Hackers attacking once in 39 seconds - how to protect citizens' personal data on the local level
Outdated equipment, defficiency of IT experts, or even mistakes such as inadequately frequent changing of access passwords - these are only some of the security issues seen in compter networks in local governments, that could expose citizens' personal data from their databases in case of hackers' attacks - it is shown in NALED's latest research.
According to RATEL data, once in every 39 seconds there is a cyber attack occuring in Serbia. To better protect citizens' data, such as the ones from personal records or election registries, for several years back, the Office for IT and E-Government and NALED have been intensely working with ities and municipalities on improving their systems.
Along with a series of free trainings for local administrators, together with its members fom the IT sector, NALED also performed pen-tests in 10 local governments - simulated controlled hacker attacks, which generated numerous recommendations for improving the level of information safety.
A research on information systems safety performed in 69 cities and municipalties has shown that 58% local governments have not checked the security of their networks, and none of the surveyed local governments have tested a recovery plan in case of system crash, over the past year.
- Even 47% local governments have at some point been targetted by cyber attacks, and 12% do not know if they had been hacked. One in five local governments do not have an employee designated for IT issues, while the rest have an average of one specialized officer for every 62 employees. A half of them do not regularly change their passwords, while officers also often lack training, which can lead to situations where an officer gives away their access passwords, thus endangering data safety – says Ivan Živković from Microsoft, and Head of Working group for cloud, data and information safety in NALED's E-Government Alliance.
According to him, 93% respondents say that they have an antivirus software, but the problem is that many of them do not use licensed programs, but some free versions that are not enough. He also adds that it is best to store data on computers not older than five years, since older operative systems are often easier targets. This is a part of NALED's recommendations, and Živković highlights that NALED's E-Government Alliance stands at the disposal of all cities and municipalities that need support.
The Analysis of local government information systems is part of the project Strengthening the capacities of local governments for the implementation of information safety regulations, implemented by NALED and RATEL, in cooperation with the Ministry of Trade, Tourism and Telecommunications, the Office for the IT and E-Government and the Ministry of Interior.
- Within the project we implement with RATEL, there have been four seminars presenting the Modela Act on ICT systems safety and protective measures, for 153 participants from 79 local governments. The seminars were followed by technical trainings on a system simulating cyber attacks for 56 system administrators from 42 local governments, performed by the National CERT – says Živković.
