The changing world needs new and agile methods to improve cyber security – it is easy to boost information security in companies!
Information security now!
It is important that companies identify the material that they need to protect to enable efficient protection. Complex isolated networks are not always as well isolated as you would think. The feasibility study (Toteutettavuustutkimus) conducted by the National Cyber Security Centre Finland successfully tested and developed new, agile and scalable methods for improving these areas.
What is TONTTU?
The words “cybersecurity” and “easy” are rarely found in the same sentence. This is one of the key issues that the feasibility study nicknamed TONTTU by the National Cyber Security Centre Finland of the Finnish Transport and Communications Agency Traficom aimed to change. The ease of doing things is at centre stage when the aim is to improve the overall security of society on a larger scale.
The overwhelming majority of Finnish companies are small or medium-sized. Hundreds or even thousands of them participate in implementing the critical functions of our society. The security solutions aimed at large companies rarely work for smaller companies that do not have special expertise or separate resources for cybersecurity. On the other hand, the schedules of the information security personnel of large companies are full of ongoing projects, which affects the availability of the existing resources.
Regardless of the size of the company, it is likely that the resources are low. People are interested in easy ways to develop cybersecurity. Do such ways exist? This is what the TONTTU project studied together with 11 organisations critical to emergency supply – and the results did not disappoint.
The project showed that the cybersecurity of society’s critical services can be improved with methods that are easy to implement. The organisations themselves felt that the pilot brought them direct and immediate benefits.
The findings of the feasibility study included the following:
- Leaks in isolated information networks were found in nine organisations.
- Potential vulnerabilities were found in seven organisations’ own or their suppliers’ services.
- In two cases, suspicions of exploitation were also related to the vulnerabilities, one of which was confirmed for the working group. The suspected data breaches were not related to the operative networks.
- Data leaks in internet services becoming more common also affected the participants of the project.
- Seven organisations identified victims of data leaks among their personnel. Some of the participants had already identified the victims of a data leak earlier and started to train their personnel regularly to protect themselves and their working environment from the harmful effects of the leaks.