Number of serious cyber-security incidents on the rise ({{commentsTotal}})


The Estonian Information System Authority's (RIA) annual report shows that although the number of cyber-security incidents in Estonia has not increased, the breaches have become more severe.

RIA handled a total of 1151 incidents in 2014, 20 percent of which were highly critical and 486 involved state institutions. The most common reasons for incidents were attacks, power cuts, data communication disruptions and software malfunctions.

Although the number of different types of incidents - e.g. defacement, malware, phishing - are comparable to those of 2013, they have become more dangerous in nature, affecting organizations and users alike. Moreover, there is an increasing number of carefully planned attacks that damage the reputation of the state and/or its services.

One of the most noteworthy malware incidents last year involved the state-owned passenger rail operator Elron. The website of the transport company was hacked and used to infect visitors's computers. As Elron was the most popular Google search term in Estonia last year, the damage was considerable.

The number of incidents related to foreign secret services has also significantly risen. Throughout the year, there were several denial-of-service attacks (22 in 2014, 13 in 2013) designed to test the limits of Estonian e-services.

RIA's Director of Cyber Security Toomas Vaks said that the critical disruptions clearly demonstrate how much the functioning of the state and its agencies, including internal security and the surveillance of external borders, relies on data communication between the state institutions.

"The high level of trust also sets increasingly higher expectations to guaranteeing cyber security and the capabilities of managing incidents and crises," Vaks wrote in the foreword of the report.

Elron's example too demonstrates the need for deeper understanding of cyber-security issues within organizations and in the society as a whole. "The main means for organizations, the state and each individual to increase their level of cyber security is to improve their skills and knowledge, in order to identify risks and have functioning back-up plans, in case something actually happens. To alleviate the consequences of the incidents, just having a plan B is not enough – we also need a plan C," Vaks said.

You can read the full report here.

Editor: M. Oll

+{{cc.replyToName}} {{cc.body}}
No comments yet.
Logged in as {{user.alias}}. Log out
Login failed

Register user/reset password

Name needs to be fewer than 32 characters long
Comment needs to be fewer than 600 characters long

Independence Day: Estonia’s way into the future isn’t a race

There is a lack of connection between the Estonian state, and the people who live here. While it expects a lot of the state, Estonian society doesn’t seem ready to contribute, writes Viktor Trasberg.

Lotman: Security academy would be crucial Estonian identity point in Narva

In an opinion piece published by Eesti Päevaleht, Tallinn University professor Mihhail Lotman found it important to overcome the mental barrier separating Ida-Viru County from the rest of Estonia.