Publiceret: 23.08.2017
Af Karen Witt Olsen mail
Cyber attacks are increasingly being carried out by taking advantage of employees who unwittingly give hackers access to the company by clicking on emails or websites that appear reliable.
When specific employees are targeted and lured to click on malicious links or attached files, it is called spear phishing.
And this is one of the weapons hackers increasingly use to spread malware in companies’ IT systems, writes Denmark’s national IT security authority, Center for Cyber Security (CFCS), in its latest annual report.
The Center believes that cyber crime is increasing in scale and complexity and represents a very high cyber threat to authorities, companies and citizens alike.
“The threat from cyber spying and cyber crime against Danish authorities and companies is VERY HIGH. In order words, there is a specific threat. Hence there is capacity, intent, planning and possible execution. Attacks/harmful activity is highly likely,” writes CFCS in the annual report.
See also: DI’s top nine cyber security tips
Buying a system is not enough
Director of the Danish ICT and Electronics Federation Adam Lebech urges companies to be particularly attentive to the human factor when planning cyber defence.
“CFCS’s annual report shows that it is important to not underestimate the human factor when defending ourselves against hackers. We can ensure that systems and processes protect us, but only to a certain degree.”
Adam Lebech emphasises that it is not enough to buy an IT security system and simply lean back and trust that all is well.
“Good cyber security is also about having constant managerial focus on the topic, continuously adjusting to the threat level and educating employees, because the hackers are constantly finding new ways to attack.”
See also: The day cyber criminals locked all files at RTT
Social manipulation of employees
According to CFCS’s annual report, one of the most common attack attempts observed by the internet security service in 2016 was different types of social engineering - for example spear phishing.
Social engineering is a hacker technique in which the victim is manipulated to perform certain actions or to pass on classified information without being aware of it.
That could happen e.g. via emails or websites that look legitimate on the surface but which actually contain malware. Social engineering requires some knowledge of the victim to be effective.
“Hackers often try to manipulate employees into giving them access or activate malware or ransomware. Approximately 2/3 of Danish companies experienced the latter in 2016,” says Director Adam Lebech.
Læs også: Well-organised criminals trick companies out of millions
Expensive when it happens
The fact that cyber crime costs companies dearly was made evident by the attack on Maersk, which started 27 June.
On Wednesday, 16 August, the shipping giant announced - via its interim accounts - that closing port terminals and docking container ships will cost the company a total of between DKK 1.3 - 1.9 billion, primarily in lost revenue in the month of July.
Maersk was hit by the NotPetya virus, which entered the company through a so-called back door in the software MeDoc, which is used to file tax returns in Ukraine. Some of the world’s largest multinational companies, Mondelez, Reckitt Benckiser and WPP were hit at the same time.
FACTS
Center for Cyber Security
Denmark’s national IT security authority and national skill centre for cyber security.
The mission is to strengthen the defence of Denmark’s digital infrastructure and to strengthen Denmark’s ability to counter cyber attacks.
Has published 14 threat assessments, 5 investigative reports and 7 guides in 2016, which are available at www.cfcs.dk.