Pelastusoperaatio: Matin Nakki -saaga

Show Notes

PALAUTEKYSELY JAKSOSTA JA YLEISESTI UHKAMETSÄSTÄ:  https://qup4621yg.supersurvey.com

Mitä tekisit, jos yrityksesi joutuisi yhtäkkiä yhden maailman pahamaineisimman uhkaryhmän saartamaksi? Tässä jaksossa kerrotaan hermoja raastavasta koettelemuksesta, jonka rakastettu suomalainen makkarayritys Matin Nakki Oy koki joutuessaan kehittyneen kyberhyökkäyksen kohteeksi Moonstone Sleetin toimesta vuonna 2024. Liity seuraamme, kun seuraamme IT-päällikkö Jaria ja hänen tiimiään heidän tehdessään raskaita päätöksiä ja valvoessaan öitä yrittäessään saada järjestelmänsä takaisin hallintaansa vakavan kiristyshaittaohjelmauhan keskellä. Todista dramaattisia hetkiä, kun he tasapainottelevat lunnaiden maksamisen ja Kyberturvallisuuskeskuksen ohjeiden noudattamisen välillä.

Tutustu kyberhyökkäysten nopeaan ja huomaamattomaan luonteeseen, joka voi tuhota jopa parhaiten valmistautuneet organisaatiot. Syvennymme asiantuntevien incident response -tiimien kriittiseen rooliin.. Jarin ja hänen tiiminsä kokema emotionaalinen ja operatiivinen rasitus korostaa vahvojen kyberturvallisuustoimenpiteiden välttämättömyyttä.

Lopuksi pohdimme yksityisten yritysten ja kyberturvallisuusviranomaisten monimutkaisia vuorovaikutuksia kriisitilanteessa. Matin Nakki Oy:n tarina korostaa ajantasaisen tietosuojan ja raportoinnin tärkeyttä vakavien GDPR-sanktioiden välttämiseksi. Lopetamme jaksomme jakamalla jännittäviä suunnitelmiamme laajentaa Uhkametsää audiovisuaaliseen sisältöön ja Juuson viimeisimpiä , samalla kutsuen kuulijoiden palautetta auttamaan tulevien keskustelujemme parantamisessa. Liity seuraamme jaksoon, joka on täynnä arvokkaita oivalluksia, dramaattisia kertomuksia ja kurkistuksia tulevaisuuden suunnitelmiimme.

Instagram: https://www.instagram.com/uhkametsa/
Linkedin: https://www.linkedin.com/company/uhkametsa/

Chapters

• 0:00: Kyberkriisi suomalaisessa yrityksessä
• 13:13: Vakavan kyberhyökkäyksen hallinta
• 27:08: Keskustelua ensivasteesta
• 41:32: Keskustelua Uhkametsän laajentumisesta
• 47:13: Palautekysely

Transcript

Kyberkriisi suomalaisessa yrityksessä

Speaker 1 0:30

The Finnish family business Matin Nakki Oy was known for its high quality sausages and sausages. The company was founded in 1954 in a small Finnish village, when Matin's eldest son, väinö, decided to start his own sausage production. Väinö was an enthusiastic meat master who had learned traditional cooking methods from his father. He believed that high-quality raw materials and careful handwork were the key to delicious making of makkaroida. At first, väinö made makkaroida in a small farm where he used old smoke stoves and hand-made meat mills. Väinö's reputation spread rapidly and soon his makkaroitaan alettiin kysyä ympäri Suomea.

Speaker 1 1:16

Väinö palkkasi lisää työntekijöitä ja laajensi tuotantotilojaan. 1990-luvulla yritys siirtyi kolmannelle sukupolvelle. Kun Matin poika nuorempi Matti otti ohjat käsiinsä, hän toi mukanaan uusia innovaatioita ja teknologioita. He brought with him new innovations and technologies that made it possible to monitor the production and quality of the product. From the past, matinnakki Oy was now a modern and successful company that employed hundreds of people and operated products both in the home country and abroad. The company's products were known for their quality and taste, and they had won numerous awards in the competition of the food industry. The company's values were respected by the traditions, but at the same time it was open to new innovations and technologies. Matin Nakki Oy had aroused interest in the criminal community.

