The Mitnick formula
The Mitnick formula states that the security is a combination of proper technology, sufficient training and suitable policy.
I think that nowadays it’s important to know about the security threats, different risks and also how to act when they happen.
I’m not so sure about the general situation in Finland, what I can refer is my own experiences and what I have read. Even thought Finland has a high level of knowledge, skills and strong expertise in the IT field there is something still missing.. What I have read from the news and heard is that the level of the security in Finland is not so good as people think it is.
I’m not so sure about the general situation in Finland, what I can refer is my own experiences and what I have read. Even thought Finland has a high level of knowledge, skills and strong expertise in the IT field there is something still missing.. What I have read from the news and heard is that the level of the security in Finland is not so good as people think it is.
For the last year you could have read from the Finnish news that several people have got phishing emails, calls and text messages asking their passwords and other information. My personal risky experience was with one of these calls last year, when I got a call from Microsoft IT support. Here is a link for that: Microsoft IT support fraud.
Before that I wasn’t aware of these kind of calls and also I just had one technical Microsoft problem in my work computer to which I was waiting for a call form our IT department.
It was a sum of coincidences. Luckily I had a bit experience of IT and security and at the time the ”Professional Microsoft IT Technician” started asking my email passwords and bank accounts I got suspicious and ended the call. I have to admit he had done his homework and was truly believable. He explained everything to me very precisely and as simple as possible.
Another "attack" happened to me couple days ago, when I got text message from the ”post office” of Finland and they told that my package is arrived and I should sign some document thought some link…no thanks, I haven’t ordered anything.
It was a sum of coincidences. Luckily I had a bit experience of IT and security and at the time the ”Professional Microsoft IT Technician” started asking my email passwords and bank accounts I got suspicious and ended the call. I have to admit he had done his homework and was truly believable. He explained everything to me very precisely and as simple as possible.
Another "attack" happened to me couple days ago, when I got text message from the ”post office” of Finland and they told that my package is arrived and I should sign some document thought some link…no thanks, I haven’t ordered anything.
What comes to the training part, all the information that I have got is from school mainly and from my previous job. I was working for a IT company for two years and they had an online security training pretty often, they could have been better but at least something.
Most of the trainings usually focused on the main threats and how they occur, I think it would be also important to know how to act and get away safely when it happens.
Recent cases that I found that have happened in Finland are the hacking of psychotherapy center Vastaamo in 2020, where the hackers hijacked and published mental health data of hundreds of patients. Another one was flying company Finnair that was hacked and the frequent flyer data was hacked, it affected around 200,000 members of the Finnair Plus programme. Finnish politicians email accounts were hacked in 2020 too.
Sources:
https://www.foreigner.fi/articulo/national/scandal-over-the-hijack-and-and-publication-of-private-mental-health-data/20201023121903008599.html (published 23.10.2020, accessed 01.04.2021)
https://yle.fi/uutiset/osasto/news/finnair_frequent_flyer_data_hacked/11820715
(published 04.03.2021, accessed 01.04.2021)
https://yle.fi/uutiset/osasto/news/police_finns_lose_1m_to_online_fraudsters_so_far_this_year/11804957 (published 23.02.2021, accessed 01.04.2021)
https://www.bloomberg.com/news/articles/2020-12-28/finnish-politicians-email-accounts-targeted-by-cyber-attack (published 28.12.2020, accessed 01.04.2021)
https://www.kyberturvallisuuskeskus.fi/fi/ (accessed 01.04.2021)
No comments:
Post a Comment