Ethical hackers revealed the weak points of cyber protection of Estonian companies

October 2, 2023

ITL found out the level of cyber awareness of Estonian companies and revealed critical weaknesses. For this purpose, the cyber security working group organized well-intentioned cyber attacks against three companies based on a prior agreement.

Videos with recommendations can be found on the ITL website in english and in estonian.
You can find a photo gallery of the final event of the campaign on ITL’s Facebook page.

Teams consisting of top specialists from various cyber security companies from ITL and Information System Authority organized completely realistic attacks on the car rental company Mobire Eesti AS, the accounting and marketing company Finants ja Marketing OÜ, and the wooden house manufacturer EstHus OÜ. Despite the advance warning, all attacks succeeded.

Because cybercrime is a real thing with real business risks, the well-meaning attacks were also real. ‘I believe that Estonian entrepreneurs now better understand what dangers may lie in wait for them. Based on these real cases, we also clearly understood that as ICT service providers, we ourselves have an obligation to do our part better, and therefore we have started to develop good practices for the provision of several services,’ said Kalev Pihl, head of ITL’s information security advisory board.

In order for others to learn from the valuable life experience, educational videos were created based on the attacks and advice was prepared in simple language, which makes it easier for small and medium-sized companies to protect their data, employees, customers and money.

You can select English subtitles while watching the video:

According to Kalev Pihl, the three companies currently continue to cooperate with ITL members in order to fix the identified security holes and plan the next activities to prevent accidents and attacks. ‘Since the person is often the weakest link in the cyber security of companies, the focus must be on how to reduce the probability of attacks by raising awareness. In cooperation with professional associations and business networks, we also want to conduct practical seminars to pass on the learning experience,’ said Pihl.

The following participated in the campaign: Estonian ICT Cluster, CGI Eesti AS, CYBERS, Cyberarch Consulting OÜ, CybExer Technologies OÜ, Lean Digital OÜ, Microsoft Estonia OÜ, OIXIO AS, Riigi Infosüsteemi Amet CERT-EE, SK ID Solutions AS, Swedbank AS, Wisercat Estonia OÜ.  
Communication partners: ITL, CYBERS, RIA, Elisa Eesti AS, Swedbank AS, Microsoft Estonia OÜ.  
Video production: Vaas OÜ.  

The production was financed by the European Regional Development Fund within the framework of the Estonian ICT cluster project.

Kristi SemidorCommunications Manager+372 617 7145+372 55 45 577