Cyber threats rise in Nordics in response to NATO applications

The tragic events in Ukraine have forced neighboring states to suddenly reevaluate their defense policies. Finland, which shares over 1000km of border with Russia, is on high-alert while in recent months ordinary Swedes have rushed to join the Hemvärnet, Sweden’s military’s reserve force, in record numbers. Most notably, the threat of Russian attack has convinced both countries – who have long been famed for their neutrality – to apply for NATO membership.

Russia has threatened retaliation in response to the Nordic nations’ NATO applications, which were jointly submitted on May 18th, though confirmation may take months. While a conventional military attack is thought to be unlikely, Swedish Prime Minister Magdalena Andersson has warned that cyber attacks could be a possible response. 

A recent Wall Street Journal article quoted several regional experts who share that fear. Mikko Hypponen, chief researcher at Finnish cybersecurity group WithSecure Corp., expressed concern about “cyberattacks directly through the Russian government or through proxies of the Russian government targeting Finland and Sweden.” Kim Elman, director of the center for cybersecurity at state-owned research institute RISE, explained that the countries’ status as high-tech hubs make them prime targets for espionage.  

In fact, the risk is already here. In April, the Finnish government’s website was taken down by hackers while streaming a speech by Ukraine’s President Volodymyr Zelensky. Sweden also has recent experience of disruptive cyber attacks. In July 2021, Coop, one of Sweden’s largest grocery chains, was forced to temporarily close almost 1000 stores due to the Kaseya hack. In December 2021, the IT systems of Kalix municipality were brought down by a ransom attack, affecting over 100 different business systems, with Russian hackers suspected to be responsible.

The key importance of cybersecurity is most visible in the ongoing conflict in Ukraine. The US military recently admitted that their hackers have “conducted a series of operations” in response to the Russian invasion. Meanwhile, Ukraine itself has faced a barrage of cyberattacks from Russia, including on its energy grid. In the first month of the war, a major government-owned energy company saw cyber attacks increase by 3519%. Yubico has been working with state officials to help secure the country’s IT and critical infrastructure with YubiKeys.

The Finnish cyber security agency is studying the situation closely in anticipation of facing similar attacks, according to the agency’s deputy director Sauli Pahlman, quoted in the Wall Street Journal. Across Sweden municipalities have also become increasingly concerned about protecting themselves and their critical infrastructure, according to a further quote by Johan Turell, a senior cybersecurity analyst at MSB, the Swedish Civil Contingencies Agency.

It is well known that politicians throughout Europe are at risk of hacking. However, the reality is that threats from bad actors and rogue stakes don’t only target top government officials. Modern cyber attacks also target critical infrastructure, essential industries and supply chains. A system is only as safe as its weakest link and the interconnectedness of modern life means that attacks can have far-ranging consequences and bring extended periods of disruption.

For this reason, businesses and state-owned enterprises in Sweden and Finland should be continually reviewing their cyber security practices, not only for privileged users but all employees and indeed any independent contractors and third parties who use their systems.

What does this mean in practice? Effective security relies on usability, but increased threats may require more stringent measures. Legacy authentication, such as usernames and passwords, are easily hacked and frequently distributed widely online, rendering them insufficient. 

Effective cyber security today requires multi-factor authentication (MFA), but even conventional MFA has flaws. SMS messages can be hacked, while push notifications are vulnerable to notification-bombing, a method exploited by prominent hacking group Lapsus$. This is why governments and cyber security agencies are increasingly recommending, or even mandating, phishing-resistant MFA solutions like security keys.

The YubiKey is the leading hardware security key and the only authentication technology proven to stop account takeovers at scale. Yubico works with governments and major businesses around the world to secure their authentication and, ultimately, make the internet safer for everyone. 

To learn more about how Yubico helps organizations in the Nordic region, read our case study with Arvika municipality in Sweden.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey