Language switcher

You are here

Estonian Information System Authority Calls for Businesses to Report Cyber Attacks

The Estonian Information System Authority (in Estonian Riigi Infosüsteemi Amet, RIA) has issued a call for local businesses to report cyber incidents because it is the only way for the government to acquire a comprehensive overview of the threats present in the Estonian cyberspace and offer effective solutions to mitigate them.

In the first six months of 2020, RIA registered 1,569 impactful cyber incidents, with botnet subscriptions as the main type (46%), although there’s also been a considerable increase in phishing scams (20%) that try to trick users into disclosing their account information for the purposes of conducting subsequent fraudulent activities (e.g. bank account fraud).

"We are extremely grateful to all companies that notify us about falling victim to cybercrime or even of attempted attacks. This will help us in taking necessary measures to improve the security of the Estonian cyberspace. Immediate feedback from CEOs and IT staff will enable us to offer better protection, and provide help, if necessary,” said Tõnu Tammer, Head of CERT-EE, RIA's Cyber ​​Incident Management Department. "However, if companies do not report or talk about cyber incidents, we will not have a clear overview of the true extent that our companies, institutions and people fall prey to these criminal attacks. Operating with incomplete information makes it harder for us to help and take necessary measures.”

There are several ways to report cyberattacks. "We have created a web platform for submitting incident reports, and prepared an e-mail template for cyber incident notification. In addition, people can file a regular incident report by sending an e-mail to cert@cert.ee," said Tammer listing available alternatives. For more detailed information on reporting cyberattacks in Estonia, please visit https://www.ria.ee/et/kuberturvalisus/kuberintsidendist-teavitamine.html.

No company is safe from cybercrime because the perpetrators don’t discriminate between small or large companies – in cyberspace everyone is fair play! "For example, even businesses that are very vigilant about cyber security may still suffer losses if their business partners are not sufficiently careful," explained Tammer.

Tammer went on to explain that although the awareness about cyber threats is gradually improving, the perpetrators are also becoming smarter and more cunning. “It is clear that the cyber incidents reported to RIA do not reflect the actual scope of attacks on Estonian companies. We are also certain that there is a large number of victims who have not informed us of incidents. We implore everyone to come forward and contribute to helping us improve the safety for the entire Estonian business environment,” said Tammer.

According to the head of CERT-EE, people avoid talking about cyberattacks due to various concerns, but fortunately businesses have begun to address this issue more seriously all over the world. "I hope that this trend will take root in Estonia as well," says Tammer. He also noted that reporting cyber incidents helps improve the quality of assistance provided and enables the identification of the attack’s origins. “In case of most frequent root causes, we can build up our capacity to better advise businesses with regard to preventing specific cyber incidents, and make sure that everyone is on the same page,” explained Tammer.

The key to enhanced cyber ​​security is prevention. According to Tammer, focusing on prevention is imminently more expedient than dealing with the consequences. This means that businesses themselves bear the main responsibility for reducing the risk of cyberattacks. "It is extremely important to raise awareness among company managers and employees on the topic of cyber threats, making sure that they always carefully check the sender's name and email address, to use multi-level authentication for work email accounts, and to establish clear rules of procedure to address suspicious situations," emphasised Tammer. Furthermore, everyone must also follow the best practices of personal cyber hygiene. “We need to take good care of our passwords, computer software updates and backing up our data. The security of national cyberspace depends on each and every one of us acting responsibly and taking necessary precautions,” says Tammer.

Seiko Kuik
EISA press officer

 

More news on the same subject

19.10.2020

Estonia was hit by a third wave of malware – always verify the sender’s address before clicking!

16.10.2020 – The monitoring conducted by the Information System Authority (RIA) and information received from the partners show that the Emotet malware, which can be concealed in documents, files, or under links in e-mails, has infected another large set of computers in Estonia.

07.10.2020

Topics of RIA’s quarterly overview: a clever Trojan is taking over Estonians’ computers and the HOIA app is safe

06.10.2020 – The computers of more than a hundred Estonians were infected with the Emotet Trojan. This malware, which creates access to a user’s computer for carrying out further attacks, has affected Estonian trade, transport, and construction companies as well as one smaller government agency. In addition, the Information System Authority (RIA) recommends downloading the HOIA app to limit the spread of the coronavirus and keeping your smart devices updated.