Why ‘good enough’ isn’t working

Erik Skogström has over 15 years experience in cyber security. In the course of his career, he’s helped countless businesses understand and optimize their protection against many kinds of threat. He’s also well qualified to comment on the human angle of the subject.

"Technology and security - and how it affects people, I think that's interesting. What I find strange, however, is how many times "people" disappear in the equation."

A constantly evolving risk landscape

In terms of the threats that exist today, staying one step ahead of the criminals and opportunists who are constantly looking for an opportunity to strike is a never-ending task. From the hobby hacker seeking notoriety or attention to organized crime networks and state sponsored entities, the issue of risk becomes more and more complex every day. Looking at the bigger picture, how does Skogström see the risk landscape today?

The data speaks for itself. Threats are growing and constantly changing. They’re becoming more widespread and more sophisticated. Commercial enterprises are always going to be targeted, simply because to a criminal network or individual, they’re often easy targets for blackmail. However, we’re also seeing a massive increase in state financed cybercrime. The spread of disinformation for the purposes of manipulation is happening on an astonishing scale.

Dealing with the threat starts with understanding the individual

Whether the aim is to change or affect public opinion for political purposes or extort money from an individual or organization, gaining some kind of leverage on the target is necessary. And to understand this, Skogström makes an important point about the digital behavior of the child sexual abuse material consumer.

What can businesses do to minimize risk?

Whenever it occurs, exposure to child sexual abuse material represents an internal threat. Furthermore, reported incidents are on the rise, with a recent NetClean survey revealing that 1 in 500 work computers are being used to access child sexual abuse material. Many are surprised by this figure - but according to Skogström, companies still tend to downplay the risk.

“Generally, I believe companies need to weigh up the risk factor more seriously. In my work, I quite often hear things like ‘we don’t hold such sensitive or important data’ or ‘we’re not that kind of business.’ This is 100% wrong. Every business handles data - and if you handle data and have an employee who uses or shares child sexual abuse material, this is the leverage the criminal needs.”

When he’s out meeting companies and discussing IT security, Skogström focuses on getting people to understand how to use tech properly and what the consequences of doing so can lead to.

“My experience is that unfortunately, companies are not as well protected as they could be. In terms of risk protection, a ‘good enough’ mentality still exists. It’s often the case that a business doesn’t see protection as a worthwhile investment, and they motivate this by saying, ‘well, we’re not an IT company, so we don’t need to invest in IT security.’ All I can say about that is that there are a thousand examples that prove them wrong. My advice would be that a company should always try to stay at the very edge of the latest security developments.”

A real threat with real-world consequences

When it comes to reducing the risk child sexual abuse material poses to a business IT environment, NetClean solutions can take a central role. Speaking from his hands-on experience and taking a more benefits-focused position, how does Skogström see the value in the NetClean products? “In my opinion, NetClean delivers two important customer benefits. The first is the fact that the products can affect the risk-taking behavior of the child sexual abuse material consumer. In this way, the problem can be steered and controlled while greatly reducing the threat to the business and its reputation. The other benefit is a ‘goodwill’ factor. If they’re using NetClean products, a company can go out in public and present tangible proof that they’re proactively working to combat child sexual abuse material. As a result, awareness of the issue is raised both internally and externally and the company makes an important ethical statement.”

To conclude, Skogström has this to say about risk and how companies and organizations should see it.

“All information has a value to someone. Try to understand the mindset of a criminal. We talked earlier about the fact that 1 in 500 work computers are being used for the consumption of child sexual abuse material. From the perspective of a criminal or blackmailer, these are good odds. If they can identify a child sexual abuse material consumer in your organization, you’ve got a big problem. These are facts, not opinions. The threat exists, whether we like it or not.”