By Elisavet Goutman October 10, 2023
Lessons learnt from cyber-attacks on Greek municipalities
Just how hard is to describe the importance of a service whose value the customers cannot quite comprehend or quantify in order to invest in it in the Greek public sector?
If one had to answer this question, he would have to give many answers, depending on various factors. It is incredibly difficult for an organisation to fully comprehend the need and the importance of cybersecurity service or product when he hasn’t been exposed or harmed by a cyber-attack. It is even harder, when the organisation lacks the necessary funds, or has other priorities to address. In some cases, one needs to give specific examples of the danger and the prevention procedure or restoring. An issue that has arisen and has been widely discussed lately is a cyber-attack in the City Hall infrastructure of Thessaloniki, Greece. That has been a wake-up call for many Municipalities, but majorly the big ones.
However, there was a major destruction in a smaller Greek city, the city of Servia, in 2nd October 2022. There was a massive fire in the computer room, which was utterly destroyed, along with its equipment. This incident stirred the rest of the municipalities with similar infrastructure. But on hearing that within 2.5 working hours the next day all the digital infrastructures functioned like they did before the fire, a surprise was followed by a reflection as to the readiness and security of their own organisation.
Throughout Greece you can find organisations that keep computer rooms unlocked, with the level of security, if any at all, at a minimum level. When visiting Greek municipalities we have witnessed all kinds of infrastructure lacking proper security.
Having said that, we have to acknowledge that there has been a notable switch lately. People in decision- making posts have started to ask for effective techniques for protecting their digital infrastructures. Back-up copies, local files management, active directory, access control for internal and external users, e-mail protection, control and limitation of file copies, malware protection systems, replacement of old equipment with new systems and office applications with legal licenses and many more are issues of interest to them.
Finally, it should be mentioned that the difficult thing in the communication of the cyber-security issues is to address the issue in the first place. Upon informing those in charge with the right data and examples, a fruitful conversation usually takes place, setting the foundation for a collaboration on the aforementioned field. It still remains difficult though for them to weigh the benefits with the investment. Usually what we come across is them trying to build their own protection fence and ask of us our suggestion on the matter.
So if we had to put the situation in the Greek municipalities and public organisations in general in a nutshell, we could argue that further awareness in many levels is required for the cyber security.