A good crisis should not be wasted is a saying often used in Estonia that has taken on a life of its own as advice that is followed very often.
The world’s first cyber war of 2007 gave this small Nordic country of only 1.3 million residents the experience necessary to rise to the top of the cybersecurity world in both the private and the public sector.
Beginning in April 2007 and lasting a little over two weeks, the cyber-attacks on Estonian public authorities and companies were launched. They were later called “incredibly complex” by experts and the media, including the Economist. This was the breaking point. Estonia gained several benefits, not only in experience through fending off cyber-attacks but also in reputation – Estonia became one of the flagship countries of cybersecurity. Thus, began the rise of its cybersecurity giants.
Marily Hendrikson, Cyber Security Project Lead at Startup Estonia – or one of the peopl responsible for building the cybersecurity startup ecosystem in Estonia – says that it is experience which gives Estonians an edge in this field. After the first cyber war, things started to develop very quickly. A year later, the NATO Cooperative Cyber Defence Centre of Excellence opened its doors in the capital city of Tallinn and a year after that, the joint cybersecurity master’s curriculum was launched at Tallinn University of Technology and University of Tartu.
However, this is not the only event that has spurred the growth of the field of cybersecurity and Estonian cybersecurity startups. According to Hendrikson, it is the local mentality and culture that spur the growth and success of companies. In other words, the mentality of being ready for crises and acknowledging that you cannot expect someone else to save the day for you. You must take responsibility yourself.
Despite this, a wide-spread community network is also important to maintain, says Hendrikson, as this helps find solutions to problems and find support during rough times. The entirety of Estonian national defence hinges on a widespread effort across the whole society. This means that defending the country is not only on the shoulders of the military, but also on all public authorities and the society as a whole. A good feeling of teamwork also helps to accelerate the development of the Estonian cybersecurity sector.
The rise of startups
Today, there are 55 cybersecurity startups in Estonia. This means that there are more than five of them per 100,000 citizens. According to Hendrikson, the two most prominent specialisations are identity management related solutions, security and cybersecurity training.
Both make sense. The first because Estonia is the only country in the world to have held electronic elections for the past ten years. It is difficult but not impossible to set the cybersecurity bar higher. Of course, there are also the numerous public services which all function electronically and require security as well as the numerous daily problems that must be addressed in regard to these services.
The second aspect is important because although Estonia is the flagship of cybersecurity and holds NATO drills, among others, this does not diminish the need for training and training grounds such as a unique international cyber defence exercise Locked Shields.
One of the more impressive examples is one of the Estonian soon-to-be unicorns Veriff, which helps companies and organisations verify the identity of people at a distance using smart, precise and automated online solutions for confirming identity. Founded in 2015, Veriff’s decision-making system analyses thousands of technological and behavioural patterns in seconds. The company’s technology can identify over 9,000 personal identification documents from over 190 countries.
Another example is RangeForce, which offers a uniquely integrated cybersecurity simulation that helps with skills analysis and development, thus helping with the practical training of cybersecurity. Cybersecurity and IT specialists from a variety of fields utilise RangeForce to train new employees and CyberSiege simulations to assess the skills of new teams. Founded in 2014, the company’s platform is able to show the user their shortcomings in expert knowledge and offer the necessary training to fill those gaps.
It is also telling that the message of cybersecurity is spread by Estonian celebrities. Karl-Erik Taukar, a famous Estonian singer and songwriter and a finalist on one of the seasons of Estonian Idol is working closely with cybersecurity company Cybexer Technologies. They organise international and local competitions in ‘capture the flag’ format. Their goal is to inform the new generation about cybersecurity topics as early as possible so that more young talent can be found. The game-like format is enticing to the participants as well as very educational for the short time that it runs.
Favoured by investors
Estonia is not only a land for startups, but also a place where entrepreneurs want to come to test their ideas and grow their businesses. One of these companies that has taken root in Estonia is the billion-dollar Symantec Corporation, which has a spin-off CyberCube located in Estonia, focusing on cybersecurity and safety, as well as Malwarebytes that has a subsidiary in Estonia, grown to over 80 employees in size.
There are lots of Estonian-founded cybersecurity companies that are gone global starting from Estonia. One of them is Guardtime, the world’s largest Blockchain company, that trusts Estonia to provide it with cryptographers, developers, and security architects. The other is Cybernetica, a research and development intensive ICT company that develops and sells mission-critical software systems and products, maritime surveillance and radio communications solutions. Cybernetica has been an active counterpart in developing critical e-Government systems, such as the Estonian X-Road, i-Voting, e-Customs and others. Today Cybernetica delivers its systems to across 35 countries in the world.
Foreign investors, says Hendrikson, are lately most interested in cloud services. Data are being stored in the cloud at unprecedented rates and the safe storage and use of this data is a field that cannot be overestimated and that is becoming important to small companies as well as large corporations.
BotGuard, a startup created in Estonia in 2019, offers a convenient solution for smaller businesses by creating a cloud-based solution where bot-detection software is always running silently in the background without forcing an honest end-user to perform any annoying checks.
“BotGuard gives small and medium-sized businesses an opportunity to protect themselves from malicious bots for as little as a few euros per month depending on the traffic on the webpage,” says BotGuard’s founder Nikita Rosenberg.
Just as important is that companies avoid mistakes while building their systems. This, too, is something addressed in the Estonian startup market. Dashbird, founded in 2017, is developing failure search and monitoring systems for server-free software systems such as Amazon Web Services so that companies utilising cloud services can keep an eye on their solutions. “Our platform allows for organisations to raise the quality of their service and security and cut down on development and optimisation costs,” says one of the founders, Taavi Rehemägi.
This is only a small part of everything Estonia has to offer. Come and see for yourself. Seeing is believing.