A forthcoming study from the auditing and consulting firm KPMG has found major gaps in the data security of some of Finland’s largest companies. The study also revealed hacks to the in-house networks of half of the large listed companies participating in the study.
“The study doesn’t explain what caused the break-ins, but they are most likely the result of a lack of anti-virus updates and security monitoring,” says KPMG’s security expert Matti Järvinen.
Companies were divided into three groups: those whose networks were “in quite good shape”, those whose networks had “some malicious traffic” and those who were victim to “large-scale attack traffic”. KPMG reports that many events were observed that standard corporate anti-virus programs cannot address effectively.
Awareness of risk severity is weak
“Finnish awareness of data security issues remains feeble. Only once a catastrophe is on our hands will be wake up and see we have a problem,” says Tomi Voutilainen, professor of ICT law at the University of Eastern Finland.
Antti Kiuru, Head of the National Cyber Security Centre is also not surprised by the study results. “We have some down-to-earth advice for Finnish companies: remember to ‘take your medicine’ every day. Get the programs for your equipment in shape and remember to update them regularly.”
“Malware and viruses can be considered harmless in terms of the company’s overall security, but in a worst case scenario it can lead to a breach in the company’s data protection and allow such things as corporate espionage, the clearing of accounts or even bankruptcy,” says Järvinen.
Voutilainen estimates that data breaches in the public and private sectors are more common that people are led to believe. Leaks are likely patched in secret at most companies to avoid a loss of face among customers. “If these security crimes where investigated as criminal cases, they would enter the public domain at some point. And with big business, that would be too big a threat to their reputation.”