The End of Cyber Innocence
1 Aug 2017 | Tommi RasilaYears ago in Finland people used to put a broom in front of their door, so passers-by knew that there is no-one home. Hence they shouldn’t waste their time looking for someone inside. There were no locks as these would have been expensive, and there was little to steal in most houses. And even if there was, the thief would have been caught soon, due to everything being easily identifiable before the age of mass production.
Many of us still carry the values of that time. What is owned by another person, is his/her property, and doesn’t need to be put behind a lock. So every time a toy is stolen from ones backyard or a phone that was accidentally left in a restaurant isn’t there anymore the next day, people are surprised. Our world has changed too: a thief takes what is loosely attached, and a more dedicated thief takes also that what is tightly attached.
The same goes for cybersecurity. In Finland as well as other parts of the world, we have traditionally trusted that information or systems that seem to have no monetary value are safe from criminals. Only tabloids would care about medical records, and they would only care about the records of celebrities. Control systems of power plants and traffic lights do not interest anyone. Except that they do, now.
Medical records can be sold, them coming publicly available would be a scandal, and their destruction would be a disaster - and the people delivering ransomware know this. Power plants or traffic lights can be used as a part of a hybrid operation, or they can be used in a botnet – the biggest known DDoS attack of 2016 was executed using millions of IoT-devices like security cameras, lamps and thermostats.
Some attackers don’t even want to gain anything, they just want to cause harm. Even in the physical world you protect yourself and your property from thieves, spies and vandals in different ways. You should do the same in the cyberworld: Stuxnet was an attack by governments to harm Iran’s nuclear program, while hacktivists may want to harm companies they see as enemies. Sadly, a very common type of attack is ransomware, which harms your files, unless you pay the ransom: A criminal doesn’t care about your lost files, just the lost ransom.
In our hands, we have the end of innocence in cybersecurity. Nowadays every door in the countryside has a lock. Similarly, we should properly secure every part of our computer systems that someone can get their hands on. When I say properly secure, I mean that we must think what are the ways someone could attack the system and also the ways someone could gain from attacking the system, and use this information to properly secure our systems. We cannot isolate our systems, and even if we could, it wouldn’t work: also systems that are isolated from the internet are successfully attacked regularly.
We still hold trust to a high regard in Finland, and that can help us turn threats to opportunities. Finland is one of the most non-corrupted, politically stable, transparent countries, with a high quality of life. Our cyber security laws don’t require companies to build backdoors to their products, and my appreciation of Finland as a constitutional state grows the more I follow current events around the world.
We trust, and we are trusted. Let’s put this trust to our products, and make sure that Finnish products are secure. A “made in Finland” mark in an elevator, machine or a cybersecurity program should be a sign, like a broom in front of a door: Do not bother, there is nothing for you inside.
Endpoint Data Protection Software by Jetico
Jetico provides pure and simple data protection software for National Security, Compliance and Personal Privacy. Trusted for over 10 years by the U.S. Department of Defense, Jetico's BCWipe can wipe free space and securely erase files beyond forensic recovery such as in response to classified data spills, while BCWipe Total WipeOut can erase hard drive data entirely such as for disposal or decommission. To protect stored data, Jetico's BestCrypt Container Encryption delivers encryption for selected files or folders, while BestCrypt Volume Encryption offers data encryption software for whole disks. Jetico Enterprise Editions include central management for client software control.
Tommi Rasila, Jetico Founder and Chairman, is a serial entrepreneur and board professional, who established his first company in the age of 17. During the past decades he has actively participated in several companies as a founder, owner, board member or advisor. One of the companies was digital home theater equipment company Sample Rate Systems established in 1993, which was sold in May 2000 to the world's second largest electronics manufacturing services company Flextronics International (Nasdaq: FLEX). He defended his dissertation on growth venturing in Tampere University of Technology in 2004. After this he served eight years as the CEO of Tampere Chamber of Commerce followed by two years as the Deputy CEO of Finland Chamber of Commerce.