Speaker 2 2:10

In the spring of 2024, the company faced an unprecedented crisis that started with a cyber attack. Everything started on a peaceful Monday morning when its IT chief, jari, arrived at the office. He opened his computer and immediately noticed something strange. The company's main production system did not agree to be launched. Jari tried to get the system in hand, but each company ended up failing. In the end, he noticed on the message screen your system has been hacked. Pay 500,000 euros in bitcoin or all your data will be destroyed, jari knew right away that the situation was serious.

Speaker 3 3:00

He called the CEO, Mati, who was the founder's son. Mati's cyber attack was a completely new and frightening experience. He had grown up in a company where the biggest problems were the destruction of machines or the lack of raw materials. Now he encountered an enemy who he could not see or understand. The company's so-called cyber-asset expert examined the systems and said that the attack was very well executed. Behind the attack was a North Korean threat called Moonstone Sleet. The hacker group is known to have a particularly skillful and protected environment that does not keep them. The specialty of Moonstone Sleet was its ability to hide and act without noticing in the system. The purpose of the team is, for example, to steal and steal information so that the company cannot get hold of its own information. Moonstone Sleet is also known for its self-created hacking programs and the damage to our own creation.

Speaker 2 3:51

The CEO of Matin Nakkijou was desperate. They knew that without their organization, they would not be able to continue production. Every hour without operation meant massive losses and threatened the company's reputation. Matin Nakkijou's products were known for their quality and reliability, and any fraud in production could weaken the trust of the customer. Jari and the cyber-assistant decided to contact the National Cybersecurity Center. With their help, they got more information about the Moonstones League and its methods of operation. The Cybersecurity Center recommended that the company not pay any fees, as there were no signs that the attackers would return the information. At this point, a close discussion with the officials began.

Speaker 1 4:33

Matti Nakki, the leader, of the OY was suspicious and reluctant to cooperate.

Speaker 3 5:00

Matti had a discussion with the Cybersecurity Center.

Speaker 2 5:03

Look, we can't wait weeks or months. Every lost day costs us thousands or millions of euros.

Speaker 3 5:07

We understand your concern, but paying can only worsen the situation. Thank you, we can help you restore your system and protect you from future attacks, but this requires time and patience. We don't have time and patience. This is a catastrophe.

Speaker 2 5:21

Do you understand?

Speaker 3 5:22

We understand your situation, but paying can lead to you having a continuous target Attack. Knows that you are ready to pay.

Speaker 2 5:57

After a long and grueling discussion, the CEO of Matin Nakkioo decided not to pay any money and to follow the official's advice, matti Nakkioen.

Speaker 3 6:00

The whole process took weeks and in the meantime the company suffered major financial losses and all data was never returned. The first week was particularly challenging. The production hall was like a city of a net when the machines stopped quietly. The employees, who had gotten used to a busy and efficient work environment, were now unemployed and worried about the future. Jari and his team worked day and night trying to restore the system. They faced constantly new problems when the actions of the Moonstones League were revealed more and more.

Speaker 3 6:24

The next week, the company received help from a foreign cyber-assistant who had been involved in the investigation of the attack on the security system. He brought a team with him which began to analyze the aftermath of the attack and find ways to bypass the secrets of the attack on the disaster zone. He brought a team that began to analyze the aftermath of the attack and find ways to bypass the secrets of the disaster zone. Their work began to produce results and they succeeded in returning some of the critical information. In the third week, the company began to see light at the end of the tunnel. They had received enough information to be able to restart some of the production lines. This was a great relief, but there was still work to do. Jari and his team continued to work tirelessly and they were finally able to return most of the data. After a month, matin Nakki OOY was able to return most of the data and continue production fully. The company had learned the importance of cyber security. Jari and his team were able to use new, stronger security measures to prevent attacks.

Speaker 2 7:24

The story of the cyber attack spread widely, and it became a warning example for other companies. It reminded everyone that cyber threats can be encountered by anyone and that they must be protected, että kyberuhat voivat kohdata kenet tahansa ja että niihin on varauduttava huolellisesti. Vaikka yritys menetti paljon hyökkäyksen aikana, se selvisi kriisistä vahvempana ja viisaampana kuin koskaan ennen.

