The Finnish Transport and Communications Agency Traficom has stated that attackers have become faster at identifying existing vulnerabilities in systems, and the technologies to conduct cyberattacks continue to evolve. In addition, the existing geopolitical tensions further contribute to cyber threats, targeting various institutions.
If successful, these attacks have direct and possibly dire consequences for citizens, businesses, and societies as a whole.
While the efforts to prevent and counter cyberattacks have worked relatively well in Finland, business and operational continuity and resilience are nevertheless of growing importance. Organizations are faced with a range of cybersecurity challenges calling for solutions.
If successful, these attacks have direct and possibly dire consequences for citizens, businesses, and societies as a whole.
Among others, there is a shortage of skilled cybersecurity professionals, while technological developments enable attackers to use increasingly sophisticated methods.
Furthermore, more traditional challenges, such as a lack of resources and misconceptions about cybersecurity, continue to exist and are often seen as particularly pertinent in many small and medium-sized enterprises (SMEs).
As systems are interconnected to one another, a vulnerability in one system may affect others, increasing the available attack surface for attackers and paving the way to supply chain attacks.
Many SMEs with their products and services form part of digital supply chains, providing, for instance, features or components for a software that other actors in the supply chain rely on. Thus, ensuring that SMEs are properly protected is not just important for the SMEs themselves, but also for many others.
Similarly, solutions in this space not only benefit the SMEs but also a larger group of actors, both directly and indirectly.
While technological developments create new avenues for malicious hackers to attack digital systems, it is worth noting that they can also be used to make systems and organizations more secure.
To illustrate, digitalization not only creates security risks but also allows better security monitoring and facilitates the delivery of security training to employees.
In addition, the development of generative AI offers interesting possibilities for addressing cybersecurity challenges. Among these, we envision a gen AI-based tool that could help SMEs improve their information security.
In essence, the tool would provide assistance for SMEs and other entities in areas such as cybersecurity policy development, threat landscape mapping, incident response, and business continuity.
As systems are interconnected to one another, a vulnerability in one system may affect others.
We see that this kind of tool could offer a cost-efficient approach to enhance cybersecurity, particularly in organisations with more limited resources. In developing the tool, data on relevant issues ranging from incident response plans to actual incidents are required.
This may also act as a barrier for the tool’s development, since companies are occasionally less inclined to disclose this kind of data. Nevertheless, being more open and sharing such data would enable collective learning and preparedness.
It is often noted that among the key actions after a cybersecurity incident is to see what could be learned from it. Having avenues to disclose this kind of information to other organizations would help to spread these learnings and improve the overall state of cybersecurity in an increasingly interconnected society.
At the same time, it could ensure that organizations would not repeat each other’s mistakes, but learn from one another and avoid the associated costs that tend to follow cybersecurity incidents.
