Sharing as a Shield: How Nordic Banks Collaborate to Thwart the Next Big Cyberattack

Despite being fierce competitors in the market, Nordic banks aren’t afraid to share sensitive intelligence to bolster their collective defences against today’s fast-evolving cyber threats.

"If cybercriminals cooperate on how to exploit Nordic financial institutions, then we need to cooperate on how to protect ourselves,” says Anders Hardangen, Chief Information Security Officer (CISO) with Norway’s DNB bank.

On an otherwise mundane Friday morning earlier this year, Anders Hardangen felt his phone vibrate.

He was in between management meetings at DNB’s headquarters in Oslo and after a quick look at his phone, he knew he needed to answer.

The call came from NFCERT, a tight network of Nordic financial institutions that serves as a de facto cyber intelligence agency. Hardangen learned of an ongoing cyber attack against a peer institution.

Back at his desk, Hardangen connected DNB’s cyber defence centre to the intelligence analysts at NFCERT who were already aiding the other institution's investigation.

The threat actor, a known network targeting northern European financial institutions, appeared to be attempting to breach DNB.

A Decade of Collective Defence

Thanks to the real-time information sharing between financial institutions facilitated by NFCERT, DNB’s cyber defences were able to thwart the attack.

Hardangen and his team were also able to gain valuable intelligence about the threat they were up against.

“It’s a huge benefit to have NFCERT as a neutral place to share information about threats, attacks, tactics, as well as methods to prevent and reduce the damage from cyber attacks,” he explains.

The incident was hardly unique, adds Hardangen. DNB and other banks in the Nordics routinely face thousands of attempted cyber attacks as a part of their day-to-day operations.

The growing risk from cyber-attacks was one of the reasons why DNB banded together with fellow Nordic financial institutions Danske Bank and Nordea to form NFCERT back in 2017.

The move expanded and exported a successful model pioneered five years earlier by Norway’s banking association, Finans Norge.

“The Norwegian financial sector wanted to join forces to share information about cyber attacks and combat fraud,” says Hardangen, who has managed DNB’s Cyber Defence Center since 2011 and assumed the role of Director of Group Security in 2020.

The Power of Information Sharing

NFCERT was founded on the firm belief among its members that pooling resources and information empowers financial institutions’ ability to effectively protect themselves and their customers from cyber threats.

Central to its mission is facilitating information sharing among member institutions, including banks, insurance providers, and other public and private stakeholders in the Nordic financial system.

“You have to build the right defence for the right threat, and understanding the environment is important,” Hardangen explains.

“By learning from each other, we spend our time wisely and reduce risk.”

From fraud data and proven defence tactics to insights on threat detection and the latest tracking technology, NFCERT members share a range of information.

NFCERT also provides several platforms and channels to ensure members get the information they need, from real-time updates to regular member meetings and special task forces.

By collecting and analysing threat data from its members, NFCERT enables financial institutions to respond more effectively to attacks. This collective intelligence serves as a “shield” that protects all members, regardless of size.

“Sharing information about an attack on one member with the rest of the network means NFCERT can help prevent a threat actor from harming the next financial institution,” he adds.

A Unique Approach to Cyber Defence

Hardangen believes the culture of collaboration that exists in the Nordics contributes to NFCERT’s success. The trust shared among financial institutions has fostered a unique environment for cooperation.

“The Nordic culture of openness and sharing makes it work. NFCERT formalises this, making it more effective and transparent,” he says.

Through NFCERT, institutions of all sizes contribute their expertise and insights, despite being competitors in the marketplace. While smaller banks may excel at identifying specific threats, larger banks like DNB can expand and amplify those findings.

“Tracking fraudsters is sometimes easier for smaller institutions, but once the threat is identified, larger banks like DNB have the resources to take it further,” Hardangen explains.

The threat landscape for financial institutions is more complex than ever, with politically motivated attackers joining traditional cybercriminals.

"State-sponsored attackers are becoming an even larger risk,” says Hardangen.

A Collective Cyber Defence for the Future

As the cyber threat landscape continues to evolve, NFCERT remains a crucial force multiplier for defending the Nordic financial sector.

By sharing information and pooling resources, the organization strengthens the resilience of its members and ensures they stay ahead of emerging threats.

“We all want to be resilient toward threats and ensure that criminals don’t win,” he says.

“NFCERT makes us all stronger by helping us work together, which helps us stay a step ahead of the attackers.”