A summer of disruptions from a cybersecurity perspective. July, the most important holiday month for Finns, is nearing its end as this blog is being written. I couldn’t help but follow world events and also how we IT professionals have once again been called back from our holidays. In my opinion, it has been a real summer of disruptions – in terms of cybersecurity, what do you think?
The ‘Mass Strike’ of Critical Servers – More Familiarly Known as ‘Crowdstrike’
A true summer of disruptions from a cybersecurity perspective. In July, Crowdstrike, a well-known cybersecurity company, released a security update that caused unexpected problems for many users. The update was intended to improve system protection against new threats, but it also brought challenges. After the update, a large number of significant global companies reported technical challenges, with critical servers crashing into a bluescreen state, and even air traffic at some airports worldwide being brought to its knees.
The incident highlighted how dependent we are on information technology today. Microsoft also initially received blame for this. In Finland, we perhaps got off with a scare to some extent; globally, it might not have been as good. Nevertheless, I heard that even in Finland, some machine users had their business operations halted for an entire workday while waiting for a fix, and one professional was called from their holiday by phone to help, as the entire server environment was more or less down.
But what did I, as a Microsoft technologies professional, pay attention to? I started to ponder how cybersecurity software is mostly almost always an additional third-party implemented software, for which compatibility is not always guaranteed. I also pondered the segmentation of update releases into waves; is this even possible for all cybersecurity software? Microsoft’s own security is already a built-in feature in Windows operating systems, and its updates and virus definition updates can be rolled out in waves, especially for server environments, using update management solutions. However, in the planning of continuity and fault tolerance, there are several other areas to consider for critical services. So, where should one look for the cause?
Hybrid Influence and Critical Infrastructure?
As the war in Ukraine progresses, hybrid influence has also increased here in Finland. Newspapers have reported attempted breaches targeting water supply, and a mobile phone mast in Janakkala recently fell due to an external and as yet unknown party. Our society’s information systems are also continuously subjected to cyber threats and attempts to disrupt services. The message in the media has been: “It’s advisable to get used to the situation next to our unstable eastern neighbor.” The global situation seems bleak, so what can we do ourselves?
In my opinion, all companies should now take cybersecurity seriously. It is important to prepare for the fact that the situation will certainly not ease in the coming years; instead, attempts at influence are likely to only increase. Cybersecurity should be considered an increasingly important part of companies’ core strategic work. As individuals, we must strive to increase our knowledge of cybersecurity and endeavor to follow guidelines. At the same time, it is important to remember that we are only human, and mistakes sometimes happen. However, when mistakes occur, one should not hide, but rather raise a hand immediately as a sign of the error – so that corrective actions can begin. All of us humans are the biggest threat to cybersecurity due to our skill gaps. So let’s try to be vigilant and do our best.
AI Assistance for Cybersecurity?
Artificial intelligence is currently developing at a tremendous pace. The most enthusiastic companies and individuals have already harnessed AI solutions to support their work, leading the way. Many are already predicting AI to be the next bubble in the IT sector. However, we are on the verge of something entirely new. AI is revolutionizing how things are done, and at the same time, criminals are also utilizing it very effectively, falsifying images and audio, and creating increasingly realistic attacks.
The eternal race is real, as AI is also being harnessed for cybersecurity from another direction. Cybersecurity professionals are now also identifying threats and attacks more effectively. AI assistance can now help cybersecurity professionals and quickly interpret from a large mass of data in minutes what previously took hours to analyze manually. However, IT management professionals are still needed; personally, I believe AI will only increase the need for expertise – work will certainly change, but it always has. The future looks interesting!
EU Guidance on Corporate Cybersecurity
As autumn approaches, we await information and guidelines from the Finnish government on how the new NIS2 EU Directive, which governs cybersecurity, will be implemented within the framework of Finnish law. No major national changes to the original EU regulation are likely, as the transition period ends in October. In this world, I see this as a purely positive development, as it is good that large companies, in particular, are finally being pressured to genuinely take control of their cybersecurity, beyond just installing basic antivirus software. And somehow, I can already see what’s coming: I predict that these same regulations and requirements will gradually start to trickle down to all smaller organizations as well, if they haven’t already become subject to the regulations as part of a supply chain.
We at Above IT have also had to align ourselves and our operations with the requirements of this fresh cybersecurity framework during the summer. As an IT company, we are, after all, obliged to comply with these demands. At the same time, we have already taken the first steps towards ISO27001 requirements, which will be our next major undertaking.
What Does the Future of Cybersecurity Look Like?
This is certainly a question that concerns all of you, our customers – IT management decision-makers. And why not, as we are living through exciting times with all their disruptions. Would you be interested in hearing what will happen in the market?
On October 3rd, starting at 3 PM, we are organizing an Afterwork event, to which all IT management decision-makers are welcome to network. Industry influencers will be speaking at the event, and you can also hear case examples related to cybersecurity development, as well as AI and its data protection requirements. And I promise you won’t have to go home on an empty stomach. Spaces are limited, so register now to attend!
Above IT is a partner and resource for IT administrations. As our client, you gain genuine expertise in information security and data protection development, along with support and security amidst global challenges! If you wish to elevate your IT with us, please contact us by clicking the link below!