Moreover, the energy, healthcare, and retail sectors are significantly more vulnerable to cyber-attacks. In recent years, KPMG has noticed a similar growing trend in Estonia and Scandinavia, where non-IT-oriented sectors often lag considerably behind in cyber security matters.
Unfortunately, no one can afford such shortcomings any longer, as most attacks are financially motivated. For ransomware attackers, a company’s assets, such as manufacturing equipment, intellectual property or medical devices, are as lucrative a target as disrupting an online environment or encrypting data assets.
Moreover, there is a rising and heightened interest in the energy and health sectors among state-sponsored attackers. Examples include ransomware attacks against Universal Health Services, the largest hospital network in the United States, and similar incidents in Estonia. The latter have come to public attention through the Estonian Information Systems Authority and other sources and point to numerous attacks on Estonia’s energy and healthcare sectors.
It must be noted that all companies have data that are potentially of great interest to attackers, although the company itself may not be aware of it. The main targets for attackers are personalised customer and employee data, intellectual property and anonymised customer data.
The purpose of data capture is usually to sell it on the black market or to cross-correlate it with other data, which adds value to the captured dataset. Data breaches pose a wide range of risks for companies. On the one hand, they face reputational damage and potential loss of trust. On the other hand, there are potentially considerable financial penalties resulting from both national regulations and the GDPR, for example.
Companies should certainly pay attention to risks entailed in cloud services and overly complex security systems. Implementing new solutions or over-complicated systems may pose a threat instead of the desired additional security. Risks are particularly high if such solutions are not supported by adequate cyber security knowledge and skills.
For most companies, having all required capabilities in-house would be rather difficult and unreasonably expensive, especially when a company operates mainly in the manufacturing, energy, healthcare or another sector that is not closely related to the IT sector and when it does not operate globally. A practical solution here would be to look for a reliable service provider who can offer a world-class service.
With a trusted partner, it is possible to respond quickly to incidents that have already occurred and improve cyber security by means of red-team testing, which simulates real attacks to help identify a company’s or organisation’s IT vulnerabilities.
Even though COVID-19 does not spread in cyberspace, it does have a significant impact on companies’ IT situation today and will continue to have an effect in the future. Most companies agree that creating a capacity for remote work is a risk for them. As a result of setting up remote working arrangements, the time it takes to detect a data breach will likely lengthen in the coming years, and losses associated with data breaches will likely increase.
Companies that can get secure solutions and working arrangements in place now will have a significant competitive advantage in the future. Certainly, COVID-19 has also increased the vulnerability of many small retailers, as many online stores were launched quickly to survive the emergency situation.
Ultimately, the responsibility for the customer data collected through an online store remains with the merchant, be it a large regional chain or a single boutique.
Head of Cyber Security
+372 521 4332
The line blurring between work and spare time, and the widespread use of remote work mean that peo..
It is a volatile time for economy, which always leads to businesses being purchased and sold. For ..
It is no longer a question of if cyber incidents take place, but when they will take place. Based ..
Mihkel Kukk, Head of Cyber Security Services at KPMG, notes that, although great importance is att..
"Not dealing with information security should not be seen as an IT risk, but rather as a strategic..
Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..
Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.