Information security now!
Cyber attacks against municipalities have increased, in response to which we remind readers about the importance of the information security of municipalities this week. We also acknowledge the upcoming European Parliament election and provide tips on how to take care of information security during election campaigning.
Topics covered in this week’s review
- Cyber attacks against municipalities have increased
- Cyber hygiene policies provide the foundation for an organisation’s cyber security
- Take care of information security during election campaigning as well
- Jussi Eronen’s column: Online crime is becoming increasingly mundane because attacks and scams are not taken seriously
- 3 challenges, 70 hackers, 25 hours – information security of local 5G networks tested at hacking event
Cyber attacks against municipalities have increased
Finnish municipalities have been targeted by several cyber attacks lately. Cyber security incidents can paralyse services, with severe cases even having the potential to endanger municipalities’ and users’ sensitive data. The correct and sufficient scaling of cyber security resources and expertise is always the responsibility of management.
Information security seminar organised for municipalities to improve situational awareness
On 22 May, Traficom’s NCSC-FI in collaboration with the Ministry of Finance, the Digital and Population Data Services Agency, the National Emergency Supply Agency and the Association of Finnish Local and Regional Authorities organised a seminar aimed at the management and information security specialists of municipalities and cities entitled ‘Kuntien tietoturva 2024’ (‘Information Security of Municipalities 2024’). The event was attended by over 350 people online and on-site. Topics covered at the event included the threat level and current state of cyber security, the progress of Finland’s cyber security strategy and different ways in which municipalities can develop their cyber security.
Central government supports the development of municipalities’ cyber security
Municipalities have been a central focus in public sector service development in recent years. The NCSC-FI, the Digital and Population Data Services Agency, the National Emergency Supply Agency, the Association of Finnish Local and Regional Authorities and the Ministry of Finance support municipalities in various ways. The NCSC-FI provides municipalities with access to many free-of-charge services, such as HYÖKY (page in Finnish) (External link), Kybermittari , exercises (External link)and the HAVARO service pilot (External link). Municipalities are encouraged to make use of these central government services and engage in networking, as active information exchange benefits everyone.
The NCSC-FI provides help for responding to security incidents
Municipalities should not hesitate to contact the NCSC-FI in the event of an information security incident. The NCSC-FI provides municipalities with support for first response procedures, helps limit impacts and communicates with potential victims. We can also provide municipalities with support and instructions regarding follow-up measures and communications.
Cyber hygiene policies provide the foundation for an organisation’s cyber security
With the help of the cyber hygiene policies presented in the NIS2 Directive, any organisation can get started with cyber security management. The baseline set of information security practices includes both administrative and technical measures that ensure the security of systems, software and services. Key policies include training staff, identifying the most critical assets and regularly updating systems.
The scope of application of the NIS2 Directive includes a wide variety of organisations, which is why the aim has been to list only the most important measures for ensuring cyber security. The presented policies are especially well suited to smaller operators and organisations whose operations are less dependent on communications networks and information systems.
Read more (in Finnish): Mitä NIS2-direktiivissä esitetyt kyberhygieniakäytännöt ovat? (‘What ar (External link)e the cyber hygiene policies presented in the NIS2 Directive?’) (External link)
Take care of information security during election campaigning as well
In Finland, the election day of the 2024 European Parliament election is Sunday 9 June 2024, in the run-up to which campaigning will only intensify. Preparations for the election are based on long-term cooperation between various operators, thanks to which the Finnish election systems is stable and secure. That being said, political parties and candidates should still pay attention to their own information security ahead of the election.
To this end we have compiled a list of instructions on how to protect user accounts, defend against data breaches and identify information influence activities, among other things. The presented methods are also ideal for ensuring everyday information security.
Read more about cyber secure election campaigning (in Finnish)
Jussi Eronen’s column: Online crime is becoming increasingly mundane because attacks and scams are not taken seriously
The information security columns of Jussi Eronen, who works as a chief adviser at the NCSC-FI, are now being published on the website of the Finnish public service media company Yle. Jussi Eronen has extensive experience and expertise in cyber security, and the purpose of his columns is to explore topics and phenomena related to information technology and cyber security in an easy-to-understand manner. The budding columnist’s first column was published on 22 May and examines the increasing mundanity of online crime.
3 challenges, 70 hackers, 25 hours – information security of local 5G networks tested at hacking event
The Hack the Networks event organised by Traficom and the National Emergency Supply Agency brought approximately 70 hackers to Otaniemi, Helsinki, to test the information security of local 5G networks. The challenge partners of the event were PwC, Aalto University, Fortum, Digita, Nokia and Ericsson.
The event provided hackers with access to systems that they would otherwise be unable to access and device manufacturers and authorities with valuable information that will facilitate more secure deployment of 5G technology.
(External link)Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
FOLLOW THESE INSTRUCTIONS IF YOU HAVE BEEN SCAMMED:
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or gotten hold of your payment card information.
- File a police report. You can file a police report online. (External link)
- You can also report the incident to the NCSC-FI. (External link)
Learn how to detect and protect yourself against online scams
- The most common types of online scams
- Advice to help you protect your accounts (External link)
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 17–23 May 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.