Speaker 1 7:47

Kriisin jälkimainingeissa, tietosuojavaltuutettu antoi virallisen lausunnon Matin Nakki Ooyyn tapaus on valitettava esimerkki siitä miten. The following is an example of how serious the consequences of cyber attacks can be. The company's data security measures have not been sufficient and this led to a serious data protection attack. According to GDPR, companies must be assured that their data systems are protected and that personal data is handled accordingly In the statement of the Information Protection Authority.

Speaker 2 8:10

Matin Nakki Oy had to pay significant amounts of GDPR without waiting for it to be left. The amounts were 4% of the company's annual turnover, which was a considerable amount. In addition, the company had to invest considerable amounts in data security updates and training to make sure that the opposite would not happen again. Although the Matinnakki company survived the crisis, it paid a high price both economically and commercially. The company, however, learned valuable lessons and strengthened its position as a more secure and responsible operator in the field of food supply. Oh, Matinnakki is barking. Juuso, do you have anything to say about Matinnakki?

Speaker 3 9:05

Well, this story we just heard is quite typical for our field. So these kind of cyber attacks, as you might think, are almost every company. This was quite illustrative and realistic what has happened and where it leads.

Speaker 2 9:39

So it is very familiar as a scenario. Yes, this was actually a long-term first explanation of how Matin Nakki Oy has started to succeed in the meat business meat trading or is this now the meat business? Perhaps more in this case, heillä on sitten ehkä ehkä sellainen perinteinen ongelma mitä saattaa olla muutamalla muullakin yrityksellä, että pikkasen kasvetaan, mutta välttämättä ei ehkä niin kuin tuohon kyberturvaan laiteta sitten välttämättä niinkään niinkään paljon rahaa sitten kiinni, kun ehkä sitten siinä vaiheessa pitäisi laittaa kun tota aletaan, niin kuin olemaan vähän kiinnostavampi kohde, sitten tota niin niin erilaisille kyberihyökkääj to various cyber-attacks. We would like to break this story to you listeners first, and then we can open up a bit about what the whole thing was about.

Speaker 2 10:28

We will keep you excited for the later part and then we will tell you what the thing is and why. And there we will tell you what the story is and why. This story started on a peaceful Monday morning. And I have to get to this peaceful Monday morning right away, juuso. Traditionally we incident responders know that this type of story never starts, and you can tell me now what time it is. Is it Monday morning? It's Friday at 19.00.

Speaker 3 10:57

GMT plus 2 or 3. It usually starts to be fun then. Monday morning is not peaceful for long to be quite long.

Speaker 2 11:14

Yes, of course this was an assumption that this cyber attack was detected on Monday morning only then, at the time when their system was already dark, so the production systems had been completely encrypted here, for example and it was only then that it was actually noticed that something was wrong, that now something is missing.

Speaker 2 11:34

This may also be a little bit of a noticeable possibility of this story development, because initially one could assume that this very successful business would also go around at the weekend, so we would probably have already noticed at the weekend that something interesting has happened. What this then revealed was that there was a question about cyber attack. We might have noticed this already during the weekend, that something interesting has happened the way this was discovered, that there was a question about cyber attack. It was discovered that there had been a flood demand left in the system and that flood demand asked to pay 500 000 euros in bitcoin or all the data is destroyed euro as bitcoins or all the data is destroyed and this is an interesting scenario. How likely or how normal would you say that this is, that this kind of attack is observed in that way?

Vakavan kyberhyökkäyksen hallinta

Speaker 3 12:29

That the attack is observed only when the attacker's tightening the tension is quite typical. If you think about the company when cyber security has not been a priority, you can estimate that there has been some antivirus product, but who will look at the concerns that might arise if they have risen? Especially when this was noticed on Monday morning? It also pointed out that no one had even been watching them. This is quite typical, in my opinion. This is the stage where the attacker wants to not noticed so often. The attack is fast. It has been the central theme in our previous episodes that the attack is fast. No harm is always used. Most of it is done with the so-called hands-on keyboard, using lol-bins. So you live with what you have. You use the tools that are already available on Windows. The risk of getting stuck is not very high if the environment is well-regulated, if there is more attention to use of EDR technology or web, the traditional antivirus product is not necessarily a mystery.

