Predrag Puharić
CEO Cyber Security Excellence Centre
Current developments in cyber security in Bosnia and Herzegovina
Unfortunately, over time we are witnessing increasingly frequent and complex forms of cyber attacks. While earlier these were only occasional isolated incidents, now we are facing organized and advanced attacks on important institutions and companies, such as the Parliament of Bosnia and Herzegovina, and Sarajevo Gas. Although we try to follow global trends in the fight against cyber threats, such as the establishment of Cyber Security Excellence Center - which, of course, we consider a key step - we feel that we have not made enough progress in creating a solid legislative framework. This is confirmed by the fact that it was only in 2019 that we accepted non-binding Guidelines for the improvement of cyber security in Bosnia and Herzegovina. Admittedly, there is progress at the organizational level, visible through the recent systematization in the Ministry of Security. However, essential and strategic steps that would ensure the long-term protection of the digital space of BiH have not yet been taken.
Prema detaljnim podacima koje smo predstavili u našem premijernom Izvještaju o sajber prijetnjama u Bosni i Hercegovini, jasno je da naša zemlja nije izuzetak u globalnom kontekstu sajber pretnji.
In fact, Bosnia and Herzegovina follows world trends in terms of the most common types of cyber attacks.
Attempted DDoS attacks dominate, which is the process of overloading systems to make them inaccessible to users. Also, there is a growing number of attempts of unauthorized access to databases and remote logins. Of particular concern are increasingly complex phishing campaigns, which now rely on advanced artificial intelligence (AI) technologies. These campaigns represent perhaps the greatest threat to the public, as they target individual users with the aim of stealing sensitive information and data.
Attack types
As we previously pointed out, attempts to disable access to systems and websites through DDoS attacks stand out among the most frequent forms of attack. These attacks tend to overload resources, making them unavailable to users. However, in second place in terms of frequency, we find attempts of unauthorized access to databases, especially those that use MS SQL and MySQL platforms. In addition, a significant number of unauthorized login attempts using VNC and RDP protocols, which enable remote management of computer systems, has been recorded.
One of the key challenges facing many institutions is their approach to IT staff.
Namely, it is not uncommon for organizations to have under-capacitated IT departments, which are mostly understood as simple support for users. Instead of recognizing the strategic importance of information technologies, many institutions do not invest enough in the capacities and education of their IT teams. It often happens that they do not have enough experts dedicated to the maintenance and improvement of the IT infrastructure, and the role of specialized personnel for the security of information systems is especially neglected. A typical picture is an IT department composed of just one or a few people whose primary responsibility is to support users in their day-to-day tasks. This situation not only puts additional pressure on the IT team, but often leaves them without enough time or even without the necessary skills to adequately address security issues and proactive prevention of potential risks.
Up-to-date, quick and coordinated reactions
Responses to cyber attacks vary from institution to institution. Ideally, reactions would be immediate and effective, but in practice, many organizations do not have adequate mechanisms in place to quickly detect and respond to cyber threats. Timeliness of response often depends on the level of cyber security awareness, the availability of professional staff and the tools implemented to detect and respond to incidents.
When a cyber incident occurs, a quick and coordinated response is critical. As a best practice, institutions should definitely have defined procedures for the following steps:
- Incident response plan, regularly updated and tested;
- Isolation of infected systems to prevent the spread of the attack;
- Analyzing and documenting how the incident occurred is key to preventing similar incidents;
- Communication to keep all relevant parties informed in a timely manner, including internal teams, external partners, clients and, as appropriate, judicial authorities;
- System renewal with all necessary corrections;
- Post-incident analysis to identify causes, lessons learned and possibly improve procedures for the future.
CERT is of critical importance for the cyber security of any organization or country.
They serve as the first line of defense against cyber threats, providing expertise in incident response, prevention and training. Also, CERT teams often collaborate with other teams at the national and international level, sharing threat information and best practices. CERT is dedicated to cyber security and providing protection to its users, citizens and infrastructure.
Education, knowledge and awareness
In general, cyber security awareness among citizens is often not at the desired level. Although the situation is improving over time, many citizens are still not sufficiently informed about potential threats and ways to protect themselves in the digital environment.
One of CSEC's priority tasks is raising awareness of cyber security.
To improve this situation, education is the key. State institutions, educational institutions and organizations should provide educational campaigns, workshops and courses on cyber security.
The media also play an important role in informing the public about risks and precautionary measures.
Školama bi trebalo dodati kurikulume koji se bave osnovama digitalne pismenosti i sajber bezbjednosti.
All these activities are also an important part of CSEC's mandate and activities.
It should be emphasized that cyber security education should be adapted to everyday life.
This means teaching citizens how to recognize suspicious e-mails, how to use strong and different passwords for various services, how to regularly update software, and how to recognize and avoid potential threats on the Internet with as little information as possible that is more technical in nature and requires specific foreknowledge.
Citizens' knowledge and awareness directly affect the security of organizations. Many cyber attacks, such as phishing campaigns, directly target individuals. If citizens know how to recognize and avoid these threats, the risk of compromising organizational systems is reduced.
To stay informed about the latest developments in the field of cyber security, citizens can follow relevant websites, such as this one and csec.ba, blogs and forums specialized in cyber security.
Signing up to one of the newsletters with the latest information and industry tips can also be useful.
Also, there are many educational resources and online courses that are regularly updated with the latest information and practices. One such platform is also being prepared by us at CSEC, that you will be able to find at academy.csec.ba.