2nd annual e-Crime and Cybersecurity Nordics
28th November, 2018, Stockholm, Sweden
“Until you have experienced something like this — people call them ‘black swan’ events — you don’t realise just what can happen, just how serious it can be,” Soren Skou, CEO, AP Moller-Maersk
The Nordic region is a centre of cyber attack and defence activity.
Denmark is amongst the countries that suffer from the lowest numbers of cyber-attacks, according to Microsoft Security Intelligence. That didn’t stop the world’s no.1 container shipper and one of Denmark’s largest companies, AP Moller-Maersk, losing up to $300 million to the notPetya attack. Denmark has responded with a plan to invest: “We are going to spend more money in this area,” says defence minister Claus Hjort Frederiksen.
Elsewhere in the region, governments and the private sector are preparing for the long term. In December 2017, not long after a DDoS attack on public transport systems, the Swedish Defence Commission presented its report to the Cabinet, recommending increased investment in cyber defence, and further investigation of CNI weaknesses.
In Norway, the early 2018 breach of the country’s largest healthcare authority compromised up to 3 million people’s data. The attack on Helse Sør-Øst RHF appears to have focused on patient records and the health service’s relationship with Norway’s armed forces.
Finland is a noted centre of cybersecurity expertise, being home to a new EU hybrid threat centre, as well as a number of private cyber security firms, but in April 2018 more than 130,000 Finnish citizens have had their credentials compromised in what appears to be the third largest data breach ever faced by the country – in a website maintained by Helsingin Uusyrityskeskus, a company that provides business advice to entrepreneurs. However in the event of a serious cyber security breach, the country still lacks an overall body responsible for coordinating responses involving public authorities, private companies and affected organisations.
And in the Baltic states, long a target for Russian state adversaries, a new EU rapid cyber response team is taking shape, proposed and headed by Lithuania and approved in March this year by EU Defence Ministers.
Amidst all this activity, CISOs must now grapple with a new post-GDPR disclosure routine that will finally force boards to acknowledge cybersecurity as a core business risk. Now that hiding breaches and data loss is no longer a valid strategy, cybersecurity, and incident response, have become key competitive drivers. Cybersecurity will not be the same.