Nearly half of Cyprus businesses have experienced some kind of cyberattack in the past 12 months, according to two surveys conducted between October and November 2022, administered by the Digital Security Authority (DSA) of Cyprus. The surveys showed that 40% of individuals and 46% of businesses were attacked or suffered a security breach in the last 12 months, with an average of 3-4 attacks per month. In total, 1025 individuals and 450 businesses were polled.
POPULAR UNIVERSITY IN CYPRUS BREACH IN EARLY MARCH 2023
A big malicious attack took place against an organization in Cyprus recently. The Rector of the University of Cyprus stated that it appears that it was "an organized attack in which normally these hackers have some type of goal to demand ransom”. He also noted that “the University received no demand for ransom so far”. However, according to information from Economy Today, these are attacks with malicious ransomware-type software while, at least in the case of the specific organization, a ransom has been indeed requested to "repair the damage".
What was the impact on the organization after this cyber-attack?
The cyber attack on the University of Cyprus had a significant impact on the organization, both in the short-term and potentially in the long-term. Some of the effects of the attack include:
1. Disruption of services: The attack caused significant disruption to the university's online classes, services, and administrative functions. This not only affected the ability of students and faculty to carry out their work but also impacted the university's reputation as a reliable and trustworthy institution.
2. Data loss: The ransomware used in the attack encrypted data on the university's systems, potentially resulting in data loss. This could have long-term consequences for the university, including loss of research data, student records, and financial information.
3. Financial costs: Responding to a cyber attack can be expensive, and the University of Cyprus likely had to invest significant resources in restoring its systems and strengthening its cybersecurity measures. Additionally, there may be legal and regulatory costs associated with the attack.
4. Reputational damage: The cyber attack may have caused reputational damage to the university, as stakeholders may question the university's ability to protect sensitive information and infrastructure.
To mitigate the effects of the attack, the University of Cyprus will need to implement additional security measures to prevent similar incidents from occurring in the future. This may include training staff and students on cybersecurity best practices, investing in more robust security technologies, and developing a comprehensive incident response plan.
MINISTRY OF HEALTH RANSOMWARE ATTACK (2021)
In May 2021, the Ministry of Health in Cyprus suffered a ransomware attack that affected its computer systems and caused a temporary shutdown of its services. The attack was carried out by a group of hackers who used a type of malware known as ransomware to encrypt the data on the ministry's systems and demand a ransom in exchange for the decryption key.
How did the Ransomware Attack affect the Health Care System?
The attack disrupted the ministry's services, including its COVID-19 vaccination program and the operation of public hospitals. The ministry took immediate action to isolate the affected systems and prevent further spread of the malware. It also notified the relevant authorities and engaged with cybersecurity experts to investigate the incident and restore its systems.
In addition, the attack also affected several private healthcare providers in the country, as they rely on the ministry's systems for accessing patient records and other critical information. The disruption in the ministry's services caused delays and difficulties in providing medical care to patients, which had a ripple effect on the economy and the society as a whole.
While the ministry did not disclose whether it paid the ransom demanded by the attackers, it did announce that it had restored its services and that no sensitive information or patient data had been compromised in the attack. The incident serves as a reminder of the increasing threat of ransomware attacks and the need for organizations to implement robust cybersecurity measures to protect their systems and data from cyber threats.
The attack also highlighted the vulnerability of organizations in Cyprus to cyber threats and the need for them to take proactive measures to strengthen their cybersecurity defenses. The incident served as a wake-up call for many businesses in the country, prompting them to review their cybersecurity policies and invest in more advanced technologies and solutions to protect their systems and data from cyber attacks.
LAND REGISTRY ATTACK (2023)
The Financial Mirror reported in May 2023 that the government’s land registry website was also down as a result of such an attack. According to reports the attack began on Wednesday evening and hackers have requested money. The government’s IT department is involved to try and resolve the situation due to the sensitive data the website carries, with the digital security authority to assist. Land registration director Elikkos Elia said that the extent of the damage caused to the system and digital archives is being assessed. “We believe, and certainly hope, that no data has been corrupted,” said Elia when asked if any title deeds could have been lost. “The Land Registry’s archive is made up of data collected over the past 150 years, which took years of work to be digitalised”. Head of the police cybercrime division George Karkas urged the public to be vigilant and stressed that in the event of being victimized by a ransomware attack it is important to not comply with the extortion or get in touch with the criminals”. There is no guarantee that the hackers will restore one’s system and getting in touch may embolden them to ask for more money or attack the same person or business again,” the police chief said.
What happens if someone becomes a victim of a stolen title deed?
If title deeds have indeed been stolen it can result in legal issues, damage the homeowner's credit profile and damage to the property itself, thus making it worthless and difficult to sell. Additionally, the thief creates a new identity with supporting documentation like fake ID, Social Security card, and other personal identifiers. This is followed by the criminal forging the homeowner’s signature onto a fraudulent bill of sale and transfers legal ownership of the house to themselves. Once the home deed is in the criminal’s name, they can take out home equity loans and disappear with the money, leaving the homeowner with the bill. Unfortunately, most people don’t find out that title theft has occurred until they receive a foreclosure notice in the mail from the bank holding the bogus home loan.
