Information is a very vulnerable target in digital world - Protection from cyber risk requires education, investment and constant caution

When mid last month, a major hacker attack blocked tens of thousands of computers around the world, many computer users in Serbia asked themselves, instead of how to protect themselves, what was happening at all.

The attack, in a word, was organized through "ransomware", a software that computer criminals use as a digital outburst mechanism. By doing so, they actually block user's system and prevent access to all data until the requested purchase is paid.

Luckily, official data say that there were no WannaCry virus victims in our country, although similar malicious software attacks have been recorded in our country.

According to the data from 2016, attacks are more and more frequent in Serbia, so it was recorded that hackers made a total damage of more than EUR 1 million for 12 months. Therefore, computer users are advised to take care of who they receive e-mails from and to avoid replying without checking them, not to open suspicious files, use antivirus programs, and so on.

Still, criminals are getting more sophisticated so the need to fight them is becoming a system and institutional problem, far exceeding possibilities of individual players.

Therefore, last year, our country adopted the Law on Information Security, which prescribes numerous protective measures and standards that companies, state institutions and all other entities that manage information systems have to apply.

The Ministry of Trade, Tourism and Telecommunication for eKapija says that ICT systems of special importance are defined, as well as measures of protection that they must take in order to prevent security risks, but also in case of an incident.

The Government Body for Coordination of Information Security Activities was also set up as well as several Centers for Prevention of Security Risks in ICT Systems (CERT).

In addition, May 29, the Government adopted the Strategy for the Development of Information Security, which established strategic priorities for development in this area - raising human and technical capacities, continuous training and improvement of employees, raising awareness among citizens, business entities and state authorities, as well as introduction of special programs at universities in the field of information security.

- In order comprehensively examine and resolve information security issue, joint action is necessary, Tatjana Matic, State Secretary at the Ministry of Telecommunications and head of the Information Security Coordination Institution, says.

As an example, she mentions aforementioned "WannaCry" attack, when communication was immediately established between relevant institutions and public recommendations on the protection measures that had to be taken at that moment were issued.

Share Foundation, a non-profit organization for protection of rights and freedoms in digital environment, however, says it is necessary to increase capacities of the Ministry because "monitoring of implementation of laws, and especially inspection supervision, cannot be adequately implemented if there are no suitable resources for that."

- Since most state authorities process, collect and store data on citizens' personalities in digital form, it is necessary to improve information security standards and practices, as well as data protection - Share Foundation says for eKapija.

When asked why domestic companies should protect themselves from online risks, the foundation said the "most important is that security is considered at the level of an organization, as well as at the level of individuals, from employees to directors."

In case of an incident, companies are obliged to report to the Ministry of Trade, Tourism and Telecommunications, to a competent institution for implementation of the law on information security, and in this foundation they state that "companies should not hide that incidents occurred because competent authorities always have more information, thus pooling knowledge about digital risks and reducing risks for new incidents. " In the fight against cyber risk, one of the most important weapons is education. Often, small companies do not have resources to apply the highest standards of protection, and the problem is even greater because even citizens do not have too much knowledge about in online space risks.

The Ministry of Telecommunications says it is necessary to strengthen human and institutional capacities and adds that cooperation with international organizations and civil sector is of key importance.

- I also believe that public-private partnerships will be one of the most successful models for rapid progress in this area, as economic and financial factors and investments in the sphere of information security are major challenges for us as a state - State Secretary Tatjana Matic says.

However, at the end, the biggest responsibility remains on users. Respecting basic rules and standards of information security eliminates a considerable part of threats in digital environment.

It has long been known that information system of an organization is as safe as the least secure computer in the system is safe. That is why, along with continuous education and monitoring of modern trends, readiness for constant investments is also necessary. In short, it's better to prevent it than to treat it.

Milos Vlahovic

Ministarstvo turizma i omladine Republike Srbije

Agencija za privatizaciju Republike Srbije Beograd prestala sa radom 29.01.2016.

sajber bezbednost

bezbednost na internetu

sajber napadi

rizik na internetu

informaciona bezbednost

poslovanje na internetu

Zakon o informacionoj bezbednosti

ransomware

Centar za prevenciju bezbednosnih rizika u IKT sistemima

CERT

Strategija razvoja informacione bezbednosti

Tatjana Matić

Telo za koordinaciju poslova informacione bezbednosti

virus WannaCry

Share fondacija

haker

hakeri

hakerski napadi

Šer fondacija