When streets are empty and doors to businesses and public activities are closed, virtual doors open. Never before have so many Swedes worked from home at the same time. High school students across Sweden are being taught online, hospital beds are being repurposed to handle the massive influx of patients, and government agencies are urging everyone, whose job allows it, to work from home. This is not only the case in Sweden; the entire world is struggling through this unprecedented situation.
Ana Magazinius works as a strategic research leader in cybersecurity and senior researcher in digital innovation at RISE. One part of her job involves gathering competitive intelligence together with her colleagues and understanding the threats faced by IT systems in Sweden and across the globe.
– “Right now we are seeing an increase in targeted attacks on what we call critical infrastructure,” says Ana. “For example, modern hospitals are highly connected when it comes to everything from X-ray systems to digital referrals and cloud-based medical records. A ransomware attack, which blocks access to an entire system and demands large sums of money to unlock the system, can quickly become catastrophic for an affected business.”
While criminal groups are engaging in attacks for the purpose of making money, there are also ethical hackers that help protect critical sectors and our citizens. An example of this is the covid-19 CTI-League, an association that has grown to 1,500 participants from different countries who work with large companies and authorities to stop attacks and disinformation campaigns.
The same problem is seen across the EU, and a blanket warning was issued some time ago relating to so-called phishing attacks targeting the elderly.
– “All around Europe, the elderly have received calls and emails that ostensibly have something to do with the coronavirus pandemic,” says Ana. “Fraudsters who profess to want to help people with everything from managing their savings to home deliveries of medicine. Although the attacks are not particularly sophisticated, the volume of attacks makes these operations lucrative for the fraudsters.”
Små och medelstora företag är mer utsatta då risken är större att de inte prioriterar skyddsåtgärder
Working from home increases exposure
Owing to the present situation, people around the world are being encouraged to work from home, if possible. Digital tools and platforms have become indispensable in both the business and public sector in order for operations to continue normally. However, this connectivity increases exposure to cyberattacks. Ana nevertheless believes that it is possible to work from home and, above all, to make it difficult for criminals and hackers to attack systems.
– “Large companies and organisations have their own expertly informed IT departments, which continuously improve their systems,” says Ana. “In my experience, small and medium-sized companies are more exposed since they aren't prioritizing protective measures. This is a problematic issue that we would really like to see strengthened by means of knowledge and skills development.”
Tips for more secure work at home
It is, however, not Ana’s intention to spread concern or fear. System providers are determined to protect their systems and, with some basic knowledge and the latest updates, system security can be significantly increased. For everyone working from home right now, Ana offers the following tips and advice:
1. Ensure that your wireless network is secure. Information on how to do so can be found on cert.se as well as other websites.
2. Do not click links in emails and do not open files from unknown senders (look at the email address, not just the name).
3. In particular, emails offering medicines, protective equipment and similar are most certainly phishing attempts – delete them directly.
4. Do not email passwords or other sensitive information to anyone, even if the sender appears to be a trusted person within your organization.
5. Install updates immediately, these are often security related.
6. Use your employer's equipment for work, private equipment in general.
RISE has full-ranging competency within cybersecurity, including both technical and human aspects. We offer expertise within certification of management systems, stadardisation, IoT security, cloud security, software security, safe AI and have good knowledge of how individuals respond to different situations. In our virtual testbed (Cyber Range), both industry and public sector can test systems, find solutions and increase their knowledge. In many aspects, RISE is at the forefront in Europe and we also manage the Swedish Node for Accelerating Cybersecurity Research and Innovation.