SECURITY MEASURES TO HAVE IN MIND
What could have happened if these organizations had implemented sufficient security measures in the first place? Would it minimize the risk of exposure?
Whilst no one can be 100% secure, there are measures to minimize the risk of a possible security breach.
Organizations can customize frameworks to solve specific information security problems, such as industry-specific requirements or different regulatory compliance goals. Frameworks also come in varying degrees of complexity and scale. It is crucial that the organization implements an information security framework to have effective security policies in place.
A Vulnerability Assessment Penetration Testing (VAPT) is a security service to identify loopholes and vulnerabilities within the external and internal infrastructure of the organization. Both the Vulnerability Assessment and Penetration Testing have unique strengths and are often collectively done to achieve complete analysis. A detailed report includes both the Executive Summary and Technical Summary with all the vulnerabilities identified and the recommendations to perform the relevant actions. If the relevant actions and tests were taken accordingly then these types of incidents would have minimized the exposure of malicious attacks.
Moreover, an implementation of a Cyber Risk Management platform could strengthen the overall security of the organization. These platforms are built to provide an integrated view of cybersecurity risks and threat exposures across external networks, internal networks, cloud misconfigurations and third-party exposures both proactively and reactively.
Furthermore, Security Information and Event Management (SIEM) Solutions plays a major role for organizations by analyzing event data in real time, allowing for early discovery of data breaches and targeted attacks.
In addition to a SIEM, SOC-as-a-Service (SOC) is a security model wherein a third-party vendor operates and maintains a fully managed SOC on a subscription basis via the cloud.
Also, an organization shall consider implementing onsite and offsite backups and disaster recovery solution, as to have a complete and tested/functioning business continuity plan in place, to avoid loss of the data and working distraction of the organization from malicious attacks, human error, or environmental disasters. Business continuity is a business's level of readiness to maintain critical functions after an emergency or disruption.
Where BCDR Fits in a Ransomware Plan?
An organization's cybersecurity plan should be the first barrier to ransomware attackers. This plan typically activates once firewalls have detected an anomaly using intrusion detection and prevention systems as well as other threat detection systems. If the nature of the attack quickly escalates and begins threatening critical systems, such as blocking access to critical files, it might be necessary to activate BCDR plans.
A unique business continuity plan for ransomware is not always necessary, especially if existing BCDR, cybersecurity and ransomware action plans are in place. Business continuity plans should ideally include references to cybersecurity plans if a ransomware event occurs.
The cybersecurity plan should refer to disaster recovery processes if and when an attack has affected technology operations and to business continuity activities for resumption of business operations following an event.
The attack's effect on technology precedes its effect on business operations, but that is not always the case. In some situations, the attack might be so severe and progress so rapidly that it can concurrently disrupt or compromise technology and business processes.
In these cases, launch both business continuity and disaster recovery plans as quickly as possible to minimize damage. As the plans progress and associated teams perform their roles, the incident should be resolved. An after-action report is essential to analyze what might have gone wrong and prepare for similar situations in the future.
Cypriot businesses reported attacks
Furthermore, according to Eurostat, in 2019 87% of all companies in Cyprus with more than 10 employees did not have any protection against threats concerning their data or systems. These findings cause increasing concern regarding the security of valuable corporate data or users’ data as cyberattacks are becoming a common phenomenon.
It is reported that 40% of citizens have been attacked in the last 12 months with an average of 20,9 breaches/attacks per year and of the citizens attacked for 19% there has been some cost amounting to €318 on average.
The most frequent attack received by citizens is phishing, i.e., fraudulent e-mail messages with 30%.
In the case of citizens who have not been attacked/breached in the last year, 82% do not rule out the possibility of being the victim of a malicious attack in the future.
It is highlighted that citizens are unaware of offered seminars on topics related to cyber security since 82% declared ignorance about them, while only 9% have participated in them.
Through the research it became clear that after attending seminars the most important changes they made were using strong passwords, changing passwords frequently and avoiding suspicious websites.
It is noted that based on the above results, the Digital Security Authority intends to organize educational seminars to enhance knowledge and skills in cyber security matters as well as information and awareness campaigns in the near future for both citizens and businesses.
As mentioned, these surveys constitute a first mapping of the picture in cyber security matters and it is expected that on the one hand there will be a long-term collection of the data on an annual basis and on the other hand an enrichment of the questionnaires based on the developments and the information needs that will arise.
Christodoulos Papadopoulos, CEO - Founder geevo®
Christodoulos is an innovative thinker and entrepreneur, with broad-based expertise in information security – InfoSec (incl. cybersecurity), data protection, privacy, FinTech and RegTech. He currently leads geevo®, a Cybersecurity, Data Protection, Data Privacy and Risk Management MSSP, with having its headquarters in Larnaca.
Moreover, he is the co-founder and President of the Cyprus Association of Information Protection and Privacy (CAIPP).
