Jump to content

Cybersecurity Month: Why being aware matters

Sandvik is combating the rising global threat to cybersecurity through various capabilities based on technology, processes and people. For this year’s Cybersecurity Month, the company is focusing attention on the threat from emerging technologies such as AI.

Two woman looking at a screenWhile cybercrime is as old as the Internet, 2023 represented a new high. According to the Identity Theft Resource Center (ITRC), there was a 72 percent increase in data breaches in the US last year compared with 2021, which held the previous record. Cybercrime today is a big business. The average cost of a data breach amounts to USD 4.88 million and 94 percent of organizations have reported email security incidents. The global cost of cybercrime is forecast to jump to USD 24 trillion by 2027, up from USD 8.4 trillion in 2022.

Raising awareness during Cybersecurity Month


Since 2004, October has been declared by the US government, and many other organizations such as the EU, as Cybersecurity Month. It is a month where the public and private sectors work together to raise awareness about the importance of cybersecurity and in which many organizations, like Sandvik, run awareness raising campaigns to reduce cyberthreats.

But Sandvik, like other organizations, is working hard every day of the year to strengthen its cybersecurity. And through a variety of capabilities based on technology, processes and people, Sandvik protects devices, data and networks from different types of cyberattack.

“The overall objective of cybersecurity is to ensure confidentiality, integrity and availability of information and systems,” says Jörgen Andersson, Chief Information Security Officer at Sandvik. “We need to ensure that information is accessible only to those authorized to have access to it, safeguard the accuracy of information and ensure that authorized users have access to information and systems when needed.”

Understanding ransomware, phishing, and data theft


There are several different types of cyberthreat. These include ransomware, which is a type of malicious software that locks and encrypts victims’ data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Another cyberthreat is theft of data and intellectual property.

Cyberespionage is growing, including state-sponsored attacks, with the objective to steal data and intellectual property.

“Cyberattacks can also disrupt business operations and cause severe financial losses. Cybersecurity is therefore essential to ensure business continuity and to protect sensitive information,” says Andersson.

Cybersecurity is also increasingly becoming necessary to meet customer and regulatory demands, including the EU Network and Information Security 2 Directive. “This requires us to have many different cybersecurity capabilities,” says Andersson. “And while a lot of that involves creating technology and processes to protect the organization from attack, the people side is also very important.”

Monika Kullberg, Security Culture and Awareness Manager at Sandvik, is a psychologist who helps shape the company’s security culture through behavioral science. “It is people who interact with the technology,” she says. “So we look at how can we simplify the technology and cybersecurity for people so that they are aware of what they need to do, how to do that and that it is easy for them to do it. We are trying to strengthen people and the way we work in this area.”

Cyberattacks start in many ways, but a common tactic used by criminals is phishing. This involves the use of scam emails to trick recipients into visiting fake websites. A virus may then be downloaded onto recipients’ devices, or personal information such as passwords may be stolen.

AI and social engineering in cybersecurity


Emerging technologies such as AI are also being used by cybercriminals for social engineering. This involves drawing on information from a wide range of sources, such as social media accounts, to create realistic personalized messages that manipulate people into performing actions or divulging confidential information. The messages appear to come from a trusted source. AI can also be used to create deep fake voices or videos that mimic trusted sources.

Sandvik conducts cybersecurity training and awareness programs for its employees year-round. In this year’s October Cybersecurity Month campaign, it is focusing attention on the threats from these emerging technologies.

“Cybersecurity will continue to be a major issue, and we will need to continue investing in it,” says Andersson. “And to meet the increasing threat from phishing, social engineering and AI, we are increasing our efforts on the human side of cybersecurity to ensure that everyone at Sandvik is aware of the threats and knows how to detect attacks and handle them safely. Most importantly, everyone need to think twice before clicking on a link or downloading a file in an external email.“

Podcasts

How to be a become a digital security STAR:

Stop. Don't click or perform any other action.

Think. Assess risk based on what you know.

Ask someone – anyone – for a second opinion.

Report any suspected attack or breach.

We would like your consent

Sandvik and our vendors use cookies (and similar technologies) to collect and process personal data (such as device identifiers, IP addresses, and website interactions) for essential site functions, analyzing site performance, personalizing content, and delivering targeted ads. Some cookies are necessary and can’t be turned off, while others are used only if you consent. The consent-based cookies help us support Sandvik and individualize your website experience. You may accept or reject all such cookies by clicking the appropriate button below. You can also consent to cookies based on their purposes via the manage cookies link below. Visit our cookie privacy policy for more details on how we use cookies.