At the end of May, the payment giant Klarna came across one serious incident. A technical error caused users who logged in to the company’s app to be met by other people’s payment details, invoices and purchase history. Just over 9,500 users were affected for 30 minutes before Klarna temporarily shut down the login to the app. Only several hours later could the important app work as usual again.
The incident was serious from both a security and privacy point of view. Klarna regretted what had happened and assured that the service had not been subjected to an attack. Remedy and improvement were promised and the error would also be analyzed from several different perspectives.
How could this happen? Among the security experts and experts who commented on the issue, digitalisation was a common thread among the contributing factors that were pointed out. Statistics show that Sweden is one of the world’s most digitalised countries, and there is hardly anything that has been slowed down by the covid-19 pandemic. On the contrary, we are more dependent than ever on the ever-growing flora of e-services, online stores and various logins that together make life more comfortable to live.
“Needs higher demands”
But the more digitized, the greater the security risks. And precisely IT security is something that does not keep up with the rapid pace of digitalisation. That is the opinion of Anne-Marie Eklund Löwinder, head of security at the organization Internetstiftelsen.
– The digitization process is mainly focused on increased functionality and new types of services. Security work has not kept pace at all. It is even far behind. This is a big problem, especially when handling personal data. It is necessary to set higher requirements for the projects to be based on “security by design” – ie that the security aspect is included from the start of a project.
Anne-Marie Eklund Löwinder also believes that we will see more serious IT security incidents in the future.
– As long as the complexity of the services increases and security continues to lag behind, the gap between us as users and the security issue will also increase. We want convenience! We want someone else to think about safety and things like that.
Our dependence on well-functioning digital services has become apparent during the covid-19 pandemic. We shop online, book digital doctor visits and meet in different virtual environments. And companies need to respond.
– For some companies and organizations, digitalisation has been a bit of a “knife to the throat”. Small shops are forced to go online to survive and there have been many who needed to get online quickly, Anne-Marie Eklund Löwinder.
– We have seen more domain registrations now during the pandemic. The e-commerce perspective in particular, with many different players involved in each transaction, is sensitive, as the case with Klarna shows quite well. It is a major player, and when they are involved in incidents of this type, many users are also affected.
But how should we users really relate to the fact that even large, trusted players can sometimes fail with security? The consequences can be devastating! Anne-Marie Eklund Löwinder believes in transparency, that we learn from each other’s mistakes, but also in follow-up and controls.
– It is true that it is impossible to protect a service to one hundred percent. There is so much to click and work. When something happens, it is therefore important to be transparent about the incident. But it should also require some kind of minimum level of security – with the condition that those who do not meet these requirements are simply not allowed to participate. All safety claims from suppliers should be followed up and checked, and this is probably an area where we see a potential for improvement.