Hacker attacks happen everywhere, regardless of the sophistication of the protection system. In the cyber world, there is no such thing as a perfect protection, nor a perfect crime!

Ljubica Pendaroska

At the outset, it would be correct to acknowledge: the criminal mind of hackers is almost always a step ahead of the ‘institutional mind’. As seen through global glasses, hacker attacks happen everywhere, regardless of the sophistication of the protection system. In the cyber world, there is no such thing as a perfect protection, nor a perfect crime!

According to the National Cyber Security Index, which, among other things, measures the level of readiness to fight cyber-attacks, in 2021 Macedonia was positioned at 53rd place, which indicates progress over the years.

But we must not turn a blind eye to the frequent hacker attacks on state institutions, and it is particularly alarming that some ministries are the target of subsequent attacks.

Several segments reflect institutional cyber resilience: readiness to prevent a cyber-attack, readiness to manage an incident that has already occurred, duration of ‘system outage’, and adequacy of response.

If “proper diagnosis is half the cure”, the question arises, what are the key factors that make a cyber system resilient to attack? Or, if and where do the information systems of the Macedonian institutions “fail”? What have we learned from previous attacks?

Successful systems imply the implementation of a high degree of multi-layered protection, knowing that through an attack of only one level it is almost impossible to put the system out of order. This will make the work of hackers more difficult, and the protection of information and personal data of citizens will increase.

In the fast-paced cyber world, it is unacceptable for an institution’s website to be hosted on an outdated platform that does not support upgrades. It is irresponsible to skimp, both financially and in human potential. It is imperative that institutions hire the best experts, which actualizes the dilemma of how these people would be paid as part of the state administration, considering that computer experts are among the highest paid globally!

There is also the ‘tickling’ question of who maintains the websites and whether that body or company has adequate capacity, knowing that it is the current maintenance and the host of the server that are directly responsible for the security measures to prevent hacker attacks.

The state is obliged to choose the most successful model for cyber security of the institutions, according to the mold of its needs and capabilities, either through centralized state bodies for that purpose, or through a combined model of partly ensured security through internal forces, and partly through ‘outsourcing’.

Worldwide examples indicate a segmented infrastructure on which the institution’s website is hosted, or, simply put, it is in multiple physical locations. In the event of an attack, the system can return to operational state more easily and quickly.

In the series of questions, I note:

A big problem is the duration of non-functionality of the pages, which is too long. The investigations also stall, often without resolution, so they also take too long. The consequences are not measured in numbers, and distrust in institutions is growing.

A centralized body for cyber security has certain positives, because it provides horizontal connection, communication and exchange of information between state institutions, a uniform protection system and the possibility of a simultaneous reaction. This potentially increases and accelerates services to citizens.

Is one of the ‘cures’ to build unified websites of state institutions with modern security protection against hacker attacks?

Have we learned anything and who is responsible?

 

Ljubica Pendaroska, International expert on personal data protection and cyber security. Top50 CyberSec Female Influencer-Europe