Denmark’s Journey to Becoming the Most Cyber-Secure Country

Denmark is one of the most digitalized countries worldwide, with technologies used in the private and public sectors as well. This means that Denmark is also a target with a generous and attractive attack surface for threat actors.

As a result, major cyberattacks impacted important economic sectors and a large number of people. Like the Petya cyberattack over Maersk, the Danish biggest shipping company, in 2017. Or the SolarWind attack on The National Bank of Denmark in 2020.

Danish authorities made real efforts and transformed Denmark into the most cyber-secure country in the world, but, according to The Danish Government’s National Strategy for Cyber and Information Security 2022-2024, the risk of cybercrime and cyber espionage is still high in the country.

Let’s see how cybercrime evolved in Denmark, what are the major cybersecurity incidents that changed the game, the types of cyberattacks that affected the country, and what are the next measures to take.

Types of Cyberattacks on Business in Denmark Between 2017-2020

Denmark relies heavily on technology, with 95% of citizens having access to the Internet at home and using it daily in 90% of cases. The percentage drops to 66% for persons between 75 and 89 years old, of which only 48% are daily users, according to The Agency for Digital Government.

In this landscape, cybercriminals can use a large range of attacks. Phishing attacks, ransomware attacks, and financial fraud have been the top three cyberattacks in 2017, according to Statista.

While phishing attacks remained the favorite method for hackers over the years, covering 77% of attacks in 2017 vs. 79% in 2020, ransomware dropped from 58% to 18% in the same period.

Financial fraud incidents kept a steady trend over the years, with a high of 52% in 2017 and a low of 30% in 2019, raising back to 42% in 2020. Malware attacks had a similar trend: 43% in 2017, 48% in 2018, 27%in 2019, and 28% in 2020.

But the type of attacks that took off in this period is the confidential and sensitive personal data shared. Starting at 12% in 2017, it reached 38% by 2020. Social engineering got added to the mix later, but with a high frequency from the beginning: 28% in 2019 and 2020.

Major Cyberattacks that Changed the Game (2017-2022)

Denmark was heavily targeted by cyberattacks before investing in cybersecurity and developing strategies and plans to protect its governmental systems, companies, and people from cyber threats.

Here are a few of the most prominent cyberattacks:

• Maersk, the biggest shipping company in Denmark, suffered a ransomware attack by NotPetya malware in 2017. In one day, the company stopped all of its operations and it took two weeks to go back to normal. Maersk lost between $250 million and $300 million as a result of the attack.
• Demant is a hearing aid company with operations worldwide and was hit by a cyberattack in 2019, being forced to shut down all its systems. It is believed that it was a ransomware attack, and it was months before the company resume its activity.
• In February 2020 the Danish tax portal was breached leaking the personal data of 1.26 million Danish, aka a fifth of the country’s total population. The leak contained CPR numbers – used to set up bank accounts, obtain phone numbers, or carry out other critical tasks – and was due to a software error.
• The National Bank of Denmark was hit by a SolarWind attack in 2020. In this case, for seven months, hackers had a backdoor into The National Bank, until the intrusion was noticed by an American company.
• In 2020 Desmi, a pump manufacturer with business in 150 countries, was attacked by ransomware. The company refused to pay the ransom and shut down its systems.
• A ransomware attack affected a quarter of Ritzau’s news agency in 2020. The largest news agency in Denmark shut down completely for two days, leaving its 10 million radio listeners, 8 million TV viewers, 3 million newspaper readers, and 15 million readers relying only on live blogging.
• Vestas, the world’s largest wind turbine maker, was the victim of a massive cyberattack in 2021. The attack resulted in huge data loss, especially the personal data of employees and partners. Exposed information contained: names, contact information, addresses, emails, phone numbers, country of residence, education, training, professional skills, photographs, and details about job applications and CVs. It was a huge hit for the company’s brand, and for its stock value which dropped by 6%.
• On 29 October 2022, The Danish State Railway interrupted its activity across the country after an external supplier suffered a security breach. Supeo, the supplier of a safety-critical IT system called The Digital Backpack 2, stopped using the IT system after a security problem.