Speaker 2 13:54

If we just use Windows to build tools, and then maybe the worst thing is that even if you were wondering who was watching them, who was reacting to them in the right way, yes, yes, yes, it has been explained for a long time, but this is how it goes, and it is only noticed in this phase, when the payment notice really comes out, especially when it is a slightly less active organization than in the cyber security side, but they do get a little more active, and especially when we talk about large companies it is quite a massive and difficult operation to ensure that the entire environment, the entire large environment is then secured in the same way, which of course also increases the possibility, koko ympäristö, koko laajaympäristö on sitten samalla tavalla turvattu, joka sitten toki myöskin lisää sitä mahdollisuutta siihen, että tällaisia havaitaan sitten vasta siinä vaiheessa, kun on jo pirumerrassa Ja ehkä siitä kiristysviestistä itsestään, vaikka nyt ehkä tämä tarina ihan jokaiseen nyanssiin ei kannatakaan puuttua.

Speaker 2 14:47

Niin siinähän mainostettiin, että tiedot tuhotaan, eli selvästikään so clearly our story's bad guy hasn't been heard about double extortion yet. The double-tension model hasn't been clearly known to them yet.

Speaker 3 14:59

Yeah, maybe more just that so-called state-owned angle that we want to do cyber destruction.

Speaker 2 15:15

So a small angle, that of course it is tightened. But now, if we think about it again, we have already revealed that the attacker was Moonstone Sleet, which is the North Korean. In the last episode when we talked about this, or in the this scenario, where a North Korean operator attacks Finland and we don't have a lot of war space with them here, or vice versa, compared to Ukraine and Russia, but in this case it would be very unlikely that the North Korean threat would try to destroy anything If we don't take into account the way North Koreans do ransomware attacks. They probably wouldn't want to cover up the matter. What was the word?

Speaker 3 16:08

Now I'm starting to lose my mind. Try to open up a bit what you are looking for so their intellectual property.

Speaker 2 16:22

I heard PI I said PI, it's just because the brain is getting stuck. I meant IP. They probably wanted to learn how to make good mati-nakes in North Korea when there is not much food or food for the people. If we are talking about the APT angle, then it would be more about the storage of food. What you think about the first steps, how Matti worked as a CEO at that time?

Speaker 3 17:01

Well, that's a very difficult situation, especially since there were new people who had already hit the nail on the head. This is probably something that I can't agree. Compare myself to that. How does it feel to the company's management when the first time a serious cyber attack happens? I guess it's a terrible situation. It was a good contrast to the previous one, where there was more concern about the production line being shut down because there was no. If you call a cyber expert or a company to help you, it's always good Even though we're a bit of a cow in the barn, of course, me and Jouni, when we're working on this but it's always good to have someone to help you, because usually it's not necessarily enough if you are trying to figure out the entire tightening mechanism of the attack from the beginning to the end.

Speaker 2 18:19

I'm focusing on you that much and you were probably just about to finish. The biggest problem there is probably that if you don't have experience from that study, there is a pretty big risk that the initial foot and the first foot remains a mystery as to how it step has been entered into the environment. That is the biggest risk I see it is likely that the same amount of time will be spent on the same again. In that sense, incident response experts are a good place to put them. They can build the flow of events and tell how they got in and hopefully also from large companies that offer these services and can also make recommendations on how they won't come in the same way again at that point.

Speaker 2 19:07

Thank you Good. Maybe there's a lot more to it, but there's nothing to discuss in that particular area. Ehkä tässä nyt ihan hirveän paljon sinänenpäin. Ei tuossa nyt sinänsä ole tuossa kyseisessä aihealueessa mitään keskusteltavaa, mutta siinä oli puhuttu myös siitä, että miten toi muun Soundsleets is made. They try to hide and act unnoticed in the system, but in this case it doesn't sound like there was no need to act so secretly because the maturity wasn't very high.

Speaker 2 19:54

Next, in practice, the disappointment began to dominate the leadership of Matti Nakki Oy. Here we talked about two people, one of whom was Matti Matti, and then there was Jari, who was perhaps I don't remember exactly, but Jari must have been some kind of IT chief of the company. This was quite understandable and normal in this case, because the production stops. It means that for a company that makes production, there are quite a few losses if you can't keep the and a lot of this attack. Juuso, would you like to think more about this If this call came to you as a data, jari's IT manager and Matt's CEO, who are both in a panic?

