Cybersecurity “actually comes down to the basic stuff”
With deep fakes and artificial intelligence (AI), cyber attacks are becoming more sophisticated and harder to identify. Embroiled in an endless game of catch-up, regulations such as the Digital Operational Resilience Act (DORA) are designed to help but also create regulatory burden for all involved. At the Treasury 360° Nordic 2025 conference, four experts took to the stage to discuss cybersecurity challenges in the panel titled “Cybersecurity: how to protect your organisation”.
To Jan Willekens, Head of Cyber Defense Center at Ericsson, there are currently two major challenges in cybersecurity: the rate of innovation among threat actors, and the return of investment (ROI) for these actors.
His concern with the first point is that threat actors are innovating faster than the defence. “AI plays an important role here,” he shares. “Five to 10 years ago, you could easily detect a phishing mail because it was badly written – it didn’t have the right cadence or it didn’t use the jargon that you use in your company. With AI all of that is in the past. Now, you get perfectly written phishing mails. Not only that, threat actors are using AI to innovate how they do their attacks – that allows them to scale up so they can attack more and attack faster.”
Regarding the second point, Willekens believes that costs are going down for threat actors. Again with the help of AI, it has become cheaper and a much faster process for threat actors to gain full understanding of their targets, especially in attacks that involve social engineering.
Kristoffer Sjöström, Chief Security Officer at SEB agreed with Willekens, but added one more challenge: the skills gap. Given the high level of digitalisation and the high dependecy most corporations have on digital products today, he believes it is essential that firms allocate resources to educate its staff on cybersecurity and address the skills gap in a structured manner.
Needs, not wants
A round of decluttering might be in order. Under DORA, compliance requirements no longer apply only to EU firms, but also their third-party suppliers. Cutting out non-critical suppliers might not only reduce vulnerabilities, but also reporting burden.
Harri Pekka Larsson, CEO of Cparta Cyber Defense recommends, “Start with an analysis to figure out which suppliers are critical and what the dependencies are. Then, you can set up a strategy.” When a security breach happens, communication and flexibility are key. With the former, it enables working with the supplier to solve the problem. The latter enables moving to an alternative solution.
It’s not that complicated
Sjöström reminded the audience that sometimes, less is more. “Many organisations think that the solution to the problem is buying some fancy tool that a salesperson is selling. But most of the time, it actually comes down to the basic stuff – having good malware protection and making sure you have encryption. Make sure that you have these basics in place, that you also have processes, and what was talked about earlier – a good close relationship with your third party suppliers, so that you know who to talk to if there is an incident. There is a kind of list around this where you protect yourself against most of it.”
Panellists:
Kristoffer Sjöström, Chief Security Officer, SEB
Harri Pekka Larsson, Chief Executive Officer, Cparta Cyber Defense
Jan Willekens, Head of Cyber Defense Center, Ericsson
Moderator:
Ted Klevensparr, Information Security Officer, SEB
• News from Treasury 360° Nordic 2025, at Stockholmsmässan on 22 May, is gathered here.
• And why not spread the posts in our LinkedIn flow? Sign up to follow if you don’t already – and share this post!
• Find here the main conference website, with the agenda.
• Download the 76-page event magazine here (including a packed 8-page agenda section).
• Many sessions appear in full as videos in the days or weeks after the event.