Sicra Header Logo
  • Careers
  • About us
  • People
EnglishNorsk
Talk to us
  1. Knowledge
  2. Insights
  3. Blog
Blog
25.02.2025
min read

Risiko 2025 - Sicra’s summary of NSM’s risk report

The NSM report Risko 2025 provides a comprehensive assessment of the threats to Norway in 2025. Sicra summarizes the key findings of the report.
<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >Risiko 2025 - Sicra’s summary of NSM’s risk report</span>
Sicra_Portrait_Crop_1200x1500px_4808
Oddbjørn SkaugeChief Information Security Officer
Fremoverlent CISO som setter fokus på gode og enkle løsninger for informasjonssikkerhet

Risiko 2025 highlights the most likely threats and vulnerabilities. In the report, NSM provides recommendations on how Norwegian businesses can protect themselves. It emphasizes the importance of implementing preventive measures to ensure national security and continuity of critical services.

Threat assessment for 2025

The report highlights that sabotage attempts in Norway are likely and emphasizes the need for Norwegian businesses to immediately implement preventive measures.

Vulnerabilities and measures

The report describes several vulnerabilities that threat actors can exploit, including mobile phones, modern vehicles, and the use of artificial intelligence. NSM recommends that businesses update their contingency plans, ensure backup solutions, and have good repair preparedness.

Insider threat

The insider threat is real, and several factors related to societal development and changes in security policy conditions have heightened the insider risk in recent years.

Preventive measures

NSM urges businesses to understand the risk, reduce vulnerabilities, and build backup solutions. It is important to have a quick response and recovery in the event of the loss of critical resources such as power, transport, internet, water, and PNT (position, navigation, and timing).

Measures for Businesses:

  • Update Contingency Plans: Ensure that contingency plans reflect the current threat landscape and practice these scenarios. This includes having clear procedures for handling various types of cyberattacks.

  • Implement Backup Solutions: Have alternative solutions ready for critical services such as power, transport, and internet. This ensures that the business can continue to operate even if primary systems are compromised.

  • Strengthen Repair Preparedness: Be prepared for rapid repair and recovery of services in the event of a loss. This may include having agreements with external suppliers who can assist as needed.

  • Reduce Insider Risk: Implement measures to reduce the risk from insiders, including monitoring and training. This may involve conducting background checks, monitoring employee activities, and providing regular training in security procedures.

  • Focus on Facts: Base decisions on facts and data rather than opinions to ensure objectivity and efficiency. This may include using data analysis tools to identify threats and vulnerabilities.

  • Conduct Security Exercises: Regular security exercises can help employees understand how to respond to cyberattacks and other security incidents. This may include simulations of phishing attacks and other types of cyber threats.

  • Use Security Standards: Implement recognized security standards such as ISO 27001 to ensure that the business follows best practices in cybersecurity.

  • Collaborate with Security Partners: Enter into partnerships with external security partners who can offer expertise and support in protecting the business against cyber threats.

By implementing these measures, businesses can better protect themselves against threats and ensure continuity in their operations.

Sicra's view on the report:

NSM's report emphasizes that businesses must be proactive in their approach to security. Reacting only after an incident has occurred is no longer an option – preparedness and prevention must be part of the business's DNA.

Quick response requires monitoring and security partners

When attacks occur, SOC (Security Operations Center) services and quick response are critical. An effective SOC provides continuous monitoring and immediate handling of threats before they escalate. For many businesses, it is not realistic to have a fully-fledged internal team – therefore, a security partner is crucial for ensuring preparedness and resilience.

Phones, SMS, and new attack surfaces

The report shows that mobile phones and SMS have become central attack surfaces. These are often not as protected as PCs and Macs. Phishing no longer only occurs via email – attackers also exploit SMS, phone calls, and messaging apps to deceive employees and managers. Therefore, systems that stop phishing, both on email and mobile, are essential to reduce vulnerabilities. There are several good systems for this on the market.

Compliance alone is not enough – businesses must be proactive

Regulations and compliance set minimum requirements, but those who truly want to protect their values must go beyond just meeting the requirements. Understanding risk and reducing vulnerabilities requires a strategy that continuously strengthens the security level – not just to comply with the law, but to protect the business's operational activities, customers, and reputation. A hired CISO can help put risk on the roadmap.

Build a security culture

To stay ahead of the threats described by NSM, businesses must:

✅ Implement systems that stop phishing on both email and phone.

✅ Have a contingency plan with a security partner who can assist in serious incidents.

✅ Monitor and respond quickly to attacks with an SOC or equivalent solution.

✅ Build a security culture where employees understand the risk and act correctly.

Those who act now will be stronger in the face of an increasingly demanding threat reality. Security is not a project – it is a continuous investment in the business's future.

Read the entire rapport on NSMs site her (Norwegian Only > 

Compliance alone is not enough – businesses must be proactive.
CISO at Sicra
Oddbjørn Skauge

Explore more

What does a cyberattack cost, and what does it cost to be prepared?
Blog

What does a cyberattack cost, and what does it cost to be prepared?

Learn more about cost versus benefit in cybersecurity.
Cyber insurance or warranty – Which delivers better cybersecurity?
Blog

Cyber insurance or warranty – Which delivers better cybersecurity?

From cyber insurance to warranties – which secures your business best?
Cybersecurity as a competitive advantage – trust as a strategic investment
Blog

Cybersecurity as a competitive advantage – trust as a strategic investment

Security that provides trust – and a competitive advantage.
Security training for employees: Building real awareness
Blog

Security training for employees: Building real awareness

Safety training is effective when it is realistic, customized, and continuous.

Tailored cybersecurity for institutions and enterprises that allows for innovation, growth, and fearless performance.

Get in touchCall us +47 648 08 488
Stay updated
Receive the latest news

Links
SustainabilityFAQPartnersCertifications and awardsCareerPress & brand
Contact

Tel: +47 648 08 488
E-mail: firmapost@sicra.no

Tollbugata 8, 0152 Oslo. Norway

Follow us on LinkedIn
Certifications
iso27001-white
ISO 27001 compliance
miljofyrtarnlogo-hvit-rgb
Eco-Lighthouse
Sicra Footer Logo
Sicra © 2024
Privacy Policy