Speaker 3 21:16

This is a typical situation for incident response workers, because usually we are happy to be here when the bad has already happened or the money is already in the bag. I don't know if we have talked about this a lot, but the important thing here is to be an incident responder or a data. It's a very peaceful process. We collect the first data, which helps the data scientist to think about what to do next. Jouni points out the scope, where we listen to the situation and think about the next steps, how the study starts and what needs to be done first. This is a pretty typical situation from the perspective of a data scientist. It is never an easy situation. On the other hand, which is the first time we have are already in a mess. It's not a moment.

Speaker 2 22:37

It's not a moment, it doesn't affect my life that much At that point when this call comes. I know that it's again a lot of evenings and weekends, but maybe the experience brings the certainty that this has be shown to a panicking company manager. There is no harm in helping. But we have to remember that we have talked about this earlier. At this point we have to tell realistically what has happened there. When Jari calls us in the IT department, we have this kind of thing and we have this kind of a message.

Speaker 2 23:07

At that point it is not good to give too many assumptions that data can be returned as it is otherwise from the confirmations, but just realistically go through it. What are the assumptions for the study? And also, especially if there is a so-called retainer customer who buys this service already, then you have to also remember that they must be quite clear about what the study costs with that money. So, as I said, it is important to have a clear understanding of we must also remember that they must be told what the research costs with the money. As most of the listeners know, such a research is not necessarily very cheap. We got it for the technical research and for all the recovery stages and other parts here. Jari and the cyber-assistant decided to take contact with the National Cyber Security Center. In our case in Finland it goes under Traficom and it is our dear cyber security center there where there are experts. How realistic is this? How often Juuso do recommend that we be in contact with the Cybersecurity Center when this case of the size of the scale is coming?

Speaker 3 24:20

I would say that it is always good to inform them. In the biggest of cases, it creates situation information and we can help. We are a small country and we want to protect everyone as much as possible. I think it's always good to take Traficom and the Cybersecurity Center with you.

Speaker 2 24:44

They have great professionals and it's nice to work with them when the collaboration is going to start In practice, I would say that in almost all of Finland, cyberbullying or such crimes should be in contact. Even if it's a fishing message, it's not necessarily a bad idea to report it to the Cybersecurity Centre, and especially the jockeys that have been found there. The Indicator of Compromise. So what is this Finnish thing? A sign of bad luck? What has been found there? The indicator of compromise, and what this statement has to do with this? A sign of bad luck. Oh, yes, you're welcome, thank you. I agree with that, and of course, in this case, a criminal complaint should always be made, and especially if there is still cyber-corruption, then it is definitely necessary to make a search warrant and also, of course, an application to the insurance company immediately if such a evidence happens to be in the back pocket.

Speaker 2 25:42

At this point, the Cybersecurity Center had a conversation with Matti Nack's director, and there was a bit of disbelief and maybe a bit of opposition. If we think about the scenario. The head of the Cybersecurity Center or whoever it is in this case recommended that we don't pay the loans at all. It led to a discussion where Matti Nakki was very disappointed and afraid of how much this will cause injuries. This lost movement from this time. How realistic does this discussion look if we think about the cyber security center?

Keskustelua ensivasteesta

Speaker 3 26:29

I would say that this is quite realistic. It is so called I don't know if it is the right term that it costs a lot. If you promise that you will get everything back and everything works, fingers crossed. If you pay this much, then maybe at some point in the calculation we can get the results. It will be easier and faster to just take the sum in the bag and continue the production.

Speaker 2 26:54

But if you think about the discussion in such a way that what the nature of the discussion was, so Matin Naki's representatives mostly shout at the Cybersecurity Center that they can't really do what the Cybersecurity Center recommends. If you think about the nature of this discussion, do you see that this is a discussion that would be used between the customer and the Cybersecurity Center, between the company and the Cybersecurity Center?

Speaker 3 27:21

It may well be that such discussions are held when the realities come against it. I guess that's what happens. I can't say for sure that I haven't been in that role.

