Estonia, Financial Services, Internet, Markets and Companies, Security, Technology

International Internet Magazine. Baltic States news & analytics Thursday, 02.12.2021, 21:09

Estonian companies lose over EUR 1 mln annually to cyber attacks

BC, Tallinn, 11.09.2020.Print version
In recent years, Estonian companies have incurred losses exceeding more than a million euros annually due to cyber crime; however, the damages reported to the Information System Authority (RIA) constitute only the tip of the iceberg.

In order to better protect local businesses, it is important to raise awareness of cyber threats and offer effective security measures for companies, RIA said.


Nowadays, all business is conducted over the internet. In Estonia, there are approximately 170,000 companies with up to 50 employees. Most of them are micro-enterprises, with only one board member listed as an employee. According to Tonu Tammer, executive director of CERT-EE, the maintenance of IT sustainability is one of the core facets of effective business operation. "Modern cyber attacks disable servers or computers, thereby paralyzing the functioning of entire companies. Although pen and paper offers an alternative mode of working, we still need data and thus, pens and paper are of little help. It is also not a particularly practical option and it will definitely not compensate for the damage incurred," Tammer said.


Despite the urgency of the problem, there are still many entrepreneurs who have not given it any consideration or taken any steps to minimize the risk of cyber attacks. The problem is particularly acute for small and medium-sized enterprises. Statistical figures indicate that the smaller the company, the less attention it pays to cyber security. "It is completely natural that their primary focus is on keeping the business running, but cyber security should not be overlooked in the process. Otherwise, the cyber criminals will have a field day. First, they will assess how easy it is would be to access the information system of a particular company they have decided to target, and once the ball starts rolling, it creates a snowball effect,” Tammer said.


In 2019, the types of cyber incidents that caused the most financial damage to Estonian companies were the CEO Fraud Scheme, obtaining illegal access to company e-mail accounts, and financial fraud resulting from inbox monitoring. "The CEO Fraud Schemes entails short and concise emails sent under the name of the CEO to the company’s accountant with a request for a quick transfer money to an unknown account. In the second case, the cyber criminals target and hijack business-to-business conversations on monetary transactions, and surreptitiously change the bank account details on invoices," Tammer said.


In addition, Estonian companies have also suffered significant losses due to ransomware attacks, where cyber criminals encrypt the contents of a device and demand money for decryption.

Although hundreds of Estonian businesses have fallen victim to such attacks, a large number of companies have not implemented any security measures to protect themselves. "Most Estonian companies do not even have internal cyber security rules or procedures that would minimize the frequency of such cyber incidents and their negative impact," explained Tammer.


Although cyber awareness has been gradually increasing among Estonian companies, there is still room for improvement. We must also bear in mind that cyber criminals are always striving to get ahead of their victims, which is why they are constantly seeking new ways to ambush entrepreneurs, RIA said. "CEOs must be aware of those risks and how to identify the most common cyber attacks in order to protect their employees, assets and reputation. However, even that is not always enough, because companies that actively invest in their cyber security may also suffer damages due to the ignorance of their business partners," Tammer said. Cyber criminals do not really care about the size of the company or their area of activity, they are primarily interested in monetizing the information procured.


To help local businesses counter these threats, the Estonian Information System Authority has launched an information campaign targeting small and medium-sized enterprises and focusing on the types of cyber incidents that have incurred the most financial damage to companies in recent years. "Our campaign aims to increase the safety of the Estonian business environment and cyberspace. Raising awareness about cyber threats will help foster better understanding among entrepreneurs about their own role and responsibilities in avoiding major losses that can be secured with a few clicks or a modest investment," Tammer said.


In Estonia, cyber crime-related losses commonly amount to a couple of thousand euros; this year, the largest amount lost in a single incident exceeded 100,000 euros.






Search site