It’s high time for Nordic cybersecurity, but improving education and risk awareness is key

During the ongoing war in Ukraine, reports have surfaced detailing the threat of sophisticated cyberattacks on businesses throughout the Nordic region. Fortunately, these reports have triggered a collective effort among countries across the region to ramp up and bolster their cyber defence in response.

But, due to a limited knowledge of cybersecurity in some areas, it’s possible the impact of many of these initiatives will plateau at some point. All too often, decision makers within public sector organisations and critical infrastructure are uninformed and unaware of the threats and risks they face. During a period of such geopolitical unrest, such a lack of knowledge means the danger faced by nations within the region will be significantly heightened.

What’s required is a concentrated effort to educate these organisations, and raise their awareness of the threat landscape and the need to look toward local providers. Only then will it be truly possible to strengthen the overall cybersecurity posture, and defend against the foreign threats that are currently growing in both frequency and severity.

While we have seen the cybersecurity industry taking a proactive approach this time in informing customers about the elevated threat and sharing best practices to take preventative actions, we also need more targeted tactics in future that better serve the Nordic region’s current cybersecurity maturity and its specific requirements.

Collaborative approach

Since Russia invaded Ukraine, governments across the Nordic region have been engaged in urgent cross-border discussions concerning a collaborative approach to cybersecurity.

This follows warnings issued by the Kremlin, following the Nordic governments’ combined support of Ukraine’s defences. Since then, Finland and Sweden’s recent stated intention to join NATO has escalated the situation, angering Moscow and raising the prospect of cyber-attacks further still. A joint approach to cybersecurity among the Nordic nations is, therefore, increasingly essential to their collective defence.

The aim of the ongoing discussions is to develop a common cybersecurity policy, incorporating shared initiatives that, together, will enhance the protection of the region’s critical IT networks and ultimately lead to the establishment of a jointly managed Nordic early warning system, capable of sharing intelligence on cyber threats in real time.

However, encouraging as these cross-border talks are, the heightened aggression from Russia is only the latest in a series of threats to Nordic IT networks.

Mind the gap

Several Nordic companies came under cyberattack during 2021. Norwegian media company, Amedia; sustainable energy supplier, Vestas Wind Systems; and Scandinavian hotel chain, Nordic Choice Hotels, were among a number of businesses attacked toward the end of last year.

Many of Amedia’s central computer systems were shut down following an attack in December, preventing the company from printing physical copies of its newspapers, and impacting its advertising and subscription systems. While none of Amedia’s data was compromised, a ransomware attack on Vestas Wind Systems a month before saw personal information released for sale on the dark web. Not long after this, Nordic Choice Hotels also suffered a ransomware attack which disrupted its booking and payments platform, as well as online IT systems across its 200 hotels.

In light of attacks such as these, not to mention the growing threat from Moscow, there’s a clear need for decision makers to exercise greater caution and follow the most up-to-date cybersecurity guidelines. Unfortunately, though, there is a large gap in cybersecurity skills and knowledge in the Nordics, and across Europe as a whole.

So, until – and even after – the collaborative governmental initiative is well underway, there should be an increased focus on developing a highly trained cyber workforce, ensuring everyone concerned is aware of, and armed against potential threats.

Looking locally

In addition to improving the region’s cybersecurity skills, there’s also a need to look closer to home, and adopt more local technologies and technical know-how when it comes to protecting corporate and personal data. Housing that data with European or, ideally, Nordic-based providers will help minimise the risk of it being stolen through a “back door” by hostile states.

Despite continuing debate over the security implications of using Huawei’s 5G technology in the West, for example, Chinese-made baggage scanners were recently installed and connected to Stockholm Arlanda Airport’s IT network leading to a real concern that “back door” malware could impact national security as a result.

Nordic businesses should therefore ensure any third-party software and service providers they use are based in the region, with no infrastructure links to or partnerships with China or, especially given the current climate, Russia. Using a local provider is also hugely beneficial to an organisation’s cybersecurity posture. After all, with an innate understanding of the organisation, its culture, and the regulatory environment in which it operates, it will be far better positioned to address any security challenges that arise that a provider in a different jurisdiction.

Ultimately, any nation’s security is only as strong as its defence – physical and digital – and the war in Ukraine represents a significant threat to the cybersecurity of the Nordic nations. It’s hugely encouraging, then, that the region’s governments are working together on a joint security policy. At the same time, though, it’s crucial these countries and their businesses close the cybersecurity skills gap and look to local providers to ensure the maximum possible protection.