The Russian invasion of Ukraine continues to be the major threat in security policy. In August last year, Sweden also raised the terror threat level from a three to a four on the five-point scale. The reason was, among other things, the terrorist attack against Swedes in Brussels and the storming of the Swedish embassy in Iraq due to the Koran burnings.
“We have a very serious security situation and a security situation that has deteriorated in 2023,” said Lieutenant General Thomas Nilsson, head of Must when he presented the security service’s annual review on Monday.
But it is not only citizens who are the target of threatening actors, companies also have an increased threat picture.
“There is of course a threat to Swedish companies, precisely because they are Swedish, that operate abroad in troubled regions. Another threat to Swedish companies is foreign intelligence gathering,” says Thomas Nilsson.
Swedish companies are at the forefront in terms of knowledge in several areas and develop sought-after products. This makes Swedish companies attractive to foreign powers who, instead of creating themselves, steal information. In addition to Russian interests, there are also Chinese intelligence and security services that systematically try to influence Sweden and steal information.
As one of the most digitized countries in the world, Sweden has a greater risk of being exposed to cyber attacks. Last January, the Russian hacker group Akira attacked the Finnish IT supplier Tieto Evry, which affected several Swedish authorities and companies.
“It doesn’t just apply to Swedish companies, but to the whole of society and authorities that you have to increase your resistance to cyber attacks. Private companies need to continue to strengthen their security protection and report deviations linked to security protection,” says Thomas Nilsson.
How to protect your company against cyber attacks
1. Install security updates as soon as possible.
2. Use strong authentication features.
3. Restrict and protect the use of system administrative privileges.
4. Disable unused services and protocols.
5. Make backup copies and test if the information can be read back.
6. Allow only approved equipment on the network.
7. Ensure that only approved software is allowed to run.
8. Segment the networks and filter the traffic between the segments.
9. Upgrade software and hardware.
10. Ensure there is a capability to detect security events.
Source: Must