According to Digital Norway, it is no longer a question of if but when your business will be targeted by a cyberattack. Ransomware, phishing scams, and direct fraud are on the rise, making it more critical than ever to take cyber security seriously.
Cyber security is what Børre Holmberg and his team at Tietoevry work on every day. Advising businesses of all sizes, Tietoevry emphasises that there are several steps you can take to minimise the damage when an attack occurs.
Key terms: Social engineering (manipulating someone into doing something harmful without their awareness), phishing (fraudulent emails with malicious links), smishing (fraudulent text messages with malicious links), and vishing (fraudulent phone calls aimed at obtaining sensitive information).
Protection against cyber threats
For many businesses, tackling the stringent requirements of the NIS2 directive while defending against an increasingly complex threat landscape can feel overwhelming. "Fortunately, help is available," says Børre Holmberg, Team Lead for Cyber Security at Tietoevry Norway.
Tietoevry Tech Services offers solutions to bolster business security and ensure regulatory compliance. "Through services like risk assessments, training, and hands-on workshops, we help businesses address both current and future challenges. By following these recommendations, companies can better protect themselves against cyber threats and meet essential security requirements," says Børre Holmberg, Team Lead for Cyber Security at Tietoevry Norway.
Geopolitical landscape
Norway faces significant challenges in a turbulent geopolitical environment. As a key energy supplier and NATO member, the country is a target for state-sponsored cyberattacks, while recent sabotage of critical infrastructure highlights vulnerabilities in digital security.
"Geopolitical tensions make us a target," Holmberg explains. "Sabotage, like the recent incidents in the Baltic Sea, underscores the importance of protecting critical infrastructure. This isn't just a technological issue—it’s a matter of national security. It requires close collaboration between government and industry."
NIS2: A legal framework for stronger cybersecurity
NIS2 is an EU directive requiring businesses to enhance their IT security to protect society from cyberattacks and safeguard critical services. It acts as a set of "security requirements" designed to make the digital world safer.
"When we talk about NIS2, it's not just about compliance—it's about fostering a lasting security culture," says Børre Holmberg, Team Lead for Cyber Security at Tietoevry Norway. "By prioritising actions like strong password hygiene, regular risk assessments, and continuous system updates, businesses can significantly reduce their vulnerabilities. NIS2 sets a benchmark that Norwegian organisations should aim for, even if they are not yet directly subject to the directive."
To protect your online accounts, practice good password hygiene. Create strong, unique passwords for each account and update them regularly.
Training and simulation: building resilience for the future
Tietoevry Tech Services has a clear mission: to prepare businesses for today’s cyber threats and ensure they are ready to meet tomorrow’s security demands.
"The most effective way to minimise risk is by raising employee awareness," says Peter Boe Helland, Cyber Security Consultant at Tietoevry Tech Services.
"Time and again, we see that training and simulations, such as phishing campaigns, enhance understanding and significantly reduce the success rate of attacks. Alongside my colleague Martin Stene, I run practical workshops where participants learn to identify and avoid social engineering tactics like phishing, smishing, and vishing. These hands-on sessions empower teams to act as a first line of defence against cyber threats."
To stay safe from phishing attacks, always check the sender's email address, hover over links to see where they take you, and never open attachments from unknown senders.
Helland has conducted multiple phishing campaigns and lectures on how attackers leverage AI to enhance their methods.
"It’s surprisingly easy to get hits in phishing campaigns. However, through simulations and targeted training, we can significantly mitigate the risks," he says.
A new level of complexity
The year 2024 has ushered in a new era of complex cyberattacks. Advanced tools like artificial intelligence and automation have created a challenging landscape for Norwegian businesses.
"Emerging tactics such as QR code phishing and social engineering through social media, combined with targeted ransomware attacks, are putting critical sectors like energy, industry, and transport under significant pressure," says Martin Stene, Cyber Security Consultant at Tietoevry Tech Services.
"To navigate this landscape, it’s essential to not only understand the threats but also implement measures to minimise the risks."
Sophisticated attacks driven by artificial intelligence are no longer a threat of the future—they are happening now. "We’re seeing phishing campaigns where AI is used to simulate authentic messages and conversations, making it nearly impossible for users to distinguish between real and fake. This makes it critical for organisations to implement robust security measures and ensure employees receive training to recognise and respond to these types of attacks effectively."
You can check if your passwords have been leaked here: https://haveibeenpwned.com/
Help is at hand
The Cyber Security team is urging businesses and individuals to adopt robust security measures. "We can't always rely on technology, but we can rely on training and simulations to reduce risks," they point out.
By practising through simulations, you can sharpen your awareness. You don't need to be tech-savvy to reduce the risk of a phishing attack. "And at Tietoevry, we can get you started."
- Worried about ransomware?
- Want to learn more about social engineering and strengthen your defences?
- Need help with risk assessments?
- Looking to secure critical infrastructure?
- Unsure if your passwords are secure?
- Want to know if your data has been compromised?
- Need ongoing system updates?
- Want to better understand the NIS2 Directive?
Holmberg, Stene, and Helland can provide training and consultancy, risk assessments, password management, system updates, insights into the NIS2 Directive, and much more.
"Bilfinger is working closely with TietoEvry to improve IT security, reduce threats from cyber security incidents, and position ourselves to meet NIS-2 requirements." Tor Ole Minsaas, Regional Director IT & Digitalization, ISP Offshore Bilfinger Nordic Region.
