The Estonian Information System Authority has issued a call to local businesses to report cyber incidents as it is the only way for the government to acquire a comprehensive overview of the threats present in the Estonian cyberspace and offer effective solutions to mitigate them.
In the first six months of 2020, the Estonian Information System Authority registered 1,569 impactful cyber incidents, with botnet subscriptions as the main type (46%), although there’s also been a considerable increase in phishing scams (20%) that try to trick users into disclosing their account information for the purposes of conducting subsequent fraudulent activities (eg bank account fraud).
“We are extremely grateful to all companies who notify us about falling victim to cybercrime or even of attempted attacks. This will help us in taking necessary measures to improve the security of the Estonian cyberspace. Immediate feedback from CEOs and IT staff will enable us to offer better protection and provide help, if necessary,” Tõnu Tammer, the head of the authority’s cyber incident management department, said in a statement.
“However, if companies do not report or talk about cyber incidents, we will not have a clear overview of the true extent that our companies, institutions and people fall prey to these criminal attacks. Operating with incomplete information makes it harder for us to help and take necessary measures.”
No company is safe from cybercrime
“We have created a web platform for submitting incident reports and prepared an e-mail template for cyber incident notification. In addition, people can file a regular incident report by sending an e-mail to firstname.lastname@example.org,” Tammer noted.
According to the Information System Authority, “no company is safe from cybercrime because the perpetrators don’t discriminate between small or large companies – in cyberspace everyone is fair play!”
“For example, even businesses that are very vigilant about cyber security may still suffer losses if their business partners are not sufficiently careful,” Tammer added.
According to the him, people avoid talking about cyberattacks due to various concerns, but fortunately businesses have begun to address this issue more seriously all over the world.
“I hope this trend will take root in Estonia as well,” Tammer stated, also noting that reporting cyber incidents helps improve the quality of assistance provided and enables the identification of the attack’s origins.
Follow the best practices of cyber hygiene
“In case of most frequent root causes, we can build up our capacity to better advise businesses with regard to preventing specific cyber incidents and make sure that everyone is on the same page.”
According to Tammer, focussing on prevention is imminently more expedient than dealing with the consequences, meaning that businesses themselves bear the main responsibility for reducing the risk of cyberattacks.
“It is extremely important to raise awareness among company managers and employees on the topic of cyber threats, making sure that they always carefully check the sender’s name and email address, to use multi-level authentication for work email accounts and to establish clear rules of procedure to address suspicious situations,” Tammer said.
Furthermore, everyone must also follow the best practices of personal cyber hygiene. “We need to take good care of our passwords, computer software updates and backing up our data. The security of national cyberspace depends on each and every one of us acting responsibly and taking necessary precautions,” he pointed out.
The Estonian Information System Authority coordinates the development and administration of information systems ensuring the interoperability of the state’s information system, organises activities related to information security and handles security incidents in Estonian computer networks. The authority is within the administrative area of the Estonian ministry of economic affairs.
The cover image is illustrative. Photo by Markus Spiske/Unsplash.