This blog is an English translation of an article published in Market Connect on October 5, 2023.

Danish Version: Stigende cyberkriminalitet tvinger SMV’erne til at stramme skruen overfor samarbejdspartnere

Hackers are increasingly looking to paralyze hosting providers and data centers, and this should make all the country's SMEs set much stricter requirements for business partners – or risk going home upside down.

According to Dansk Erhverv, there are more than 200,000 small and medium-sized companies in Denmark, and many of these are right in the crosshairs of the many cybercriminals who are attacking Danish companies from right and left these years.

Last month, for example, the Danish hosting company Azerocloud was shut down by a ransomware attack that caused 4,000 customers to lose all their data, and the hosting company ended up having to shut down. The attack is the latest example of a growing trend which, according to the IT security company Improsec, hits a certain type of company extra hard.

"We are seeing more and more examples of the hackers targeting hosting providers and data centers to shut down. Many small and medium-sized companies have stored their data here, and the SME segment is therefore extra vulnerable to these attacks," says Martin Kofoed, director of Improsec, which is part of itm8.

Major financial consequences

The problem with the many attacks, frankly, on the SMEs is reinforced by the fact that a great many of these neither have the necessary knowledge nor resources to contain the attacks, and therefore cannot make the necessary demands on IT partners, as they do not have sufficient insight into their own threat picture or in relation to, for example, backup and emergency plans.

"If that doesn't happen, you get a fragile solution that hackers can easily compromise. Therefore, it is necessary that everyone from the IT manager to the board of directors prioritizes the threat that exists, and sets stricter requirements accordingly. Otherwise, they risk the worst imaginable consequence; that they have to close the company as a result of a cyber attack," says Martin Kofoed.

If the cybercriminals succeed in their attack, it can turn out to be an expensive pleasure for the affected company. An analysis from Verizon shows that the median price per Ransomware attacks have doubled over the past two years, with 95 percent of cases leading to economic losses of between 1 million and 2.25 million US dollars. In 2023, the number of ransomware attacks has been greater than the previous five years combined.

At the same time, figures from SMVdanmark have shown that a Danish company with 50-99 employees loses almost two million kroner on average in the event of a hacker attack.

The economic crisis is a factor which further increases the threat picture for companies in the SME segment. This is what Jens Myrup, professor of cyber security at the Department of Electronic Systems at Aalborg University, tells us.

"Small and medium-sized companies in many cases do not have the liquidity needed to attract the right skills to handle security procedures and processes. It is an expensive pleasure, and there is no doubt that the economic downturn we have seen in society over the past several months has only exacerbated that trend.”

He also has no doubt that the conditions for SMEs that do not have sufficient control over cyber security will only get worse in the coming years, when, for example, the NIS2 directive comes into force in Denmark from October 2024.

"The directive regulates companies and authorities in the area of ​​cyber and information security within 18 different sectors and supply chains. If you as a company are a sub-supplier to one of these sectors, and you do not meet the necessary safety requirements, there is a very high risk that you will be disqualified as a supplier with large financial losses as a result," says Jens Myrup.