Let's do better

Has the time really come when we no longer are capable to keep our own “digital house in order”, figuratively speaking?  Are Swedish businesses and organizations in need of constant aid when it comes to keeping safe?

Sweden has long been perceived to be behind when it comes to IT security, and now the state is proposing to offer help on that area. But really - can and should Swedish businesses and organizations not do better? Both public and private organizations, must take own responsibility and be prepared to withstand cyberattacks without it affecting day to day business. Can we really put all our faith in others to keep us safe online?

"But really - can and should Swedish businesses and organizations not do better?"

Trust issues

The cost for a security breach may be high. Who are you willing to put your trust in, and can we trust others to keep us safe? Finansinspektionen (FI) - Sweden's financial supervisory authority - suggests among other things, that we should put our trust in them when it comes to valuable information.

When it comes to data the constant flow is enormous, a never-ending source of information. This information is valuable – some less, some more. Your personal files, the quarterly report you’ve worked so hard on for the last couple of weeks, or the customer register that affects all your clients. Some data may be irreplaceable, some information may even be harmful in the wrong hands, and in the hands of a hacker it all has a price.

"The state must help"

FI's director general, Erik Thedéen, states that companies today indeed have a great deal of personal responsibility for ensuring that their IT systems have sufficient resilience. Ultimately though this is about Sweden's security, and at that point the state must help, according to Thedéen. FI’s are proposing a number of actions to increase resilience to cyber attacks in the Swedish financial sector:

• One of FI's proposals to aid in protection against cyber threats are increased FI supervision in the cyber area, both with a more extensive and more frequent review of financial companies. Supervision should be broadened and not only include large and medium-sized banks, but also other types of financial companies - for example larger insurance companies.
• FI also believes that FRA - the National Defence Radio Establishment and Swedish national authority for Signals Intelligence - should provide support to increase cyber security in the financial companies.
• The Swedish Government Offices should establish a special cyber security council, to help create an overall picture of cyber threats against Swedish society and also work as a foundation for joint management of the handling of cyber security issues. They also insist that the plans for the Swedish National Cyber Security Center are speeded up.
• Last but not least FI states that a cyberattack on the Bank ID service may have serious consequences. According to FI’s report the state's supervision of Bank IDs should therefor be greatly strengthened and should actually be put under state supervision - or replaced by a state equivalent.

"Some data may be irreplaceable, some information may even be harmful in the wrong hands, and in the hands of a hacker it all has a price."

No escaping responsibility

When it comes to the matter of IT security the state should provide help, but we can never be blind to the fact that both public and private organizations, of all shapes and sizes, have a responsibility to be prepared to withstand cyberattacks without it affecting the continuity of important IT systems. The threat is real, now more than ever, so let’s do better!

The Swedish Finansinspektionen report is available for reading here: https://www.fi.se/sv/publicerat/rapporter/rapporter/2022/forstarkt-digital-motstandskraft-hos-foretag-i-den-finansiella-sektorn/