In the wake of the recent hacking attacks, the confederation of Danish industry, Dansk Industri (DI), wants to see the government implement concrete measures to fight cybercrime as soon as possible.
While Danish firms were not much affected by the WannaCry virus this time round, it does not mean that they will get away so lightly in the future.
“It is vital that we implement a cybercrime strategy that works across the different authorities and co-ordinates efforts, so that companies have the best possible framework in which to implement security against cyber attacks and also have easy access to the authorities regarding questions on cyber security,” said Adam Lebech, head of the branch association DI Digital.
More police resources needed
DI has drawn up a list of six points that they believe should be part of any cybercrime-fighting strategy. Amongst them are plans for a centralised reporting system for cyber attacks, more resources being given to the police for investigating hacking attacks and increasing the number of computer security experts.
“Today, many companies experience that the police just don’t have the necessary resources to follow up on cybercrime cases. In the light of our dependency on digitalisation, one has a right to expect that they do,” said Lebech.
A growing problem
The problem is a growing one. A survey from PWC shows that 65 percent of companies are more worried now about cyber threats than they were a year ago. Figures from Danmarks Statistik show that companies are investing more money in cyber security.
Computer security expert Peter Kruse from the company CSIS points out that “we’re seeing a marked increase in cybercrime and it will run amok if we don’t deal with it. We have to support each other better and form a common front. Standing shoulder to shoulder is the only way to beat cybercrime.”
Viruses such as WannaCry attract a lot of headlines but in reality, cybercrime happens every day, but these attacks are not made public.
“The problem is probably much more widespread than we hear about,” Kruse said.
Companies could do more
Lebech also emphasises that companies themselves could do a lot more to protect themselves.
“We recommend that all corners of the system are examined and the ISO27000-standard for computer security is used,” he says.
“Generally speaking, 80-90 percent of typical cyber attacks exploit weaknesses that can be eliminated by simple means, such as updating systems and programs, restricting the number of users with administration rights and making a list of approved programs, Lebech added.