DKCERT has just published its annual trend report. A report, which is partly DKCERT's report on the past year, and partly DKCERT's bid for the trends we expect to be prevalent.
The report begins with a brief view of the cyber situation picture that DKCERT has observed over the past year. This is followed by an assessment of the threats to the university and research sector. This, the threat assessment, is mostly aimed at the sector and indicates that the threat from cyber espionage, crime and insiders against the sector is very high.
The assessment is supported by the general trends in the cyber world, which DKCERT has a number of recommendations for the sector to address. But which in reality are relevant to anyone working with information security.
Introducing two new services
DKCERT's annual report - the year in numbers and words - reviews DKCERT's activities in 2020 and introduces the two new services that have been introduced here in 2021. One is the university sector's common Malware Information Sharing Platform, the so-called MISP, where the sector can share information about incidents, indicators of compromise mm. The second is a new concept for emergency drills, where DKCERT offers to organize and facilitate drills for the units in the sector.
The annual report section also contains a brief insight into the columns that the head of DKCERT Henrik Larsen has written in Computerworld in the past year, as well as the most important observations from the Danes' Information Security 2020.
Communication theme should kickstart an exchange of experience about communication
As in previous years, there is a theme for the report. In 2021, it is communication.
"The reason for the choice of communication as a theme is that cybersecurity is taking up more and more space in everyday life - also in the political and media agenda. We want to make our contribution to the fact that we - all actors in this field - will to a greater extent learn from each other in the way we communicate about cyber and information security - both internally and externally", says Henrik Larsen.
This ambition is expressed through contributions from four of DKCERT's partners. These each provide insight into how they use communication in their work with disseminating information security. For example, Nets talks about the use of gamification in internal communication, while the Norwegian center for information security, NorSIS, writes about their work to create engagement with their users - a commitment that supports the goal that NorSIS 'communication and messages should be published via several channels to reach as many as possible.
The Danish Business Authority provides insight into the strategy behind the use of tools such as the new IT risk assessment tool, while the Danish Data Protection Agency talks about their approach to disseminating GDPR and data protection - in the obvious recognition that the area is dry for most people.
"For many years we have talked about communication as what should help us understand and act on the threat picture. Now we try with the communication theme to give ours that we will also talk about the communication we all want to contribute", Henrik Larsen concludes.
The trend report is published on DKCERT's website and comes later in a printed edition, which is sent around to DKCERT's partners, members of the research network, and other actors.