The more we digitalise, the more we depend on the functioning of the ICT-based services and processes we have developed. Unfortunately, all this is threatened by cyber attacks, which are continuously increasing in intensity.
The motivation for cyber attacks can vary considerably. The culprit may simply be trying out his or her skills, or it may involve criminal activity seeking financial gain. Cyber crime has become a business rivalling the drug industry in terms of turnover, but committing it seems much more innocent; little effort is required to cause damages totalling millions of euros just by tapping on a tablet while lying on the sofa. Carrying out cyber crime does not even necessarily require specific technical expertise, because detailed instructions for different kinds of activities can be found online.
The main motive of cyber criminals remains financial gain. However, as society becomes more digitalised, the motivation to influence its ability to function is increasing in a worrying fashion. The aim of possible governmental parties or extreme organisations is to weaken or even paralyse the functioning of society. As society is becoming more and more dependent on electricity, a transmission system operator can be a very attractive target. Thus, cyber security has a central role in the implementation of ICT security.
Digitalisation requires embedded security in devices, systems, architectures and services, but digital security is not pure technology. If cyber security emphasises the securing of ICT activities, which at times is rather technical, an additional dimension is needed from a perspective of the user, be it citizens or personnel in an organisation.
When cyber security is combined with information protection and the protection of privacy, we can talk about digital security. When new digital service packages are developed, we must ensure that digital security is embedded in them. It must not be a separate area. In practice, both cyber and digital security are enablers of digitalisation. Without taking them into account, an organisation cannot control the overall threats and risks; in such a case, the organisation not only endangers its own operations and information and those of its customers and stakeholders, but also its own future.
Kari Suominen
Chief Information Officer, Fingrid