We see daily headlines about geopolitics, political unrest, and war right outside our living room window, but what happens "out there" can actually hit your business hard – through the internet. Small and medium-sized enterprises in Norway are more vulnerable than you think.
Geopolitics? What does it have to do with me?
Yes, more than you might realize! When the superpowers openly flex their muscles, the internet becomes a new battleground. And guess who often finds themselves in the crosshairs? That's right! Small and medium-sized businesses (SMBs). They don't always have the same resources as the big giants to protect themselves.
As tensions rise between countries, the risk of cyberattacks also increases. Smaller businesses are particularly vulnerable for several reasons:
- State-sponsored hackers: Major powers use cyberattacks as a tool in conflicts. SMBs can become targets, either directly or as part of larger attacks on supply chains.
- Increased crime: Geopolitical instability can lead to increased cybercrime in general, as criminal groups exploit the chaos.
- Spread of malware: Conflicts can lead to advanced cyber weapons leaking out and ending up in the hands of criminals.
- Less focus on security: In uncertain times, small and medium-sized businesses (SMBs), with limited resources, may deprioritize cybersecurity in favor of other urgent needs.
We constantly meet smaller companies that think they might be too small to be interesting to hackers. That is so wrong!
Digital services your best friend and worst enemy?
In today's digital world, smaller companies are very dependent on digital systems to run their business. Most rely heavily on cloud-based solutions for everything, such as accounting, customer management, marketing... It's super convenient, but...
- What if your supplier gets hacked? Then you could also have problems.
- Are your data safe with them? If they are careless with security, it could affect you.
- Can foreign authorities snoop? Some providers may be subject to laws in other countries that make your data not as safe as you think.
Furthermore, even the smallest business can be connected to larger companies through their deliveries or services, creating a chain reaction. Hackers are aware of this and often use the small ones as a backdoor.
The numbers tell a story. Are you aware of the risks?
According to the World Economic Forum (WEF), the percentage of small and medium-sized businesses (SMBs) reporting insufficient cyber resilience has increased from 5% in 2022 to a staggering 35% in 2025. This shows an alarming trend and underscores the need for immediate action. Furthermore, 71% of cybersecurity leaders reported at WEF's annual meeting in 2024 that small organizations have reached a critical point where they can no longer effectively protect themselves against the increasing complexity of cyber risk. This is serious!
Actions you need to take if you haven't already done so
Here are 4 concrete steps for a secure digital presence:
- Map Your Digital Assets
To effectively protect yourself against cyber threats, you first need to know what you are protecting. Which data is critical? (Customer information, trade secrets, accounting...). Which systems do I rely on? (Website, email, payment solutions...). Where are the vulnerabilities? (Outdated software, weak passwords, lack of training...). Which vendors do we have, which of these are most critical, and what is the risk of using them?
Once you have an overview of the assets, risks, and vulnerabilities, you can prioritize and implement the right security measures. This is not a one-time job – the mapping must be done regularly to keep up with changes in the threat landscape and within your own organization. - Implement basic security measures.
Ensure that firewalls, antivirus software, and operating systems are always up to date. This is fundamental but essential. Keep track of users' digital identities and access, and implement two-factor authentication (2FA) for all employees and systems. This provides an extra layer of security that makes it harder for attackers to gain access, even if they have obtained passwords. It is advisable to follow a framework or standard for best practices. The NSM's basic principles for ICT security are a good starting point. - Train your employees in digital security
Regular training on the value of information, manipulation techniques such as phishing and other forms of manipulation, and basic cyber hygiene is essential. Employees are often the weakest link in the security chain and the entry point for malicious actors. Customized simulated phishing attacks can help identify and correct insecure behavior. - Establish a plan for handling an incident
Have a clear plan for how to respond to a cyberattack. This includes steps to isolate infected systems, recover data, and notify relevant authorities. Test the plan regularly to ensure it is effective and that everyone involved knows what to do. Make sure to have a plan for how to communicate with customers and partners in the event of a security breach.
Summary
Geopolitical tensions are creating an increasingly challenging landscape for cybersecurity, and Norwegian SMEs must take this seriously. By implementing concrete measures, you can strengthen your digital security and protect your business against the rising threats.
Remember: Cybersecurity is no longer a question of "if," but "when." Are you prepared?
Have a chat with us, and we'll help you get started on strengthening your security!
