Safeguarding against cyberattacks
The political upheaval surrounding the cyberattack on the Education Ministry’s online platform commonly referred to as the Subject Bank, intended to establish a consistent nationwide standard for end-of-year high school exams, has diverted public discourse from more significant matters. The haste to depict the attacks as a “massive event,” despite the lack of substantiation through a comparative analysis of data with similar international incidents, and the insinuations suggesting the absence of an attack, despite clear escalation in two distinct phases, have obscured the true nature of the situation.
Furthermore, the handling of the issue by various TV panels and the lack of comprehension regarding the nature of a DDoS attack have exacerbated the state of confusion. In certain instances, Greek television, in its customary approach to current affairs, has invited individuals with dubious expertise, who are hailed as experts, to provide commentary on the event. Ultimately, when the objective is to create a sensational impression on the audience, there seems to be little concern for evaluating individuals in advance or filtering journalistic information.
For several days, a considerable segment of the media disseminated unsubstantiated information, including the claim that the particular digital attack could have incurred a cost of €200,000 for the perpetrators.
Is there an authoritative agency in existence that can ensure adherence to clear security protocols and step in when necessary?
However, the public discussion should have shifted its focus to different aspects. What is the current state of online applications and services developed by entities and organizations within the intricate public sector? To what extent is the concept of security (security by design) taken into account right from their inception? Are essential penetration tests and stress tests conducted before making these applications and services available to the public, aiming to identify vulnerabilities, address them promptly, and evaluate their resilience? What could be the underlying reasons for any negligence? Is it a matter of staffing within the public sector or the assumption that malicious users would not find it worthwhile to target them?
Furthermore, it is crucial to not only assess whether an application is vulnerable to cyberattacks due to any reason but also determine its ability to handle the workload it will encounter once it is accessible to the public. Is there an authoritative agency in existence that can ensure adherence to clear security protocols and step in when necessary?
To be sure, in the digital realm, no one is immune. However, it is imperative to fortify systems to the highest degree possible and operate with the awareness that they may inevitably become targets.
