The European Union (EU) needs to take a stronger stance on cybersecurity, both to combat the growing wave of cybercrime and to face the threat of an immediate destabilizing attack. from Russia, according to senior executives at WithSecure.
The enterprise security company, formed from the separation of F-Secure’s consumer and enterprise businesses earlier this year, is hosting the inaugural Sphere conference in Helsinki, a block from St Petersburg, home of the General. Russian President Vladimir Putin 300 km.
Speaking at the opening of today’s event (June 1, 2022), WithSecure president and CEO, Juhani Hintikka, said: “Finland does not often appear in international headlines. That changed when Russia invaded Ukraine and the European security landscape changed overnight.
Russia’s attack on Ukraine involved repeated attempts to hijack the country’s vital national infrastructure but was not accompanied by a series of cyberattacks on other countries as expected. . However, tensions between Russia and Finland, and neighboring Sweden, skyrocketed after both applied to join NATO.
This means that “Finland and Sweden are definitely becoming more interesting targets for hacking groups with ties to Russia,” Hintikka said.
However, it is too late for the disinformation efforts Moscow specializes in to deflect the shift to Nato, he added. “What is more worrisome, however, is that further cyberattacks by the Russian government, directly or by state-sponsored groups, as a retaliation against the decision to join Nato could happen. In addition, cyber espionage attacks are also a possible scenario.”
WithSecure’s director of research, Mikko Hypponen, said that while it appears Russia did not conduct a successful cyberattack on Ukraine, this is largely due to Ukraine’s defense efforts, which are supported by Western partners such as Google and Microsoft.
Intelligence shows that the level of offensive operations against Ukraine has actually tripled from a year ago, he said. And there have been some obvious successes for Russia, including crippling its border control systems in the early days of the war with a wiper attack.
Finland’s long history of civil defense, contingency planning, military capabilities and understanding of Russia will make it a valuable partner for Nato, Hintikka said. This is supported by a strong tradition of public-private partnerships, including on cyber issues, he added.
But the EU also needs to play a stronger role in cyber affairs, Mr. Hypponen said. “It is not only technology as such, but technology standards also become important. If the EU does not set its own standards, the EU will be forced to adopt standards set forth by other countries”. And suppliers need to be held accountable for the products they produce, he added, especially when it comes to the Internet of Things (IoT).
Hintikka said that while the default setting for cyberspace may be American, for its tech sector, China is also waiting. He pointed out that it has been represented on technology bodies in Europe.
“Geopolitically speaking, technology is not neutral. Europe must stand its ground,” he added.
Hypponen said that although the information is collected by EU governments and the EU has agencies like Enisa, “the level of cooperation in the US is still far away”. As a result, he said, data sharing was “lagging”.
Away from geopolitics, the current situation makes it harder to fight ransomware gangs, said Christine Bejerasco, CTO of WithSecure. One of the most effective ways to tackle ransomware is to cut off those at the top, as industry and authorities have managed with an earlier wave of exploit kits, she said.
“But this requires cooperation across geopolitical borders. And the challenge with today’s ransomware threat actors is that the most powerful are in Russia. “The current geopolitical climate makes this type of cross-border cooperation unlikely in the near future,” said Mr. Bejerasco.
However, she adds, perpetrators “love to flaunt their wealth – so at some point, they will travel; and when they travel, international cooperation outside of these national borders can be what helps solve that problem.”
In the meantime, companies and organizations need to make sure they understand their own attack surfaces, have the right tools and processes, and understand their own assets, thus knowing them, said Bejerasco. what to protect.