Cyber Support

Over the past two years, many cyber incidents have occurred in Estonia resulting in significant losses to companies. In what ways can companies be more aware of cybersecurity and business risks, and how can they best protect their data, customers and money? ITL demonstrates optimum protective measures using three company cases as examples. Teams from ITL executed ethical attacks on Mobire Eesti AS, Finants ja Marketing OÜ and Esthus OÜ. These companies volunteered to participate in the attacks, leading to the identification and rectification of critical vulnerabilities and a deeper understanding of the business risks associated with cyber threats. Videos where the experience is told by attackers and company representatives (open video to see the story full screen):

Where to find support

CEOs and employees do not have to become information security experts; they can rely on the experts from ITL member companies. Here you can find experts who can help resolve cybersecurity issues.

The following participated in the campaign:
Estonian ICT Cluster, CGI Eesti AS, CYBERS, Cyberarch Consulting OÜ, CybExer Technologies OÜ, Lean Digital OÜ, Microsoft Estonia OÜ, OIXIO AS, Riigi Infosüsteemi Amet CERT-EE, SK ID Solutions AS, Swedbank AS, Wisercat Estonia OÜ.  

Communication partners: ITL, CYBERS, RIA, Elisa Eesti AS, Swedbank AS, Microsoft Estonia OÜ. Video production: Vaas OÜ.  

Facts and suggestions case by case

Video of Mobire Estonia AS, car rental company

• Digitisation involves hidden risks that must be acknowledged.
• Attacks through service providers are a persistent risk that also affect customers.
• Safe development principles must be followed when developing software or digital services. This significantly reduces business risk.
• Continuous security monitoring and surveillance of digital services help companies quickly identify attacks and minimise possible damage.
• Security testing of business applications helps boost confidence on both sides – clients as well as business partners.
• Every month, Estonian companies fall victim to invoice frauds, ransomware attacks and other cyber schemes. In the worst cases, a company can lose tens or even hundreds of thousands of euros.
• Criminals exploit technological vulnerabilities as soon as they find them. These vulnerabilities allow unauthorised access to companies and business applications. Access is often gained through outdated software.
• Unpatched software creates favourable ground for attacks. Therefore, it is very important to regularly update software.
• Weak, missing or easy-to-guess usernames and passwords are easily avoidable risks. The use of factory passwords also poses a great risk.
• It all starts, of course, with the user and cyber hygiene. The easiest thing to do for the attacker is to use social manipulation. Attackers can simply direct the user to click on a suspicious link or enter their data.

• Trained and informed employees
• Well-managed office and work tools
• Securely developed software

Video of EstHus, manufacturer of wooden houses

• Most first-time attacks and information collections are communication attacks. They attempt to gather technical information either about digital protection or the company’s network structure.
• A communication attack can be, for example, a phone call, SMS or email conversation.
• Attackers can pose as clients and refer to a previous conversation with a partner or an employee. For instance, an attacker can take over the conversation and turn to an employee for additional information.
• The employee sees that the conversation has indeed taken place, lending it legitimacy. The primary goal here is to build trust to enable information phishing.
• A social communication attack can also be masked as a “survey”. If the attacker has a budget, participating in the survey may even be rewarded with a small gift. The purpose of the survey is to get answers on topics that the attacker is interested in.
• Usually, the goal of a physical attack is to gain unauthorised access to office premises and plant a “bug” either in a computer or in the office.
• A physical attack can be, for example, copying the office door card.
• A physical attack can also be unknowingly carried out by an employee. For instance, a criminal might “forget” a USB stick, CD, etc., in the restroom or car park, and the finder inserts it into their computer in good faith. These can infect the computer so that it can be remotely controlled later to bypass digital protective barriers.
• A physical attack can also be more complex. For example, by installing a Wi-Fi network with the same name near the office, it is possible to hijack the company’s computers, as the users assume they are connecting to the right network.

• Safe working practices in the office, as well as home offices
• Trained and informed employees
• Well-considered information exchange with partners

Video of Finants ja Marketing OÜ, accounting, marketing

• Estonian companies lose about 1 million euros per year to cybercriminals.
• Cybercrime poses tangible business risks.
• Smaller companies are increasingly targeted due to their perceived vulnerability.
• The company’s annual report can be a source of information for malicious attackers.
• The ransom is usually 5-10% of the company’s turnover from the previous year.
• Publicly available data on company employees on social media and elsewhere on the internet aids attackers in gathering information and strategising attacks.
• Preparation for a ransomware attack can begin 2 weeks to 2 months before the actual attack.
• Accessing a small company’s computer network can help gain access to a larger partner company and serve as a springboard for a larger attack.
• Cyber hygiene is essential, regardless of the size of the company.

· Trained and informed employees
· Competent IT managers
· Cyber-conscious clients and partners

The production was financed by the European Regional Development Fund within the framework of the Estonian ICT cluster project.