By Adamantios Koumpis September 1, 2022
Last week, another attack against the UK’s National Health Service: this time the target was the NHS 111, a hot line helps people get the right advice and treatment when they urgently need it. So it is not about cinema ticket reservations or something else that one would consider as less important, less critical or less urgent.
So these are not exceptions at all – there is a new pattern, a new reality that we may not afford to ignore anymore: professional hacker attacks, some of them of small-scale, some others of larger, and more ‘professional’ type paralyse the systems of regional government and administrations, bringing critical processes to standstill. Whatever the background, either criminal or political or some ‘mixed’ form of both (for example, in the case of Carinthia, they faced an attack organised and orchestrated by the Russian criminal Black Cat gang, that asked for a ransom of millions of dollars), crimes in the digital space cause serious problems and huge amounts of money that cannot be ignored.
The worst part is that administrations and governments at all levels: central, regional and local ones, cannot pretend they haven’t been warned! It was only few weeks after the outbreak of the Corona pandemic in 2020 that the United Nations warned about the rapid increase in cybercrime. The reason for this was that organisations sent their employees to the home office from one day to the next and were thus exposed to all risks and threats that were till that point only ‘in theory’ apparent to them. So, same as in tango, here there were again two parts that were engaged: on the one side there were the hacker groups that identified public institutions as an ‘easy prey’, and on the other side there were the public organisations that preferred to let the opportunity of increasing their competence levels and sometimes even their very basic literacy on cyber security issues unexploited.
One good reason, especially for local and regional admininstrations is that they consider that in case of some serious problem, they will be supported or ‘saved’ by some higher instance like the police or the central government itself.
The offering of CS-AWARE Corporation to all public organisations builds on the awareness, cybersecurity information sharing, and system self-healing capabilities of the CS-AWARE platform. Currently, and as part of our new Horizon Europe project we also work on the integration of advanced capabilities that will enable organizations to be much more effective and efficient in their use of the CS-AWARE platform for supporting their day-to-day cyber security risk and incident management operations.
The only thing we are still unable to do is to warn for the obvious: how important it is that public organisations integrate cyber security into their core agendas and stop ignoring this or, in some cases, treat it as something ‘good to have’ but not core-centred. John Lennon had expressed this in a very nice way: living is easy with eyes closed!