Language switcher

You are here

The new yearbook of the Information System Authority (RIA) on cyber security summarises the most influential incidents in cyber space

In its most recent yearbook on cyber security, the Information System Authority (RIA) talks about the record number of phishing reports, denial-of-service attacks, and Emotet malware and cyber attacks against Estonian ministries that took place last year. In addition to incidents, you can read about the effect that COVID-19 had on Estonian cyber space, RIA’s larger role in elections, and the new information security standards of Estonia, as well as the most important developments in international cyber cooperation. The yearbook is available on the website of RIA (PDF).

‘Corona crisis also affected the cyber space. For a start, we saw how criminals took advantage of the fears and ignorance of the public to make a profit with fraudulent and phishing e-mails. As normal life came to a standstill, a large part of daily activities switched to digital solutions and we could see how many companies and organisations were not ready for it – for example, attackers could access the data of certain companies because their remote desktops were not configured correctly,’ explains Märt Hiietamm, the Head of the Analysis and Prevention Department of RIA. ‘No domain is immune to cyber attacks. This means that every individual, each company, and organisation must constantly work on their cyber security. This is the only way forward.’

CERT-EE, the Cyber Security Department of RIA, registered 2,722 incidents with an impact last year. The past twelve months were characterised by phishing for bank and e-mail account data, distributed denial-of-service attacks (DDoS) with blackmail, and previously unknown security vulnerabilities. Although the number of fraudulent cases increased, the number of major loss events decreased. According to the information available to RIA, the single largest loss last year was over 41,000 euros. This amount was transferred by a partner of a company from Viljandi to the bank account of fraudsters. At the start of this year, there was an attempt to commit invoice fraud. If this had been successful, it would have caused record damages of about 900,000 euros. Due to the attentiveness of employees, the criminals did not receive the payments.

The yearbook also includes information about the new Estonian information security standards and the activities of EU CyberNet led by RIA in building a Cyber Security Knowledge Hub in the Dominican Republic. It also talks about the role of RIA in elections and the new EU Centre of Excellence in Cyber Crime. Raul Rikk, the National Cyber Security Policy Director, writes about guaranteeing the security of 5G networks; Oskar Gross, the Head of the Cyber Crime Unit at the Estonian Central Criminal Police, talks about maintaining cyber security; and Heli Tiirmaa-Klaar, the Director for Cyber Diplomacy Department of the Estonian Ministry of Foreign Affairs, describes how Estonia became a pioneer of cyber diplomacy.

‘The idea behind the RIA yearbook is to provide the reader with a comprehensive understanding of the current cyber security level in Estonia; it has compiled chapters on a wide variety of fascinating topics, as well as good advice to people responsible for cyber security,’ states Märt Hiietamm.

Previous yearbooks are available on the website of RIA at

Seiko Kuik
Press Officer of the Information System Authority
5851 7028
seiko.kuik [at]

More news on the same subject


DDoS attacks on the 16th and 17th of August targeted around 20 websites

19.08.2022 From the beginning of August the frequency of large-scale DDoS attacks against Estonian public authorities and businesses has increased. The peak of the attacks in August so far was on 16 and 17 August, when the range of targets, as well as the volume of the attacks increased.


Applying for Mobile-ID becomes easier and faster

29.06.2022 - From 2nd of July, applying for Mobile-ID becomes significantly easier and faster because it will no longer be necessary to activate Mobile-ID on the police website and everything can be accomplished with mobile operators. Even after 2nd of July 2022, Mobile-ID continues to be a state-guaranteed identity document. Currently issued Mobile-IDs will remain valid until they are due to expire.