This blog is an English translation of an article published in Børsen Business Review in October , 2023.
Danish Version: Forsvar & Cybersikkerhed by Partnermedier - Issuu
It is more important than ever that Danish companies deal with the threat of cyber-attacks. At Improsec, the message to companies is simple: Take a position, have good cyber hygiene, and ensure that security does not become a paper exercise.
In Denmark, the threat of cyber crime is assessed by the Center for Cybersecurity to currently be at the highest possible level. It is crucial that companies understand the current threat picture, and act accordingly to strengthen their IT security.
The threat landscape is constantly changing, as criminals use new attack surfaces and advanced methods. The geopolitical instability is also reflected here at home and entails new cyber risks that companies must deal with.
A growing trend is that suppliers and hosting companies are increasingly becoming the target of attacks. Cyber criminals can thus hit many companies at once and significantly increase the consequence of the attack, which brings greater pressure on the hosting companies. For small and medium-sized companies, this means that they are easily caught up in the attack. Therefore, companies must make demands on their business partners - and in the future expect an increase in corresponding demands in return.
The new threat picture is being followed up by the EU, which is increasing the requirements for companies' IT security. This applies to both the measures that have already been implemented and NIS2, which is expected in 2024.
"The cyber threat has intensified, and it is important that companies live up to the directives. But they must not only deal with IT security because there is a law. Companies must take responsibility because it is a necessity for survival ," says Martin Kofoed, CEO at Improsec.
Many are worried, and with good reason
For corporate management, the cyber threat is a paradox.
"The cyber threat is the area that often poses the greatest risk to companies today and is also the area where management - the executive board and the board - know the least. It is a dilemma that can be seen when you, as upper management are directly responsible," says Per Silberg Hansen, COO at Improsec.
Anyone can be affected, and both small and large companies are on the hackers' radar. Therefore, IT security must be on the agenda. It is important to emphasize that it does not have to be expensive or difficult to get started - and you can take two concrete steps:
1: Make a decision
As a company manager, you have to take responsibility and work consciously with cyber security, so that the board and management have a clear action plan for IT security and associated protection.
"You can't protect yourself against everything, but you can take a stand and have a dialogue with management and the board about IT security, about how resilient you are, what you can actually accept and what the action plan is if the accident happens," says COO Per Silberg Hansen.
2: Get a handle on basic cyber hygiene
Basic IT security is still just as important, even if attack patterns have become more advanced.
"We often find that companies do not have control over basic IT hygiene, such as strong passwords and two-factor authentication. IT security is like general cleaning. If you only vacuum once a year, you cannot expect clean floors. If basic IT security is not in place, hackers can all too easily find their way in," explains CEO Martin Kofoed.
It is crucial that companies take a position on the threat, take responsibility for good cyber hygiene, and ensure a dialogue in the management, so that security does not become a paper exercise but a strategic priority that can be decisive for the company's license to operate.