Cybersecurity in the Time of Pandemic: How Does V4 Fare?

  • Eliška Pohnerová
  • 19.4.2021 18:26

The year 2020 will enter the world chronicles not only as the year of a pandemic but also cyber threats. The increase in cyberattacks during 2020 is a well-known fact, needless reminder. This is also true for the V4 region. How did V4 fare in 2020? Here's just a hint: The V4 has more to tell than you have thought.

In 2020, the world experienced a several-fold increase in cyberattacks compared to the previous year. The Visegrad countries (Czech Republic, Hungary, Poland, and Slovakia) were not spared of the rising trend. Each of the mentioned countries suffered during the pandemic its share of attacks. However, while Russia, a synonym of cyber insecurity, became the most attacked country in the East-European area (7% of users attacked), the V4 region made out quite well. Out of the V4 partners, the Czech Republic ended up with the lowest ratio (0.79% users attacked) and Poland the highest (1.68%).

None of those statistics is anyhow alarming, especially when assessed from the optic of vulnerability, which is a combination of countries' economies, technological structures, total crime, time spent on the internet, etc. The variables that make up the vulnerability index are quite obviously the reason why western countries tend to be, in general, more vulnerable while the developing ones are close to zero. The Czech Republic is the most vulnerable from the CEE region (0.47 on the 0-1 scale where 0 means no chance to be attacked) according to Cyber Risk Index issued by NordVPN and Statista.

 

Targeting Healthcare Sector and Private Sector

Although the V4 countries are doing very well from a statistical point of view, the specific cases from last year are questioning the cybersecurity in V4.

The Czech vulnerability happened to be visible during the alarming cyberattack attempts in several Czech hospitals from spring 2020. Hungary (vulnerability rate 0.44), too, suffered an attack on the healthcare sector, specifically the vaccination registration website and government’s information page related to the pandemic. This quite recent episode from February 2021 falls within the increase in attacks on healthcare and medical institutions from the end of 2020 and the beginning of 2021. In this period, Central Europe has seen a deterioration of 145%, which was the worst balance worldwide. However, as V4 countries do not produce Covid19 vaccination, which indicates the attacks are motivated by ransom rather than espionage.

The reasoning behind such attacks thus revolves around financial profit, sabotage, and competitive struggle. For this purpose, different types of malware are operated, most often ransomware and phishing. In August 2020, ACRONIS, operating in 150 countries, detected 611 malware threats per 1,000 users in the Czech Republic and 453 in Poland (vulnerability rate 0.37). This score ranks the aforementioned countries ninth and fifteenth place in the ranking of the most threatened countries by malware.

Defined as the world’s most dangerous malware, Emotet was one of the threats troubling the V4 countries. In both the Czech Republic and Poland, Emotet occupied the first rank in cyberattacks on enterprises. After the January 2021 global action disrupting its network, Trickbot is now expected to take its place.

Cybercrime is a growing business. It is estimated that in 2020, the practice contributed globally to $945 billion in economic losses, twice as much as in 2018. The aforementioned attack on the Czech hospital in Brno from April 2020 is said to cause at least a $500 thousand in loss. Private companies are also at risk. After the February 2021 cyberattack on Poland’s CD Projekt, its shares fell by half compared to last year.

 

Cybersecurity in V4: Neglected and Underestimated

The cybersecurity expertise in V4 face several shortcomings which might negatively affect the users’ security. One of the biggest problems is the lack of professionals. According to both Polish and Czech experts, their countries struggle with filling vacancies in the cybersecurity sector. The availability of education is also to blame. Although all V4 countries offer at least one graduate program in Cybersecurity, Hungary lacks the undergraduate level of this expertise and Poland and Slovakia the post-graduate ones.

The problem is not only the particular shortage of experienced experts but also the underestimation of the importance of cybersecurity by the management of companies which is reflected in the insufficiently attractive salary conditions for professionals. The aforementioned underestimation arises from low cyber threat awareness. For illustration, according to Borys Lacki: “The Polish market is several years behind Western countries in terms of their awareness of the threats in the area of cybersecurity. Polish companies have only recently started to realize that the threat is real.” The same would be true for other V4 countries. All V4 countries’ national security authorities are trying to change this fact through education of the public, protection recommendations, and new legislation.

An additional problem of Central European cybersecurity is a lack of adequate capital. The growing attacks on health care are linked to the fact that this sector is necessary but at the same time underfunded. According to the IT manager in one of the Czech hospitals, there is not enough funding for new professionals. Of the hospital's 700 employees, only four take care of information networks. The hospital is said to face fifty interventions a day.

 

V4 Cybersecurity Authorities: They Set the Bar High

That said, the overall situation must be put into perspective. Despite the mentioned drawbacks, the V4 countries are doing very well in terms of institutional approach to cybersecurity. According to the National Cyber Security Index ranking countries based on governmental and institutional measures relating to the cyber domain, the Czech Republic ranks second, Poland sixth, Slovakia tenth, and Hungary twenty-seventh (February 2021). The NCSI index takes into account factors such as national cybersecurity strategies, national cybercrime units, primary and secondary education curricula on cyber safety, data protection legislation, etc.

In Slovakia, the pandemic helped to point out the shortcomings of cybersecurity and paved the way for new initiatives. The Dictionary of hybrid threats was finally published in January 2021 and the National Cyber Security Strategy was announced once again stressing the lack of experts and low public awareness. New Strategy was also issued in the Czech Republic drawing attention to phenomena such as the Internet of Things, Cloud security, and public cyber-education. Poland will renew its cybersecurity strategy next year. In the case of Hungary, the 2013 version seems to be still in force.

Indeed, Hungary falls far behind its V4 partners as far as cybersecurity is concerned. According to the NCSI report, Hungary is lacking a Cyber crisis management plan as well as a specialized governmental unit responsible for national cybersecurity policy development. Also, unlike the other V4 countries, Hungary lacks the legislation binding digital service providers and operators of essential services to report cyberattacks to governmental authority.

 

More Is to Come: How to Be Ready?

2020 shook heavily with cyberspace – that also stays true for the V4 countries. Although cybersecurity was discussed already before the pandemic, the rise in cyberattacks had a positive impact on the cybersecurity debate. The V4 countries are calling for cyber-experts, raising awareness, and the production of new legislation/recommendations frameworks.

Although the share of attacks in V4 is rather low, the potential cyber vulnerability is expected to rise. The vulnerability goes hand in hand with urbanisation, a growing number of users of social media, increasing public Wi-fi availability, e-commerce, etc., thus, becomes an integral part of development. To avoid this scenario, the V4 countries cannot be satisfied with their governmental cyber measures, no matter how successful they are, but must go further and address any other shortcomings just as: Data Backup, crisis plans, users’ awareness of cyber hygiene, national cyber strategies updates, cyber-sector and cyber experts funding, etc.

The V4 cybersecurity might be a crucial factor in the future. In August 2020, Warsaw and Prague appeared on the Cushman & Wakefield list of emerging hotspots for European data center development as the pandemic caused a boom in the development of secondary markets. Cybersecurity is under scrutiny more than ever.

About author: Eliška Pohnerová

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace