A new category should be introduced in the Estonian Entrepreneurship Awards handed out each spring, the category of “Example of the Year”. The first organization to receive this award could be the publishing house TEA Kirjastus Eesti for bravely acknowledging that it lost at least a million euros to cybercriminals in five years. Because one employee clicked on a wrong link on Facebook, another opened a wrong e-mail, and a third deleted crucial databases with malicious intent.
Unfortunately, the honest confession published by TEA Kirjastus in the newspaper Eesti Päevaleht this January did not excite much attention. It was not because the issue was not sufficiently important though, but because most of us are convinced: nothing like this can happen to us. Those to whom such things have happened, however, will not dare to speak out.
Many of us, now used to computers and the Internet as daily professional tools and consumer goods, still have not realized that there is a flu season in the cyber world on the scale of an epidemic it has never yet seen. We are unable to fit the reality of over a million cyber-attacks being committed every day in the world into our everyday smart routine. The best proof that we believe ourselves to be invincible lies in the fact that 25 years after Estonia was connected to the Internet our favorite password still are ‘123456’, ‘parool’ (Estonian for ‘password’) and the like. The primary problem such carelessness results in is not only found in homes poorly protected from cybercriminals but also in workplaces, where people habitually use nonsecure passwords. This is also why cybercriminals do not bother attacking companies’ firewalls anymore; they focus on the smart devices of employees with poor cyber hygiene.
Why such a lengthy introduction? The reason is very simple: we are standing on the threshold of a new digital revolution. Last autumn, the government repeated its call to action, saying that Estonian companies have to start a large-scale digitalization if they want to increase their competitive ability; otherwise we will be watching other European countries’ backlight as they swish by. In its turn, this implies that Estonian companies need to start using even more smart devices and solutions that go on the internet but are in the end controlled by … people. Which means that the Estonian economy’s growth spurt will eventually depend on people and on how sensible their cyber behavior is. This, however, depends on the CEO in any enterprise. On how well they understand the recently released KPMG global survey summing up that it is cybercrime that will be one of any company’s greatest challenges in the following years.
All of the above is exactly why Estonian Business School (EBS) launched a unique master’s degree program Management in Digital Society, which, among other things, will allow current and future top executives to learn from experts working for in international cybersecurity companies and specialists from such acclaimed cybersecurity leaders as BHC Laboratory and CybExer Technologies. With the help of our partners, they will acquire first-hand experience of why the poor cyber hygiene of just employee can be fatal for the entire firm and how to avoid or tackle a crisis. We will be using internationally commended cyber exercise platforms to play out real-life situations, by which our companies and institutions are increasingly threatened every day.
To sum up, Estonia needs executives who perceive the necessity for changes and will e able to successfully lead people and organizations in the digital world. Such leaders must spearhead the digital revolution to increase Estonia’s competitive advantage so that our country remains a desirable destination for foreign investors and a center for new digital services. However, we must get used to the new reality in which this flu epidemic is not ever likely to end, and, due to the expansion of the Internet of Things, its outbreaks will be getting more and more serious. As soon as tomorrow, your fridge or teddy bear with Internet access can become the medium of an attack on your employer, but, which is worse, such a crime could be committed against a hospital, for instance, where surgeries and life-saving would be halted, and that could affect someone you care about.
So, it is time we realized that if a company’s CEO does not consider hand washing necessary during the flu season, does not by soap or, if need be, show how to wash one’s hands properly, it may be said we have already lost the race for digitalization before it starts. We need to get used to the fact that cyber-crime is like a physical break-in and robbery, and these days we protect our homes with reliable metal doors and several locks: using a broom to bolt your flimsy door has been behind the times for a while now.
Toomas Danneberg, the Head of Management in Digital Society MBA programme.
The article was published in newspaper Eesti Päevaleht on June 12th 2018.