Speaker 2 27:41

I also think that these may sometimes come from a slightly smaller organization. In that sense, I don't think that the whole discussion would have been completely wasted. As a representative of a private company and an incident responder, I have actually had this type of discussion sometimes. I haven't been at this level, but I have had conversation with the client, not in my own way but the client's way. They have their own team and of course, they are naturally afraid of the future of their company. As everyone knows from the example mentioned I can't mention any other examples these events can lead to significant consequences, including in the competition for the company. In that sense, this was an interesting conversation.

Speaker 2 28:43

In any case, in our story Matti Naki decided not to pay the loans and followed the advice of the authorities. From here we got to the return process which was then started and there was, unfortunately, moonstone's lead destroyed part of the security copies. That was probably then with the same virtualization service, security copies and all services, but the story doesn't go into that. The recovery process started with the fact that a special cyber-assistant was taken to the site for the investigation of the anti-terrorism attacks, so-called DERF-assistant Juuso. Should we change the title-crisis program attacks? That would be a great thing to say.

Speaker 3 29:32

We should ask next week how such a title would fit.

Speaker 2 29:36

Yes, and in fact after that, if you have such a title, it automatically means that you don't study anything else than anti-crisis program attacks. You don't have to do a back case at all.

Speaker 3 29:50

Yes, that sounds like a good title. You are the manager, so you can say that now this kind of task name is available.

Speaker 2 29:59

Yes, unfortunately it doesn't work that way. It was mentioned that this person was part of a team that was involved, was very realistic and started to analyze the attacks and find ways to overcome the rumors. Overcoming the rumors of the damage to the incident response team is a utopia, in my opinion. I know of one case where this has succeeded. I won't mention names, but all the respect to the person who succeeded in this. It wouldn't have succeeded on its own in the first place, but now it was. This was a Finnish company called FitSec. It has been in the business of cybersecurity for some time and they were able to destroy it. Was it the Akira?

Speaker 3 30:52

Yes, it was Akira.

Speaker 2 30:52

And.

Speaker 3 30:54

Windows variant exactly. Yes, which is a tough thing active in the field of DFER research, but they have probably focused on this properly and it seems to be more of a threat intelligence company, if I remember correctly.

Speaker 2 31:21

Yes, they do a lot of everything, for my understanding, and may also do DFER, but I'm not sure. It seems to be a relatively small company at the time and a specialised company. But, as you said, I believe that this was more of a data security researcher's operation where the Akira damage system has been studied and a way to find out the truth. But still, I think it's a cool thing and a great job from the person who did it.

Speaker 3 31:56

Yes, I would also like to add that during active data conversion research there are usually no tracks. Someone reverses the compression error program and tries to open it because it probably most likely not happen Exactly.

Speaker 2 32:13

Matin Nakki had learned his lesson, at least partially. Jari and his team used new, stronger and more secure protective equipment in the future of attacks against the enemy, which was great to see that we have learned from this story. The last topic in this story that we are discussing now is GDP breaks. It was mentioned that the news about this spread widely. It always seems to be the case if there is a bigger company in Finland, soon Finland will be reported in all the yellow newspapers and other media. Now this kind of a is now under production. There were also comments about GDPR follow-up, and it was mentioned that the company's data security measures were not sufficient, which led to a serious data protection attack. I'm not necessarily fully aware of this, but of course, it is worth noting that GDPR-related announcements about cyber attacks are to be done in time. If you don't do that, you will probably get the wrong results from the violations. If you not mistaken, tell us what happened to the data protection authority office.

Speaker 3 34:01

Yep, that's where the story started, when it was a peaceful Monday morning when it was noticed it started to dig for 72 hours Exactly.

Speaker 2 34:16

This is certainly a half-realistic scenario. Digittämään Juurikin näin. Tämä on sinänsä varmasti ihan puolirealistinen skenaario. Ja onhan näitä sakkuja jo jaeltukin. En nyt muista käytännön esimerkkejä, mutta muistan uutisista lukeneeni että on jotkut näistä sitten omakseen saanut pieniä rahallisia muistutuksia. Mä en nyt ole tarkalleen että mä en tiedä että tuossa I don't know exactly, but it was mentioned that 4% of the company's annual turnover was the maximum amount that could be given. If I remember correctly it was something in that class, but basically that could be quite significant money. In that sense it's a good estimate to take a better care of protecting data. I was thinking about how big of a data protection threat this could be. If we think about the amount of data they store in Matinaki, how much they actually have customer information in this meat production house, I could imagine that it doesn't necessarily sound like a company that does a lot of retail, or maybe more like big SOC and central type operators sell products. But maybe I'm wrong. Matin Nakki sells nakAKs from door to door.

