Is your company a target? The answer is always yes

At Sicra, we often meet organizations that wonder whether they’re truly interesting to hackers. Many think “it won’t happen to us,” or that the threat landscape mainly applies to banks and finance. Our experience shows the opposite.

Today, there are few industries that can claim to be completely outside the risk zone. Hackers are after more than money. They look for data, influence, symbolic value, or a shortcut further into value chains.

That’s why every organization — from municipalities and small businesses to healthcare institutions and industrial companies — should ask itself: What do we have that might be valuable to an attacker?

Financial gain: the classic motivation

It’s no surprise that money remains the main driver. Whether through ransomware that locks your systems or the theft of valuable data that can be sold onward, financial gain is often at the core of an attack.

The financial sector has long been familiar with this pressure. Major banks like DNB have experienced targeted DDoS attacks aiming to disrupt their services and damage customer trust. But economically motivated attacks don’t stop with banks.

Small and medium-sized enterprises with weaker security have become attractive targets, because attackers know it’s easier to demand ransom here — and the likelihood of payment is higher.

Critical infrastructure: when the target is society itself

Sometimes, money isn’t the goal at all — the goal is to disrupt essential societal functions. Energy, water, and other critical infrastructure are particularly exposed.

The 2019 cyberattack on Hydro is a clear example of how severe the consequences can be. Production was affected across continents, and the company incurred costs amounting to hundreds of millions.

Several Norwegian municipalities have also reported attempted breaches in systems controlling their water supply. These incidents clearly show that attackers aren’t just testing defenses — they’re putting preparedness, safety, and public trust at risk.

In April 2025, a cyberattack targeted the dam facility at Risevatnet in Bremanger municipality. The attackers exploited a control system protected by a weak password, allowing them to remotely open a floodgate. This caused the dam to release around 500 liters of water per second for four hours before the intrusion was detected and stopped. No injuries or physical damage were reported, but the incident exposed a serious vulnerability: access to critical infrastructure with minimal technical barriers.

Health and life: data that should never fall into the wrong hands

The healthcare sector holds some of the most sensitive data that exist. Medical records, test results, and personal information have enormous value on the black market.

For attackers, this is a sector with double potential — either profiting directly from data theft or extorting institutions by threatening to halt patient care.

In early 2023, the Russian hacker group Killnet threatened several Norwegian hospitals, including Ahus and Sykehuset Innlandet, with DDoS attacks against their public websites. The situation was quickly handled, but it illustrates just how vulnerable healthcare communication and information services can be.

Municipalities and the public sector

Public institutions in Norway manage vast amounts of information, from building permit data to highly sensitive citizen information. In addition, many municipalities operate critical services such as education, child welfare, and technical infrastructure.

Attackers often look for weaknesses caused by limited resources and lack of expertise. Municipal IT systems tend to be complex, with many integrations — creating multiple entry points.

When Østre Toten municipality was hit by a ransomware attack in 2021, large parts of its digital infrastructure were crippled. The incident clearly showed how a single attack can affect thousands of residents, and how attractive the public sector can be for attackers seeking either quick profit or maximum disruption.

Law firms – small, but with key information

Law firms and professional service providers are also frequent targets. Not because the attackers are directly interested in them, but because they hold highly sensitive information about larger clients.

The 2016 Panama Papers scandal is a clear international example: the Panamanian law firm Mossack Fonseca suffered a massive data breach, with 11.5 million documents leaked to the press. The leak exposed financial activities and offshore structures involving politicians, celebrities, and billionaires.

The firm claimed that the incident wasn’t an insider leak but the result of an external cyberattack on their servers. This case shows how one small firm in a value chain — in this case a law office — can open the door to data that impacts far larger entities.

When damage is the goal itself

Finally, there are the most unpredictable actors — those who don’t attack for money, but to demonstrate power or erode trust. This is especially common among state-sponsored actors and their affiliates.

When the Norwegian Parliament (Stortinget) was subjected to a serious cyberattack in 2020, the goal wasn’t money or ransom. The intent was to create uncertainty, expose weaknesses, and show that Norway is also part of the geopolitical game. This type of attack reminds us that cybersecurity isn’t only about technology — it’s also about national security.

The hidden risk: when small businesses become the gateway to the big ones

Smaller companies can also be attractive targets because they often play a role in larger value chains. A small IT supplier, accountant, or consultant may have access to the systems or data of major organizations — making them the weak link attackers can exploit. Supply chain attacks have become an increasingly common strategy because it’s often easier to compromise a subcontractor than to go directly after a large bank, industrial corporation, or government agency.

Internationally, we’ve seen major incidents like the SolarWinds attack in 2020 and the Target breach in 2013, where attackers used smaller partners as entry points to reach larger victims. Norwegian authorities also warn about this type of vulnerability, as small and medium-sized businesses often don’t have the same level of security as their biggest clients. For an attacker, the strategy is simple: find the door that’s left slightly open — and use it to access the entire building.

Because you’re on the internet, you’re a target

As long as your organization is connected to the internet, you are, by definition, a target. Attackers and automated botnets constantly scan the web for open ports, vulnerable services, and weak passwords. It doesn’t matter if you run a small business or a large organization — if your systems respond, someone will eventually try to break in.

These attacks are often not targeted but opportunistic. That’s why it’s essential to maintain good basic security hygiene: update systems, harden configurations, and limit what’s exposed to the internet.

Conclusion: no one can say “this doesn’t apply to us”

Whether it’s about money, data, influence, or symbolism — every organization has something of value to an attacker. For small businesses, it might be a way into larger value chains. For municipalities, it’s citizens’ data. For healthcare, it’s life-critical information. And for state actors, it’s the stability of society itself.

At Sicra, we understand that this can feel overwhelming. But awareness is the first step. It doesn’t mean everyone must become cybersecurity experts — only that everyone must recognize they have something worth protecting. When you, as a leader or decision-maker, understand why your organization is interesting to an attacker, you’re far better equipped to defend it.