Last month, five million Bulgarians had their personal details stolen - which accounts for 71% of the population. In our second installment, we will assess the impact of a cyber-attack on the government, the effect it has on people and how easy the attack was to plan and execute.
In July, the majority of Bulgaria had their personal data made public after records were stolen by hackers from the country's tax revenue office.
"We should all be angry, the information is now available to anyone. Many people in Bulgaria already have this file, and I believe that it's not only in Bulgaria," said Genov, a blogger and political analyst.
The attack was devastating, but not difficult to carry out.
Why would hackers target the government?
“Government databases are extremely valuable for hackers. They contain a huge wealth of information that can be beneficial to exploit” says Jack Reece, one of our Cyber Security Consultants here at Hamlyn Williams.
"Although you can make passwords longer and more complex which can help improve the security, the information the government possesses are things that are not going to change," explains Jack.
"Personal information such as your address, your name, and age is valid and very unlikely to change in the next few years” he adds. The data can be sold and exploited even further.
“Victims will often be unaware, but with a large scale attack such as the one in Bulgaria, how easy it was to carry out, and the hackers goading the government, means those affected will be angry and distraught” Jack adds.
So how do Hackers carry out their attacks?
Cyber-attacks and data breaches were usually carried out by highly skilled hackers. But it is becoming increasingly easier to carry out a planned attack that doesn’t necessarily require any skill. Via the dark web, malware and hacking tools can cause devastation to IT systems from amateur hackers.
A strict data protection law that came into effect last year across the EU and has placed pressure on anyone who collects and stores personal data. With the introduction of hefty fines as a strict punishment.
However, attacks overall, continue to rise, Jack explains. "Cybercrime is on the rise, we need to work together to tackle the issue and make cybersecurity a priority, if a government can be breached, and have 70% of its population's personal data exploited, then it’s a massive cause for concern”
What is the problem and how can it be solved?
Out-of-date systems are often the problem. Some governments will use private companies to collect and manage data before cyber attacks occur. In many instances, data that was sent to third party contractors many years ago and continues to be managed by them. However old data is still valuable to hackers.
The Bulgaria incident is concerning. As a result, the government has launched a full investigation into the attack. So far a 20-year-old cybersecurity worker has been arrested by the Bulgarian police. If convicted, he could spend ten years in prison. “It goes to show how easy the attack was but also the severe consequences as a result” Jack explains “Those who commit these attacks will be given lengthier prison sentences, and industries will be fined for not protecting data properly”
Especially as this wasn’t the first time the Bulgarian government was attacked, last year the country’s commercial registry was targeted. “In a year, no improvements were made, and as a result, a large scale attacked has happened on the majority of the population” Jack concludes.
If the threat of cybercrime isn’t taken seriously then not only will these attacks become more common, but they will become even easier to implement. The impact will certainly have a detrimental effect on both the economy and the people.
If you are looking for experienced cybersecurity professionals to help protect your company, or if you are an experienced cybersecurity candidate looking for a new career opportunity contact Jack via email on firstname.lastname@example.org or call us on 02036752920 and ask to speak with a member of our Cyber Security Team.