Speaker 3 35:38

Yep, when you say SOC, you probably mean Finland's shareholder right Security Operation Center.

Speaker 2 35:46

Yes, soc. Yes, I started thinking of SO. Yes, that's nothing. That GDPR announcement is important in itself and in fact, the requirements are quite small in the end, so that you are away from those lies that it does not affect the entire environment of EDR, but certain procedures have been taken to maintain the information. I could imagine that a public-selected site without any secret messages would not have been sufficiently protected, but if there is a gap between the two, it will probably be there and it will probably be like that in the future. There are all kinds of new, old and great definitions of the future of rain, like Dora and SOC2, but we won't go into that because we don't understand anything about them. Considering our, or at least my, nature, I don't think I will really understand this, because it may be that the subject area is a bit confusing. I'm not so sure about that, since you have a more academic approach to things. I don't know where you are in the next five or ten years, probably making some kind of policy.

Speaker 3 37:08

I don't know. Now that GDPR has been discussed, I'd like to say that it doesn't have to be a comprehensive report. It usually just needs to be a report that has been observed and that has been observed what information is available at the moment and the information protection authority can ask for more information if needed. When it is handled in that time frame it can be done quite long. It is mandatory to authorize all companies. It is worth putting it behind the scenes that it will take 72 hours when it is detected, Not because it has happened. It is rarely known when an attack is detected.

Speaker 2 38:04

Exactly Good. I think that Mati Naki's story was explained in such a short way. Should we open the view a little bit? What is it so? Should we open our view?

Speaker 3 38:15

a little bit. What's the deal? Yeah, you could tell Jouni what the real question was.

Speaker 2 38:26

This was a very confusing episode from the previous episodes. This is the question of the fact that we made episode number 50 to the forest Good. I did it myself. We have sometimes such desires to renew and think about new directions for the podcast. Sometimes it relates to our own endurance and sometimes to think about what could be fun also from the listeners' point of view. This time we thought that we could start doing a different story-driven episode. We could tell a story and then discuss it a bit differently. We could also take the technique away a bit. It could be more enjoyable to listen to for those who are not so deep in technology. That being said, I don't think we'll ever get to drink a lot and we'll probably talk about technology in these episodes, but we could add a little bit of a story line here, and we've sometimes cut the length of the episodes a little bit, so we will probably also shorten this a little bit in the future. How much we talk per two weeks?

Speaker 2 39:46

I can say that this story itself was a combination of three things. This was a story that was invented. This was a combination of three things. This was a story that was invented. This was a combination of three things. One is the generative AI. The other is our experience and imagination of what could happen. The third is an article from the Moonstones League which was helping the AI to tell this story, Although I said that the article was a complete waste of time. It didn't bring any sensible points to the story, but it was just an experiment to see if the AI could create a sensible story around the article. But it didn't. But this was the idea.

Keskustelua Uhkametsän laajentumisesta

Speaker 2 40:35

I think we could post a form on Twitter and on LinkedIn to ask about this. If you're interested, you can ask there. How did it feel? Was there anything you'd like to to hear more in the future? I don't, or rather we won't, be making this kind of story every time. It's not the idea that we always do the same thing, because it would be so boring for the listener then very soon if there was always some kind of a data break and then we would always deal with it step by step, that what has happened there. But then there will probably be some typical approaches. Juuso, if we are to use less time per podcast episode, we have talked a little bit about the future. What else we could do at the top level. Would you like to talk a little bit about what you might expect.

Speaker 3 41:33

This is not connected, but we have decided to expand our offer to an audiovisual direction. We want to do interviews first, which are interesting to us, and there's also a bit of that. We take something else than DF-reference and Kyber usually and maybe we do more. Then also YouTube's challenges and other things that we have also thought about here, that this kind of meta-level update here, then the forest of threats, that we want to keep the podcast but also expand the activity. It may be that the challenges will be published as podcast episodes. Let's see how we can organize them. It always requires that we have a challenge here. We haven't asked anyone yet.

