National public lists on cybersecurity hygiene
The growing importance of measuring cybersecurity hygiene
Higher cyber hygiene of organisations in the country leads to higher cyber resilience, as it becomes more difficult to exploit vulnerabilities or misconfigurations. At the same time, the basics of cybersecurity are becoming increasingly complex and require expert-level knowledge to properly configure IT systems.
The national level of cybersecurity is measured by national cybersecurity centres and specialist companies, such as third-party risk analysts like Bitsight, Security Scorecard and similar organisations that scan the internet – shodan.io, Microsoft, Google. However, none of these organisations provide easily accessible and free real-time data about the country.
Alternative provider
The good news is that there is an alternative solution provider – a small, reputable UK company www.hardenize.com, which is currently being used by 3 countries in Northern Europe: Lithuania, Estonia and Sweden (all North European Cybersecurity Cluster (NECC) members). Hardenize aims to maintain and publish national dashboards of cybersecurity hygiene of organisations in different sectors. Monitoring is performed daily, analysing all publicly visible configurations of websites and email systems.
- Lithuania’s dashboard is accessible at https://www.hardenize.com/dashboards/lithuania-dashboard/ and is maintained by Infobalt, DigiTech sector association in Lithuania (author, board member of NECC, is the main maintainer).
- Estonia’s dashboard can be accessed at https://www.hardenize.com/dashboards/ee-tld/ and is maintained by the Estonian Internet Foundation.
- Sweden’s dashboard can be found at https://www.hardenize.com/dashboards/sweden-health-status/ and is maintained by The Internet Foundation in Sweden.
Cybersecurity hygiene in Lithuania, Estonia and Sweden
The number of sectors and organisations currently monitored in these countries is as follows:
- Lithuania: 1014 hosts, 1799 TLS certificates, 2668 IP addresses, all divided into 24 sectors.
- Estonia: 1230 hosts, 2768 TLS certificates, 1671 IP addresses, all divided into 23 sectors.
- Sweden: 1482 hosts, 2402 TLS certificates, 3827 IP addresses, all spread over 11 sectors.
Overall, the level of the cyber baseline for the organisations listed is as follows:
-
Lithuania:
Summary at the end of August 2023:
Which is a substantial improvement compared to April 2023:
-
Estonia:
Summary at the end of August 2023:
Which is a substantial improvement compared to April 2023:
-
Sweden:
Summary at the end of August 2023:
Which is a substantial improvement compared to April 2023:
Great aspirations lead to high standards
“What you can’t see, you can’t measure” – was one of the main reasons for Lithuania to create such a dashboard. Lithuania, with its vision to become a prominent high-tech country, needs strong cyber resilience – which requires different methods and standards for cybersecurity approach.
This Hardenize dashboard provides all listed organisations with detailed diagnostics and guidance on how to remediate misconfigurations for administrators and external contractors. In addition, such dashboards provide social pressure on the top executives of the monitored organisations to bring the public cyber facade of their organisations up to the expected cybersecurity baseline – proving their “do care” practices.
You can find the original post by Dr. Vilius Benetis on Linkedin: https://www.linkedin.com/pulse/national-public-lists-cybersecurity-hygiene-vilius-benetis/
Other interesting facts and findings
What impact might NIS2 have on Africa?
What impact might NIS2 have on South America?
How Lithuania stepped up its game with the NIS2 directive
Security automation: from idea to tool
SOCcare May 2025 Malpeek: Analysis of a "copyright infringement" malware
NRD Cyber Security recorded strong growth and international expansion in 2024
Building awareness is a continuous effort
