It is not a question of IF, but WHEN
We were visited by Christian Kyller, GRC Area Lead at Orange Cyberdefense Sweden, one of Europe's leading players in cybersecurity. He shared the picture of the threat landscape and what it means for organisations and authorities in Sweden.
The threat to Swedish companies is far more serious than many realise. This is the opinion of Christian, who works on a daily basis to help organisations meet the cyber threats that are directed at Sweden and Europe.
”If you knew how serious the threat landscape actually is, you probably wouldn't be sitting around waiting for regulatory requirements or for someone to come along and point the finger. Today, many lack the full picture of what threats they actually face, how sophisticated the attackers are and how quickly the situation is changing. And that's where the problem lies, because if you don't know what you're up against, it's hard to prioritise correctly.”, says Christian.
Security is not a luxury, it's business-critical
Security is still seen by too many as an inconvenient cost rather than an investment. Security is pushed to the bottom of the agenda, budgets are cut and the issue is postponed. Until something happens. We need to change that. The defences we need to build can determine whether we can continue to operate or not. This applies to all companies, large and small.
”It's not about IF you get attacked, but when. Security should therefore be a natural part of the business model.”, says Christian.
Sweden: Highly digitalised, but lagging behind on security
According to National Cyber Security Index (NCSI), which measures countries' degree of digitalisation and ability to prevent and manage cyber threats, Sweden is ranked 8th out of 133 countries when it comes to digitalisation. But when it comes to cybersecurity, the picture is different, with Sweden ranking 53rd. In other words, we are good at digitising society, but not as good at protecting it. In addition, Sweden's entry into NATO has put us in a new geopolitical position and made us a more attractive target for state-sponsored threat actors and other antagonists. The gap between our digital maturity and our level of security is therefore something that must be taken seriously.
The opponents are more organised than we think
A common misconception is that cyber attacks come from loosely-knit groups. The reality is different. The threat actors we see today, whether hacktivists, cybercriminals or state-sponsored actors, are as organised as any business. They may even have a support service where the victim can get help to pay a ransom. It's a far cry from the image of a lone hacker in a dark room.
Time to act, now
Christian's message was clear: don't wait. The threat landscape is evolving rapidly, the demands from the outside world are getting tougher, and regulations are increasing. Those who already have security integrated into their operations will be much better equipped, not only against attacks, but also for the demands that will be placed on them.
”Building a safer digital society requires collective responsibility from all authorities and organisations”, says Christian.
It is a message we take with us in our daily work and in what we deliver to our customers.
For us, it's not just about understanding the threat landscape, but helping our customers navigate it. By integrating security As a natural part of the IT delivery we are responsible for, we want to be the partner that ensures that security is not something you think about when it has already gone wrong. This requires that we ourselves constantly keep up to date, follow developments and continuously work to strengthen our own capabilities. It's a job that is never done, and we know that. That's why we take conversations like this one with Christian very seriously, to understand more and to do more.