Speaker 3 42:30

We can challenge each other. It will soon a bit boring.

Speaker 2 42:35

But actually what I can say is that our idea is to try to use our Uhkametsä brand in other ways than just this podcast. Youtube videos, yes, but we have some other challenges that we can publish on that side as well, maybe not as regularly as this podcast. It might be that we will go and talk about something more in some events. If that feels right, we will find a suitable solution for it. We will try to build all kinds of things and think about what would be nice. Not that recording a podcast would be nice and it wouldn't disturb us, but it might be a bit expensive for the listener to listen to our Latin. But actually that was more of a story about what this was about and how we are slowly thinking about future plans for the forest. Of course, the summer can be a little quieter. We have put it on the mark that the listeners are on vacation and we are on vacation here as well. Juuso, you can first explain when you are going to have a summer vacation.

Speaker 3 43:57

I am on my best summer vacation and I am in. August, then longer period vacationing. Are you going to Black Hat? I don't know. At least Someone can surprise me. I don't mind.

Speaker 2 44:25

Flies are, by the way, quite good prices. Not that I was going there, yeah, on the weekend. So basically, in a week I'll be on vacation, but podcasting doesn't affect me in any way. Otherwise, when I'm not busy with work, I get a little breath of air and I'll probably come up with new ideas about what I could do. Yep, good, maybe we can ask you a quick question before we end. It's not going to be 20 minutes, but what do you have in mind? Maybe we can ask Juuso a quick question before we end this. What does it sound like to you?

Speaker 3 45:02

It sounds good to me. Now the sound is the last one.

Speaker 2 45:08

You can stop listening if you don't care.

Speaker 3 45:11

Now the sound part begins Warning, warning. Yes, now the part of the hearing begins, warning, warning. But yes, it sounds good. I'm actually on vacation for a few days now, and then longer in August, and in itself nothing bad has happened here. It's a good vacation and a short break from the forest. I'd like to mention that we want to bring other forest-related activities to the forest and bring it to the forest of threats. On the subject of DFIR, we are already working on it so much so I think it's nice to hear other topics, so let's see what we can come up with. But I have perhaps more interesting updates. Are your holiday plans in order?

Speaker 2 46:13

All my holiday plans have been cancelled, so in that sense I have planned all my vacations properly. I'm probably at home for four weeks.

Speaker 3 46:21

Then the mourning flag. I can't I can't.

Palautekysely

Speaker 2 46:26

I can't afford to leave this year, but I don't think anything more amazing will be done during the vacation and otherwise not much is really amazing. I don't remember what happened to me here. It's all good, it's all about. Am I talking about when I broke my ankle? I broke it in the last episode, I think I talked about it.

Speaker 3 46:47

Yeah, you said how is the ankle doing? Is it better now?

Speaker 2 46:51

It's not in good shape yet. So tomorrow will be three weeks since I managed to break it. Now it's been three weeks since I had a gym break. It's better now, but clearly not yet. I'm still struggling a lot. It's so hard, but the world doesn't end. I've been running very well this week. I might run today after this show today, but it may be that I can't wait to go tomorrow.

Speaker 2 47:25

I ran 10 km from the gates of Malmi Kartan. I have been there but I haven't gone to the gates this time. There is a trail that you can run up and down in a circle shape. I took a steeper hill two kilometers of climb and then a kilometer of descent, and then again I took it three times around the other day. Let's say that I have never had a hangover because of sports as close as the third gear. When I started I was quite comfortable. At that point I ran in the front and when I stopped running I didn't get any bruises from the front. I only got bruises from the front because the front was so wet. It was fun. Well, that's it. We can put it in the show notes. Maybe we'll just delete it in a couple of weeks so it won't stay there forever, so that way we can go and give feedback and of course we hope that we'll give as much feedback as possible, so we know if there's any sense in what we did today.

Speaker 3 49:08

Yeah, that sounds really good. So thank you all, and we'll be back to the matter in two weeks. Yep, thank you, bye. Oikein hyvältä. Niin kiitoksia kaikille ja me. Palaamme sitten taas asiaan kahden viikon kuluttua. Jep, kiitos moi, heippa.