Cyber attacks a growing threat to Swedish business
Much publicised cyber attacks and Russian displeasure at Sweden’s NATO application have brought the issue of cyber security to the fore. In the run-up to this autumn’s elections, several authorities have already noticed increased foreign influence activity. And the threat is growing not only towards the state, but also towards Swedish companies. Many are not well equipped, says cyber security expert and IVA Fellow Anne-Marie Eklund Löwinder.
Cyber security should be a major concern for businesses today. Research shows that SMEs affected by serious cyber incidents are at high risk of going bankrupt within six months.
– “This applies to those who did not have a strategy for dealing with a serious incident or communicating about it. That is what you need – a plan,” says Anne-Marie Eklund Löwinder, one of Sweden’s leading IT and cyber security experts.
Anne-Marie Eklund Löwinder was Security Manager at the Swedish Internet Foundation for almost 20 years and now runs a consultancy business where she helps and trains both public authorities and companies on cyber security. And she has noted an increase in cyber attacks against companies in particular.
– “These days, you should expect to be hacked and act accordingly. It is no longer enough to try to prevent a breach. It will happen sooner or later,” she says.
In December 2021, for example, Volvo Cars had a data breach where research documents were stolen. The security challenge for companies lies not only in their own systems, but also in those they buy from suppliers.
Mature level of digitalisation contributes to vulnerability
Eklund Löwinder believes that what has long been seen as one of Sweden’s strengths – our mature level of digitalisation – is actually contributing to our vulnerability, as our maturity on the security front has not increased at the same pace. The rapid progress towards a digitalised society is highlighted as one of the reasons why Sweden has become a more attractive target for cyber attacks.
– “We digitalise without thinking much about how to do it securely. And sticking our neck out on foreign policy, sending weapons to Ukraine and joining NATO also has an impact,” she continues.
During the autumn elections, several public authorities and voters are expected to become the target of influence and disinformation campaigns. At the same time, Swedish companies also run the risk of being attacked, according to Anne-Marie Eklund Löwinder.
Three concrete tips for companies that want to increase their cyber preparedness
- Educate employees so that they understand what is at stake and what the consequences are if something happens. As a manager, you have to set an example. Raising awareness is important.
- Be careful about who is authorised to do what in the organisation. No one should have authorisation and access to more than is necessary to be able to do their job. This reduces the risks. Also try to introduce multi-factor authentication.
- Make sure systems are updated quickly and efficiently. If you have your own networks, these can also be segmented, giving protection between the different parts. The same advice applies equally to companies and private individuals – for example, about keeping proper backups of everything.
While many companies and authorities are not prepared for cyber attacks, Anne-Marie Eklund Löwinder feels that more people have become aware of the problems. In December 2020, the government decided to establish a national cyber security centre, and this autumn the first students will begin the new Master’s programme in cyber security at KTH. But that is not enough, she says. Things have to move faster.
– “We are very late to the party. We should have started on this a long time ago.”
To speed up progress, she believes that much clearer guidelines are needed from the government – at least when it comes to public authorities. She thinks that we are too timid and cautious in Sweden. As an example, she mentions that Norway will soon introduce a law requiring that all state authorities have a certain level of encryption for emails. She believes that we also need to get to this point. Making everything voluntary doesn’t seem to be working.
– “We also need to train more people in this field. There is endless demand for many more people to work in cyber security, and the labour market for this type of expertise will remain strong for a long time to come. Cyber threats are not going away, but hopefully we will learn more about them and how to prevent them. All it needs is a bit more urgency and determination.”
About Anne-Marie Eklund Löwinder
Anne-Marie Eklund Löwinder studied systems science at Stockholm University. She has worked at the Swedish Agency for Public Management, been a member of the Secretariat of the Fourth IT Commission, and was Security Manager at the Swedish Internet Foundation from 2001–2021.
Anne-Marie Eklund Löwinder is the first Swede to be inducted into the Internet Hall of Fame, for her role in making Sweden the first country to introduce secure DNS for .se in 2005. She became a member of the government’s Digitalisation Council in 2019 and sits on the boards of the Swedish Defence Materiel Administration, the Swedish Tax Agency, the Swedish Transport Administration, .IE and the Swedish Law and Informatics Research Institute at Stockholm University.
Eklund Löwinder has been a Fellow of IVA since 2015, and is a member of the Steering Committee for the IVA project Cyber Security for Increased Competitiveness.