State of the world with Sandra Barouta Elvin - Part 2

From left to right: Linda Nieminen, Sandra Barouta Elvin, Margarita Sallinen

In the first part (link to the post here) of the Global State of the World series, Omegapoint cybersecurity specialists Margarita Sallinen and Linda Nieminen spoke with Sandra Barouta Elvin, National Security Manager and Chief Security Officer at Microsoft, about the current state of the world and its impact on cybersecurity.

In the second and final part of the series, we look at how the global cyber threat landscape has changed over time. We explore whether Sweden has become a pawn in the cyber warfare of the major powers, discuss the security of cloud services and look at one of the technological challenges of the future - the impact of quantum computers on cybersecurity.

Changing threat landscape

According to Sandra Barouta Elvin, the threat landscape has changed in recent years, both in terms of scope and nature. "You can see a clear increase in DDoS attacks, especially in connection with politically charged events such as the war in Ukraine," she says. These attacks aim to overload systems and disrupt digital services, and are often used to attract attention rather than cause financial damage. Sandra explains that the attacks often have a political dimension.

"I like to compare it to someone gluing themselves to the front door of an office. Customers don't come in, employees don't come in, and business stops. That's exactly how it works in the digital world."

Another clear trend is the development of ransomware attacks, which are now more sophisticated and targeted than before. Sandra describes how the attacks are now carried out in stages by different actors working together in a kind of criminal ecosystem. It often starts with one party selling initial access to a system, after which other actors take over and steal data or encrypt the organization's systems. Everything is done in a very methodical way. The attack on the Church of Sweden is highlighted as an example of an increasingly common method: double extortion, where attackers both encrypt information and threaten to leak it.

Despite the evolution of technology, it is still the simplest methods that often prove most effective. Sandra points in particular to phishing, spear phishing and password spraying, techniques that are now often augmented by AI. But what exactly is password spraying? Sandra explains that the method involves attackers testing common or previously leaked passwords. Instead of trying many different passwords on a single account, which can quickly lead to account lockout, they test a few passwords on many different accounts.

"We like to talk about advanced attacks and zero-days, but the fact is that they are very rarely used. It's still simple, well-known methods that pay the most dividends."

Another worrying development is that attackers are increasingly exploiting vulnerabilities in mainstream software. As anti-phishing defenses improve, the focus is shifting to older and unpatched systems. "Many organizations still have known vulnerabilities from as far back as 2014, even though security updates have been available for several years," says Sandra.

Sweden - a pawn in the great powers' cyber warfare?

We asked Sandra about the risk of Sweden being used in cyber warfare by the major powers.

"The question is not whether Sweden risks becoming a pawn in the cyber war of the superpowers, but rather whether we are not already".

Sandra describes how hybrid warfare, which combines cyber attacks, disinformation and influence operations, has already been directed against Sweden. Sandra also highlights Sweden's strategic position in the Baltic Sea region, with Gotland being particularly important, as a contributing factor to the country's interest in a wider geopolitical context. She also points out that Sweden has historically had a clear role in global security policy issues. However, it is difficult to predict how cyber threats will develop in the future, Sandra says.

"It depends on the international dynamics, especially between major powers like the US and Russia. We are following developments closely, but it is very difficult to assess how it will evolve."

Cloud services

Cloud computing has become a pillar of digital development, offering both flexibility and redundancy. But does this mean that storing data in the cloud is always safer? According to Sandra Barouta Elvin, the answer is yes in most cases. Sandra says that in 90% of cases it would probably be safer. But this requires that the cloud service itself is secure, and that it is used in a secure way. Security depends not only on where the data is, but how you handle it.

At the same time, she emphasizes that cloud solutions are not appropriate in all contexts. Some environments, such as OT systems that control critical functions such as nuclear power plants, should remain isolated from the internet. However, for most organizations, the cloud offers improved opportunities to manage large amounts of data and ensure redundancy. Sandra cites Ukraine as a clear example. Before Russia's invasion, government agencies were not allowed to use cloud services. But when physical data centers were attacked, the direction quickly changed.

"What was thought to be safe, having data within the country's borders, turned out to be a weakness when their own territory was attacked. It was then realized that the cloud could provide better protection, both against destruction and manipulation."

Quantum computing - the next big challenge for cybersecurity

What will be the biggest challenge for cybersecurity in the next five years? According to Sandra, quantum computing is a crucial future issue that is already attracting a lot of attention. Quantum computing is an entirely separate field of engineering and physics. Like generative AI, which was niche at first but then suddenly became mainstream, she believes that quantum computers will have a similar impact and radically change the way we think about cybersecurity.

But what exactly is a quantum computer? Sandra explains that quantum computers are based on principles of quantum physics and can process huge amounts of data much faster than today's computers. This means that things like cracking encrypted passwords, which today can take years or hundreds of years, can be done in minutes or even seconds with quantum computers. Today we rely on encryption to keep our data safe, but with quantum processing power we need to develop entirely new encryption methods that are quantum-safe, known as post-quantum cryptography.

Sandra describes this as a race between attackers and defenders, where it is crucial who gets there first. At the same time, there is reason for optimism. Sandra emphasizes that intensive research is underway to develop encryption algorithms that can withstand the capabilities of quantum computers, but stresses that this is likely to be the next big challenge for cybersecurity.

The interview is based on a podcast recording made by Cyber Chats & Chill, which is an initiative by the Voluntary Radio Organization FRO to strengthen Sweden's cyber security. You can listen to the full episode Here.