Becoming the Most Cyber-Secure Country

Experts say that the wake-up-app call for Denmark’s cybersecurity strategy was in April 2017, when it was revealed that hackers had managed to gain access to the e-mail accounts of members of the Danish Defense.

Since then, the country went a long way, being ranked by Comparitech as the world’s most cyber-safe nation for several years, in 2019, 2020, and 2021.

With an overall score of 3.56, the country was ranked in the top three 10 times out of a potential 15 times, “scoring particularly well in categories such as percentage of users attacked by ransomware trojans (0.02%) and percentage of attacks by cryptominers (0.11%). This country also had zero users attacked by mobile ransomware trojans and mobile banking trojans.”

Here are a few measures that keep Denmark on top:

• The two-factor authentication is largely used in governmental services and financial apps.
• Very strong and well-developed banking apps.
• Major investments in cyber and information security.
• A coherent cyber policy based on: growing technological resilience, enhancing citizen knowledge, and improving coordination among various actors
• Actively working on defining critical infrastructures.
• Creating a 24/7 Situation Center to assist in preserving a national cyber situational awareness map.
• Launching the Mit digitale selvforsvar (My digital self-protection) app. The app has 90.000 users per month and gives information about digital scams, virus and malware attacks, live updates from banks and law enforcement authorities, and even concrete advice if a breach has occurred

Discover the 2022 Landscape and the Plans Until 2024

In 2022 the threats from the digital landscape have been described by The Danish Centre for Cyber Security, as follows:

• the threat from cybercrime is VERY HIGH
• the threat from cyber-espionage is VERY HIGH
• the threat from destructive cyberattacks is LOW
• the threat from cyber-activism is LOW
• the threat from cyberterrorism is NONE

The Danish Government adopted The National Cyber and Information Security Strategy 2022–2024 in which four strategic objectives have been established:

• robust protection of vital functions
• increased level of competence and management support
• strengthening public-private cooperation
• active participation in the international fight against cyber threats

The country continues and multiplies its cybersecurity efforts every year, for the years 2022-2024, the expected investments in cybersecurity initiatives reach a total of EUR 36 million.

However, according to Sikkerdigital.dk, one in every four Danish small and medium-sized enterprises has not instated vital IT security precautions.

All the companies that have not implemented essential cybersecurity measures are advised to:

• obtain an overview of critical systems and data
• keep updating applications
• get an antivirus and a firewall
• back up the important data
• learn how a suspicious email looks like
• make use of strong passwords
• establish security standards for IT vendors

For helping the employees, Hackerstop free programme was implemented. The programme provides free recommendations on how to develop security skills in your team and helps you to discover knowledge gaps between colleagues.

Cybersecurity in the Optics of Current Elections

On November 1st, a total of 14 parties are running for the 179 seats in the Danish parliament. It is believed that the decentralized nature of election administration and the process’ heavy reliance on paper make it challenging to influence a full election. One issue is that local administrations are tasked with securing the logistical parts of elections, including the purchase of systems, but they are not always able to work together effectively, for instance when evaluating their dangers. Even if the minister is negligent, the public will hold him or her liable if a threat develops at the municipal level. While local administrations have a consolidated rulebook for running elections, there are no comprehensive cybersecurity instructions or recommendations. The ES began distributing letters in 2018 to each municipality alerting them about cybersecurity dangers.

Elections are difficult to influence because they are decentralized and offline, but a major worry is the (baseless) decline in voter confidence in the democratic process. As a result, public perceptions are the biggest concern, and it’s crucial to teach voters about the process and security of elections. This data is disseminated through both traditional and social media, which helps put an end to any rumors that might start.

The main cybersecurity issues raised by this incident that happened only a few days before the general election is why this critical IT system did not have a back-up, and how the elected representatives will approach cybersecurity.

Regarding the elections, the most serious technological risks are the hacking of public websites of election-related agencies and major hacks against key infrastructure providers such as the civil registry and the election management system.

Cyberattacks will continue to happen every day, and the best strategy for individuals, as well as for companies or countries, is to prepare for them and plan a quick recovery in an incident hits.

Denmark’s cyberstrategy shows a way to go, by providing governmental support in fighting cybercrime, but it lets us wonder how a grooving attack surface and the ever-present human error could be controlled.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.