrate how cyber companies are becoming an interesting target. It is particularly worrying, that the attack tools developed over the years by white-hat hackers may have fallen into the wrong hands. This reminds us that no one is safe. The long-predicted storm and increase in the volume of attacks on healthcare providers has been a special corona phenomenon, as the importance of healthcare as a supercritical target has only been further emphasised. Adherence to the hybrid principle in ransomware attacks was also an ingenious new innovation, blackmailing money from companies and organisations, but CYBERWATCH
FINLAND
|
3
