Helen Evert, Practice Leader at GrECo Estonia, shares insights about the pitfalls of cyber-attacks and how the small nation of Estonia successfully steels itself against attacks.  

In April 2007, the government of Estonia relocated the bronze soldier statue of Tallin, a Soviet-era monument. After two long nights of riots and lootings, the first state-sponsored cyber-attack against the websites of Estonian organizations took place. Targets included the parliament, banks, ministries, newspapers, and broadcasting corporations.

On 24th February 2022, Russia invaded Ukraine. Yet, Russian cyber-attacks against Ukrainian organisations and companies started much earlier. They increased ever since the illegal annexation of Crimea in 2014.
It, therefore, comes as no surprise that Estonian public institutions and its private sector once became the targets of extensive cyber-attacks in August 2022 after another war monument from the Soviet era – a T-34 tank – was removed from the border city of Narva. Except in a few cases, most websites though remained up and running after the attack and only some private media companies were temporarily offline.

Why are companies being targeted?

State-sponsored cyber-attacks usually have three goals – exploiting infrastructure weaknesses, gathering information or skimming off money to recover losses from sanctions. Such attacks are politically motivated, the targets can be identified at first sight, and they may change over time.

Companies have become favourite targets of such cyberwar attacks. Directly attacking a government or military system is far more complex and requires the attacker to use more resources. Companies are often less protected and provide hackers with an easy entry point into a country.

State-sponsored hackers often wait a long time undetected in corporate systems. This makes it difficult to manage the threat they pose. Removing it is an even bigger challenge. Once companies have been hit, they often require technical assistance from experts or national safety authorities.

Attackers like to focus on public service providers, supply infrastructure and infrastructure companies where they can cause a significant disruption by taking the target offline (gas, electricity, water, telecommunication, IT technology and Internet, the medical sector, transport, waste management, educational institutions).
Local government agencies, valuable brands and brand-name companies as well as those with sensitive data or high asset values in intellectual property are also preferred targets.

Cyber-attacks are on the rise

In the future, wars will become more frequent, more physical, and more high-tech. Everything can be used as a weapon – spreading false information, causing a stock market crash, diminishing currency credibility, launching and conducting a smear campaign or organizing a cyber-attack.

State-sponsored attacks can be anything, from simple DDoS attacks to massive disruptions of supply chains.
In 2021, the group behind the SolarWinds Hack, known as Nobelium and linked to the Russian foreign intelligence service SVR, targeted about 140 organisations, each an integral part of the global IT supply chain.

According to Microsoft experts, the actions taken by Nobelium support the notion that Russia tries to gain long-term, systematic access to numerous points along the technology supply chain to install a surveillance mechanism and monitor targets – now or in the future – that could be of interest to the Russian government. Furthermore, state-sponsored hacker groups have devoted themselves to cybercrime, using cyber-attacks as a good and relatively risk-free source of income once they have stolen sensitive data from their victims.

Why did the Russian cyber-attacks have hardly any effect on Estonia?

In Europe, Estonia has become a front-runner in digitization. The country has even been nicknamed “e-Estonia”. There are good reasons why the recent cyber-attacks seemed to have gone unnoticed and were largely ineffective. Apart from a few short and insignificant exceptions, websites remained up and running the entire day. The attack did not result in substantial losses, nor did it cause any inconveniences in the provision of national digital service.

Besides, the massive attacks back in 2007 showed Estonians just how important cyber security is. Being a neighbour to a hostile country, comprehensive surveillance and defence mechanisms against all kinds of attacks, whether physical or in cyberspace, has become essential.

During the last couple of years, cyber-attacks launched at public institutions and media companies in Estonia were the order of the day. After Russia attacked Ukraine on 24th February 2022, Estonian state-owned enterprises and private companies registered a significant rise in (attempted) attacks. Hence, IT security is on top of the country’s agenda and increased investments in cyber security on part of the government have thus done much to minimize the impact of cyber-attacks.

RIA is the national IT authority responsible for cyber security. Some 1,000 state employees protect Estonian cyberspace. They are backed by a highly developed IT system that automatically fends off intruders. Highly motivated computer scientists who would support their country in the event of an emergency and ensure up-to-date expertise act as a volunteer IT fire department.

Estonia aims to retain its lead in cyber security. In doing so, the country received support from NATO which operates a cyber defence centre in Tallinn. Simulated cyber-attacks are in the pipeline for training purposes.
Companies managing and operating critical infrastructure are also obliged to continuously improve their cyber protection by implementing best practices.

Cyberwar should not be taken lightly. Who will be the next target?

Cyber-attacks are part of an information war and are often used as a reaction to the political decisions made by a government. Cyber-attacks on key trade routes between Europe and Asia, in regions of armed conflicts or those against strategic targets, have spiked during the last few years. It is often hard to predict which targets are next on the list of cyber-warriors. However, it is safe to say that state-organised attacks, preying on political instability or a social divide, are set to increase.

Given their geopolitical situation, the Baltic States are constantly threatened by cyber-attacks. The same thought applies to allies and countries that express negative views about Russia, its allies, and the ongoing war.

Helen Evert

Practice Leader Liability & Financial Lines – Estonia

T +372 5824 3096

Related Insights