Duller than dull cyber security


Cyber security… phishing message… data leak… vulnerability… update now… Bored, tired, I’m busy and I guess it doesn’t even concern me? I’ll read it later, meaning never. Does it sound familiar? Information security, data protection and cyber security. Articles filled with these intermingling terms come up everywhere, including the leading national media – not to mention communication at the workplace. However, if you are not particularly interested in technology, you don’t actually read those stories very often. Should you do that?

The situation is in a way new and unusual. Not all of us used to bear so much responsibility for the security of our community unless the threat was obvious and visible to the eye. Security, that’s what this is about. Your own, that of the community and society on the whole. A threat whose daily presence cannot be seen or heard.

Modern communication technology, or more familiarly the internet with the devices connected thereto, developed and spread all over the world so quickly that the security aspects were forgotten for decades. A similar development cycle has, of course, been seen with many other technologies as well. Communication technology is, however, completely unique due to the speed of its development, the complexity of technology, as penetration of society, and the global connections.

So how complicated are these devices? The Android operating system consists of some 15 million lines of code and Windows of more than 50 million lines of code. Apple M2 system on a chip is built of 134 billion transistors. So when you use the mobile bank or e-mail, you execute millions of lines of code on billions of transistors. Just one missing character in the software code may mean an error that leads to a data leak. The complexity of processors in turn has even resulted in component-level errors.

Fortunately, these errors can be fixed afterwards. Thanks to the internet. The errors and fixing them, however, mean that the users need to be at least aware of them and sometimes take action themselves. Often there may be days or even months between finding the error and the release of a fix, let alone installing it, in which case the user’s own action is the only way to prevent the unauthorised use of the device. And this effort should be made without any direct benefit to yourself.

Security also costs money, and more secure information technology costs more. How many of us think of cyber security when buying a new phone or television? Or is prepared to pay extra for it? What about an organisation that is purchasing a new information system? Do you know when your phone will or did receive its final update? Security is a challenge to the users, too. Trying to remember even short passwords is annoying, not to mention complicated identification requirements.

As a result, we use vulnerable services in which we log using the same weak passwords without multi-stage identification. An eight-character password can be cracked in about five minutes. Technical protection has not been completed and training has not been arranged or taken. The market economy sells cheaply the products that sell well while the legislator is only just waking up to the challenge. Did you know that a new smartphone may receive security updates for just one year from purchase?

On such a foundation, we trust our data, money, work and social life. This world is also of interest to criminals. Criminals usually use the easiest route to get what they want, and nowadays it is less and less often a technical fault. It is the human being, user, me, you. 85% of successful security breaches happen when a person hands their keys to the criminal. IT professionals fall for phishing as easily as other people. Finnish people have lost tens of millions of euros to such criminals in the 2020s. Artificial intelligence has removed our language barrier and will revolutionise phishing messages in Finland, making them harder to identify. The number of phishing messages has exploded and the activities are obviously profitable.

This is why we talk so much about it, and maybe you should also be interested in headlines concerning cyber security.

The author of the column, Pauli Räinä, is the IT manager of the Port of Turku

Photo: Markku Koivumäki

Do you think that your digital skills could be improved? See for example the Digital and Population Data Services Agency’s page on Digitally Secure Life.

The Digital and Population Data Services Agency DVV also offers webinars to all of us, experts and management. I can warmly recommend the monthly 15-minute webinar Digiturvavartti (in Finnish) to everyone.