So how exactly is Finland responding to cyber threats? What lessons can other countries and businesses learn from these events? And how can organizations implement these actions? So can it be applied? Read on to find out.
Finland and its cybersecurity track record
Reboot Digital PR's 2022 study found that Finland's cyber risk score was just 12.6, the lowest in the world. This is in stark contrast to countries like the United States, which scored an alarming 62.4 on cybersecurity.
Finland received a high score because it had fewer phishing sites, with only 11 compromised computers per 100,000 users. However, despite this impressive score, the country is still subject to some notable data breaches.
Some of these will lead to major changes in the way companies around the world view cybersecurity. Below are some of the data breaches we can learn from.
1. Data breach regarding Finnish health services
One of the most significant data breaches in Finland was against a healthcare facility. In 2020, hackers seized sensitive data from psychotherapy service Vastaamo. More than 25 centers were affected, with personal medical records and therapist records compromised.
It is estimated that more than 30,000 people have received extortion threats from hackers. They demanded payment by threatening to leak sensitive files to the dark web.
How did this massive data breach happen? Our investigation revealed that Vastaamo did not encrypt or anonymize sensitive patient data. Additionally, security measures were “wholly inadequate.” To make matters worse, hackers were accessing patient records in 2018. The security flaw existed for six months until it was patched.
2. Cyber attack on Finnish communications
As the only commercial news agency, STT is an integral part of Finnish media. But in 2022, a distributed denial of service attack (DDoS) forced government agencies to take down some servers.
The attack resulted in the station's news and image distribution being restricted for several days. A report has been submitted to the Data Protection Ombudsman due to a potential data breach of sensitive information.
In response to this breach, STT shared a memo with other news organizations across Europe. This allowed us to strengthen our preparedness against similar cyber-attacks carried out against news organizations.
3. Cyber attack on the Finnish banking sector
With over 180 banks and 2 million customers, OP Financial Group is one of Finland's largest financial organizations. It was, and continues to be, a prime target for hackers.
In 2021, there were two major cyber attacks. The first attack involved a DDoS attack against a bank's login service, which had to be put into maintenance state. Thankfully, the bank restored service within a few hours later that day.
However, later that week, phishing messages were sent to customers pretending to be from the bank. The message contained a malicious link that, when clicked, could deceive the customer.
Despite thwarting these attacks, this incident leaves OP Financial Group vulnerable to future attacks. His CISO at OP Financial Group recently admitted that in 2023 he saw a 200% increase in DDoS attacks compared to 2022.
4. Cyber attack on the Finnish parliament
In 2022, the Finnish parliament became the victim of a DDoS cyberattack, bringing cybersecurity issues to the public's attention.The attack occurred during a speech by the President of Ukraine Volodymyr Zelensky.
The attack slowed down websites that publish the president's speeches or made them inaccessible to users. Although no data was seized in the attack, it caused widespread embarrassment and panic for the government.
The attack is believed to have been motivated by Russia's invasion of Ukraine and Finland's bid to join NATO.
5. Finnish Air Travel Data Breach
In 2021, the basic information of more than 200,000 customers of national airline Finnair was compromised. This was done by hacking the airline's service company, which handles mileage information.
Information seized included customer names, numbers, seating, and meal requests. No financial information was stolen, but customers were still asked to change their account passwords.
Other airlines affected by the breach include United Airlines and Malaysia Airlines. This breach highlighted the importance of scrutinizing supply chain services for data compliance.
What can we learn from Finland's response to cyber breaches?
Despite being hit by serious cyber-attacks, there is much we can learn from Finland. Below are some strategies you can use to strengthen your cybersecurity.
1. Use encryption software
One reason the Vastaamo data breach was so significant is that sensitive patient information became an easy target for hackers. If the company had used encryption, breaches would have been significantly reduced.
Thankfully, there are many ways to bring encryption into your everyday business. One of the easiest ways is to use a virtual private network (VPN) throughout your enterprise.
What is a VPN? It's a cybersecurity tool that encrypts your internet connection. This protects the data you send and receive and prevents anyone from monitoring your online activity. Employees can use their VPN to access sensitive data such as patient records without compromising integrity or security.
Moreover, premium VPN services do more than just secure your internet connection. They offer dark web monitoring to notify you of compromised personal information and malware detection to prevent downloads of harmful software.
2. Information exchange
The World Economic Forum emphasizes the need for companies to share information about data breaches. This will help improve skills across the industry and ensure cross-country compliance.
This is evident in the case of the Finnish news agency STT. They helped prevent similar attacks by sharing the memo with other news agencies across Europe.
This information sharing is essential to staying one step ahead of opportunistic hackers. Telecom companies must come together, especially since hackers are often politically motivated.
3. Legal development
Another core strength of Finland's cybersecurity is its government. They are constantly enforcing strong laws and improving policies.
Finland's Cyber Security Strategy was created in 2013, revised in 2019, and will be further updated by 2024. This document focuses on cybersecurity in everyday life. It also clearly outlines the responsibilities that authorities must follow.
For many of the data breaches investigated in this article, reporting to the Data Protection Ombudsman ensures that the government is kept up to date on the issue across the country.
The last word
Hackers do not discriminate when launching cyber attacks. They target companies of all sizes and in all countries to get what they want. But by examining the approaches of specific countries, we can learn a lot about how to protect ourselves.
As this article has shown, Finland has faced and overcome many attacks. By standardizing encryption technology and exchanging information, businesses around the world can take similar defenses against growing threats.
HT
