Cyber threats rise in Nordics in response to NATO applications

The tragic events in Ukraine have forced neighboring states to suddenly reevaluate their defense policies. Finland, which shares over 1000km of border with Russia, is on high-alert while in recent months ordinary Swedes have rushed to join the Hemvärnet, Sweden’s military’s reserve force, in record numbers. Most notably, the threat of Russian attack has convinced both countries – who have long been famed for their neutrality – to apply for NATO membership.

Russia has threatened retaliation in response to the Nordic nations’ NATO applications, which were jointly submitted on May 18th, though confirmation may take months. While a conventional military attack is thought to be unlikely, Swedish Prime Minister Magdalena Andersson has warned that cyber attacks could be a possible response. 

A recent Wall Street Journal article quoted several regional experts who share that fear. Mikko Hypponen, chief researcher at Finnish cybersecurity group WithSecure Corp., expressed concern about “cyberattacks directly through the Russian government or through proxies of the Russian government targeting Finland and Sweden.” Kim Elman, director of the center for cybersecurity at state-owned research institute RISE, explained that the countries’ status as high-tech hubs make them prime targets for espionage.  

In fact, the risk is already here. In April, the Finnish government’s website was taken down by hackers while streaming a speech by Ukraine’s President Volodymyr Zelensky. Sweden also has recent experience of disruptive cyber attacks. In July 2021, Coop, one of Sweden’s largest grocery chains, was forced to temporarily close almost 1000 stores due to the Kaseya hack. In December 2021, the IT systems of Kalix municipality were brought down by a ransom attack, affecting over 100 different business systems, with Russian hackers suspected to be responsible.

The key importance of cybersecurity is most visible in the ongoing conflict in Ukraine. The US military recently admitted that their hackers have “conducted a series of operations” in response to the Russian invasion. Meanwhile, Ukraine itself has faced a barrage of cyberattacks from Russia, including on its energy grid. In the first month of the war, a major government-owned energy company saw cyber attacks increase by 3519%. Yubico has been working with state officials to help secure the country’s IT and critical infrastructure with YubiKeys.

The Finnish cyber security agency is studying the situation closely in anticipation of facing similar attacks, according to the agency’s deputy director Sauli Pahlman, quoted in the Wall Street Journal. Across Sweden municipalities have also become increasingly concerned about protecting themselves and their critical infrastructure, according to a further quote by Johan Turell, a senior cybersecurity analyst at MSB, the Swedish Civil Contingencies Agency.

It is well known that politicians throughout Europe are at risk of hacking. However, the reality is that threats from bad actors and rogue stakes don’t only target top government officials. Modern cyber attacks also target critical infrastructure, essential industries and supply chains. A system is only as safe as its weakest link and the interconnectedness of modern life means that attacks can have far-ranging consequences and bring extended periods of disruption.

For this reason, businesses and state-owned enterprises in Sweden and Finland should be continually reviewing their cyber security practices, not only for privileged users but all employees and indeed any independent contractors and third parties who use their systems.

What does this mean in practice? Effective security relies on usability, but increased threats may require more stringent measures. Legacy authentication, such as usernames and passwords, are easily hacked and frequently distributed widely online, rendering them insufficient. 

Effective cyber security today requires multi-factor authentication (MFA), but even conventional MFA has flaws. SMS messages can be hacked, while push notifications are vulnerable to notification-bombing, a method exploited by prominent hacking group Lapsus$. This is why governments and cyber security agencies are increasingly recommending, or even mandating, phishing-resistant MFA solutions like security keys.

The YubiKey is the leading hardware security key and the only authentication technology proven to stop account takeovers at scale. Yubico works with governments and major businesses around the world to secure their authentication and, ultimately, make the internet safer for everyone. 

To learn more about how Yubico helps organizations in the Nordic region, read our case study with Arvika municipality in Sweden.

Talk to our teamTalk to our team

Share this article:


  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU
  • Securing critical infrastructure from modern cyber threats with phishing-resistant authenticationAcross the globe, 2024 has seen a whirlwind of change. With ongoing wars, recent political change-ups and more, growth in data breaches targeting critical infrastructure continue to be on the rise. Critical infrastructure is integral to our everyday life – from the energy and natural resources powering our hospitals and providing clean drinking water, telco […]Read moreCISAcritical infrastructurezero trust
  • surface blog crownMicrosofts Surface Pro 10 möjliggör NFC-baserad lösenordsfri inloggning med YubiKeys, för företagDra fördel av det långvariga samarbetet mellan Microsoft och Yubico genom att distribuera YubiKeys tillsammans med den nya Surface Pro 10 enheten för ditt företag. Read morenfcpasswordless