Information security now!
This week we will talk about matters such as how physical security is one of the key factors of information security and recommend that you prepare for a transition to quantum-safe encryption algorithms.
Topics covered in this week’s review
The threat is not always online
Cyber security does not only mean identifying and preventing software vulnerabilities and online risk factors. A break into a data centre or office premises can also endanger cyber security. Physical access to hardware enables various threats to cyber security, and you should also prepare for these threats. Cases in which information security has been endangered after a break-in into the data centre of the organisation have been reported to the National Cyber Security Centre Finland (NCSC-FI).
Why do people break into data centres?
There are many reasons, such as vandalism or seeking financial profit through stolen property. When it comes to critical infrastructure, the threats can be more sinister. In the NIS2 Directive, the cyber security risk management is targeted not only at the communications networks and information systems but also their physical environment, taking all risk factors into account.
How can you reduce the risk of a physical break-in?
Improving locks and intensifying monitoring are effective ways of reducing the risk of a physical break-in and its effects. The hardware to be protected should be placed in a locked cabinet suitable for the purpose, which makes it more difficult to steal the hardware and restricts physical access to it. Comprehensive monitoring makes it possible to react quickly, and it also makes investigating the events after the fact easier.
If you have become a victim of a crime, we recommend filing a police report. You can file the report electronically on the website of the police (External link).
New instructions published: Quantum-safe algorithms and transitioning to them
Traficom recommends that organisations should start making preparations for the adoption of quantum-safe algorithms. Classic public key encryption methods are vulnerable against sufficiently powerful quantum computing. This means that data encrypted with these methods can be collected now and decrypted later, when a sufficiently powerful quantum computer becomes available. There are several projects aiming at the standardisation of quantum-safe algorithms to replace the vulnerable methods in progress, and the first standards are expected to be completed this year. We have drawn up instructions on the quantum transition that briefly describes the steps to implement it.
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
FOLLOW THESE INSTRUCTIONS IF YOU HAVE BEEN SCAMMED:
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or gotten hold of your payment card information.
- File a police report. You can file a police report online. (External link)
- You can also report the incident to the NCSC-FI. (External link)
Learn how to detect and protect yourself against online scams
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (NCSC-FI) (reporting period 14–19 June 2024). The purpose of the weekly review is to share information about current cyber phenomena. The weekly review is intended for a wide audience, from cyber security specialists to regular citizens.