Lessons from Denmark: Why knowledge sharing is the most important weapon against cyber threats

A majority of business and cybersecurity leaders believe that the current geopolitical instability is likely to lead to a catastrophic cyber event in the next two years.

In fact, a recent report from Check Point Software Technologies found that cyber attacks increased 38% globally in 2022 on the year before. So it’s no surprise that cybersecurity was top of mind at a recent gathering of government, business and technology leaders in Copenhagen, Denmark.

Held in the Danish Parliament’s historic Christiansborg Palace in the heart of Copenhagen, the event fostered a lively debate among the speakers and participants from the private and public sectors. Denmark's first Minister for Digitalization, Marie Bjerre, shared exclusive insight into the role of the newly-established Danish Ministry of Digital Government and Gender Equality and how it will work with cybersecurity in the future.

As one of the world’s most digitalized countries, data security and privacy are of the utmost importance in the Scandinavian country. So as Bjerre explained, the ministry will have a coordinating role with the other Danish ministries when it comes to digitalization and IT security.

Coordination was a common topic that was brought up during the event, which highlighted the need for all IT security professionals, policymakers and legislators to sit down together and gain insights into each other's work and challenges in order to tackle cyber criminals.

The conference had three key takeaways that are beneficial for all companies to adhere to – even beyond Europe.

While there are many IT events and gatherings across the European continent, there is often a reticence to candidly share the challenges security professionals face and the lessons learned from cyber attacks. But without open dialogue, we are not able to truly learn from each other’s mistakes and successes.

Almost everyone attending agreed that as a cybersecurity community, there is a need for better transparency and knowledge sharing. This is a paradox, as countries, companies and organizations across the globe are being hit by more cyber attacks than ever before.

In fact, one in 31 organizations worldwide experienced a ransomware attack in 2022. And yet, in general, there is not enough open sharing of best practices and lessons learned after an attack.

Several of the participants at the conference felt that there is an urgent need for better coordination and knowledge sharing between Danish companies, organizations and government institutions.

And several speakers also believed that the governmental organizations who are focused on IT security in society must be better at communicating more openly about the cyber threats that companies and organizations face.

One idea could be to look at the US cybersecurity strategy where there is better information sharing between public authorities and the private sector. Cyber criminals share knowledge and tools on the dark web – in order to best them, we must also come together for open dialogue without shame.

Danish companies are very aware of the new Network and Information Security Directive 2 (NIS 2.0), perhaps more so than other countries.

Unlike the revised General Data Protection Regulation (GDPR), which protects citizens' personal data, NIS 2.0 is intended to protect economic data – data that is of importance to companies and the economy of European Union member states.

The new directive requires member states to implement national cybersecurity strategies and national legislation that includes risk management and reporting requirements for companies covered by NIS 2.0, as well as a single national contact point that handles NIS 2.0 issues.

There was some fear among Danish companies about implementing NIS 2.0. The traces of GDPR are scary, and they are afraid that NIS 2.02 will be a gigantic task that they can't handle. They are also worried that the directive will not have the desired effect.

However, coming out of the conference, it was clear that organizations should not fear NIS 2.0. Right now, it may look unmanageable, but all the speakers at the conference believed that it will become the backbone of security in companies and organizations that work directly or indirectly with critical infrastructure.

Companies covered by NIS 2.0 are often large and influential. And since many companies will also be affected by the directive because they are, for example, suppliers to a covered company, NIS 2.0 has the potential to create a trickle-down effect. This means that NIS 2.0 will be a lever for better IT security throughout society.

The final takeaway from the cybersecurity conference in Copenhagen is the need to consolidate IT security solutions. Throughout conversations at the event, the topic quickly turned to how companies and organizations can better navigate a complex and ever-growing cyber threat landscape.

Complexity is directly related to the number of different IT security solutions companies use today. Several studies, including one from Dell Technologies, show that the cost of a cyber attack is significantly higher if you use more than one IT security vendor.

A report from IBM found that one third of global organizations surveyed deploy more than 50 tools and technologies for security. By consolidating security solutions, organizations can become more efficient and achieve a much higher level of IT security. Furthermore, consolidation will reduce the need and cost of IT security staff and free up time for current IT professionals to innovate.

Denmark may be a small nation, but as a digital-first country, there is much for others to learn from them about building cyber resilience. It boils down to: share, prepare and simplify.

By establishing a culture of open dialogue between companies, governments and cyber, we can learn from each other’s missteps and better protect our data and digital platforms.

Next, now is the time to prepare for NIS 2.0, which also includes an element of knowledge sharing. Finally, simplifying the growing threat landscape is possible by consolidating IT solutions.

This will both ease the burden on IT teams and help them be more efficient with their time.