Polish Institutions Vulnerable for Cyber Attacks

Polish institutions are ill-prepared for cyberattacks and are not cooperating well enough to be effective in tackling online threats, according to a state auditor.

According to Poland’s Supreme Audit Office (NIK), state agencies as well as other government institutions are not collaborating enough and lack the expertise to deal with new security threats, department director Marek Bienkowski told the audience at a security conference this week in the Polish capital of Warsaw.

While the NIK’s audit is still ongoing and the final report hasn’t published yet, it’s already clear the Polish authorities have much work ahead of them.

The NIK has been auditing cybersecurity at Polish government institutions since the summer, looking into the agencies’ files dating back til 2008. While audits of some organisations are still ongoing, the NIK’s director is confident of its eventual findings — and alarmed enough about them — to share some of the preliminary conclusions. And they aren’t pretty.

Communication between the Ministries of Home Affairs; Administrative Affairs and Digitization; and Defence has been below par, while law enforcement agencies and academic computer networks are poorly equipped to deal with security breaches, he said. Only on a few occasions were actions taken to counter threats effectively, Bienkowski said. While the Polish police and the country’s internal security agency ABW are very active on the topic of cybersecurity, they simply lack the necessary security systems (the police) or resources (ABW) to be effective.

Politically, the situation is even more alarming. Instead of being proactive, the highest government officials tend to wait for the European Union to come up with new directives and common guidelines, Bienkowski says.

The ministries in particular are doing poorly when it comes to cyber security. While the National Security Bureau has been looking into cyber security and developed frameworks on the subject, Bienkowski warns these guidelines are just that: guidelines, without hard commitments. The Minister of the Interior has, for example, no set duties with regard to securing Poland’s IT systems, and there is a lack of a sense of responsibility within the department.

The Ministry of Administrative Affairs and Digitization gets criticism for responding in an ad hoc manner to events as they happen, without preparation or a long-term vision. But even worse, according to Bienkowski, is the lack of knowledge within the department on the topic of cybercrime and digital threats.

For full story visit ZDNET

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...