Weekly review of the National Cyber Security Centre Finland (NCSC-FI) - 11/2025

NCSC-FI's annual review published

Cyber security in 2024 summarises the most significant cybersecurity events and developments of the past year. Based on our observations, we also look ahead to the future.

In 2024, cyber security made headlines due to incidents such as the data breach affecting the City of Helsinki, damage to undersea cables in the Gulf of Finland and the Baltic Sea, as well as cyberattacks targeting various organisations, including data breaches and denial-of-service attacks.

Phishing and fraud attempts continue to pose a significant threat to both organisations and individuals. While the number of attempted data breaches is on the rise, the number of successful breaches has slightly declined.

Statistics indicate that the overall cyber security situation has remained stable. However, given the increasingly tense international security environment, preparedness for large-scale disruptions has become more critical than ever.

Rising threat levels, a shortage of skilled professionals, risks caused by technical debt, and the evolving methods of cyberattacks will continue to present challenges in the future. Additionally, increasing regulatory requirements will make these issues relevant to an even broader range of organisations.

Explore the ‘Cyber security in 2024’ online publication (External link) (in Finnish)

Illustrated handbook on cyber security

In addition to the annual review, we recommend exploring our latest publication, Cyber security in Finland, a concise, illustrated handbook on current cyber security trends. This publication delves into key cyber security phenomena, challenges, and solutions, helping us build a safer digital future together. The visual elements of the handbook illustrate complex and technical issues, making it easier to grasp their scale and significance.

Cyber security in Finland (in Finnish) (External link)

When was the last time you reviewed your organisation’s Microsoft 365 Entra ID settings?

Microsoft continuously updates its cloud services, including security features and other functionalities. It is important to stay informed about these updates to understand when and how they will affect your Entra ID (formerly Azure Active Directory) and Microsoft 365 subscription. Entra ID settings should be reviewed at least every six months under the Entra ID settings of your Microsoft 365 subscription, unless your organisation continuously monitors Microsoft 365 updates.

It is worth noting that new features are often enabled by default with relatively low security settings. Therefore, it is the responsibility of Entra ID and Microsoft 365 administrators to ensure that service settings comply with the organisation’s security policies.

We have published instructions covering directory and user management settings in Entra ID. 

Read the instructions here: Entra ID settings updates – when was the last time you reviewed your Microsoft 365 Entra ID settings? (in Finnish)

February’s Cyber Weather report published

CEO fraud scams, M365 account takeovers, and phishing attempts impersonating authorities continued in February. The quality of scams has improved, becoming more targeted than before. As Finns have a high level of trust in public authorities, malicious actors seek to exploit this trust.

On a positive note, the number of malware reports remained moderate, and network performance was stable. In the long-term analysis, this month’s report focuses on supply chain security, exploring methods such as threat modelling and risk management.

Cyber Weather in February 2025 (External link)

Recently reported scams

In this summary, we provide information about scams reported to the NCSC-FI during the past week.