According to the Estonian Information System Authority, in recent years, the country’s companies have incurred losses exceeding more than €1 million annually due to cybercrime; to tackle the issue, the authority has launched an information campaign to increase the safety of the Estonian business environment and cyberspace.
“However, the damages reported to the Information System Authority only constitute the tip of the iceberg. In order to better protect local businesses, it is important to raise awareness of cyber threats and offer effective security measures for companies,” the authority said.
Nowadays, all business is conducted over the internet. In Estonia, there are approximately 170,000 companies with up to 50 employees. Most of them are micro-enterprises, with only one board member listed as an employee.
According to Tõnu Tammer, the executive director of computer emergency response at the authority, the maintenance of IT sustainability is one of the core facets of effective business operation.
“Modern cyberattacks disable servers or computers, thereby paralysing the functioning of entire companies. Although pen and paper offers an alternative mode of working, we still need data and thus, pens and paper are of little help. It is also not a particularly practical option and it will definitely not compensate for the damage incurred,” Tammer said in a statement.
Small and medium-sized companies ignore the issue
Despite the urgency of the problem, there are still many entrepreneurs who have not given it any consideration or taken any steps to minimise the risk of cyberattacks. The problem is particularly acute for small and medium-sized enterprises. Statistical figures indicate that the smaller the company, the less attention it pays to cyber security.
“It is completely natural that their primary focus is on keeping the business running, but cyber security should not be overlooked in the process. Otherwise, the cybercriminals will have a field day. First, they will assess how easy it is would be to access the information system of a particular company they have decided to target, and once the ball starts rolling, it creates a snowball effect,” he added.
In 2019, the types of cyber incidents that caused the most financial damage to Estonian companies were the CEO Fraud Scheme, obtaining illegal access to company e-mail accounts, and financial fraud resulting from inbox monitoring.
“The CEO Fraud Schemes entails short and concise emails sent under the name of the CEO to the company’s accountant with a request for a quick transfer money to an unknown account. In the second case, the cybercriminals target and hijack business-to-business conversations on monetary transactions, and surreptitiously change the bank account details on invoices,” Tammer noted.
In addition, Estonian companies have also suffered significant losses due to ransomware attacks, where cybercriminals encrypt the contents of a device and demand money for decryption. Although hundreds of Estonian businesses have fallen victim to such attacks, a large number of companies have not implemented any security measures to protect themselves.
“Most Estonian companies do not even have internal cyber security rules or procedures that would minimise the frequency of such cyber incidents and their negative impact,” Tammer asserted.
Although cyber awareness has been gradually increasing among Estonian companies, there is still room for improvement. According to the authority, people must also bear in mind that cybercriminals are always striving to get ahead of their victims, which is why they are constantly seeking new ways to ambush entrepreneurs.
An information campaign to increase the safety of the business environment
“CEOs must be aware of those risks and how to identify the most common cyberattacks in order to protect their employees, assets and reputation. However, even that is not always enough, because companies that actively invest in their cyber security may also suffer damages due to the ignorance of their business partners,” Tammer pointed out. Cyber criminals do not really care about the size of the company or their area of activity, they are primarily interested in monetising the information procured.
To help local businesses counter these threats, the Estonian Information System Authority has launched an information campaign targeting small and medium-sized enterprises and focusing on the types of cyber incidents that have incurred the most financial damage to companies in recent years.
“Our campaign aims to increase the safety of the Estonian business environment and cyberspace. Raising awareness about cyber threats will help foster better understanding among entrepreneurs about their own role and responsibilities in avoiding major losses that can be secured with a few clicks or a modest investment,” Tammer said. In Estonia, cybercrime-related losses commonly amount to a couple of thousand euros; in 2020, the largest amount lost in a single incident exceeded €100,000.
The Estonian Information System Authority coordinates the development and administration of information systems ensuring the interoperability of the state’s information system, organises activities related to information security and handles security incidents in Estonian computer networks.
The cover image is illustrative. Photo by Markus Spiske/Unsplash.