April 7, National Cybersecurity Status Report 2020 was presented by Minister of National Defence Arvydas Anušauskas, Vice Minister of National Defence Margiris Abukevičius, and Director of the National Cybersecurity Centre under the MoD Dr Rytis Rainys in a video teleconference.
It is a wider review of the cybersecurity situation this year to include the perspective of not only the Ministry of National Defence but also other authorities and institutions that contribute to a better national cybersecurity condition, such as the State Data Protection Inspectorate, Lithuanian Police, Communications Regulatory Authority , Lithuanian Armed Forces Strategic Communication Department. “The insight and situational awareness of these institutions is particularly valuable for drawing a comprehensive cyber threat map,” underscored Minister of National Defence A. Anušauskas.
Minister A. Anušauskas also pointed out that “there were many people working by remote means and the number of cyber incidents recorded in 2020, the year marked by the pandemic, is by one fourth higher than before, increasing from 3,241 to 4,330. The trend has been observed to grow year to year and there is no probability of reversal.”
Vice Minister M. Abukevičius underscored that the majority of cyber threats to Lithuania’s cybersecurity observed in 2020 were the same as in the previous years. “The most significant of them result from poor website security, poor cyber hygiene of users and organisations, and insufficient cybersecurity of critical information infrastructure and state information resources. The emerging cybersecurity threats, such as technology supply chain security, are also relevant to Lithuania. Unfortunately, all of these vulnerabilities are quite successfully exploited by both, criminals and hostile states, and cyber gangs associated with Russia are the most active among them in Lithuania,” said Vice Minister M. Abukevičius at the teleconference.
“With the prolonged lockdown in place, internet services have enabled us to adapt our activity habits quickly and efficiently as work and education have been delivered virtually. However, the change in conditions is related to increasing threats, a growing number of cyber incidents. That is why cybersecurity is collective responsibility of organisations in the public and private sectors, as well as of individual users. Correspondingly, it takes collective investment, including financial, in cybersecurity competence , expertise and IT safety solutions,” said Director of the National Cybersecurity Centre Dr Rytis Rainys.
The presenters pointed out that the number of information attacks directed against Lithuania’s national security and defence interests was 18% higher last year than in 2019. A significant amount of complex cyber-information attacks was also identified. One of the major ones was the hybrid attack seen in December: at least 24 websites of public sector organisations were hacked and fake news published. Part of the cyber incidents identified in Lithuania are related to political (elections to the Seimas, change of government), geopolitical, strategic events in Lithuania, region and worldwide (COVID pandemic management).
The National Cyber Security Status Report 2020 provides information that cyber incidents did harm not only to organisations and public authorities but also to Lithuanian citizens. IT security incidents temporarily denied access to Population Register, Register of Legal Entities, and the Real Property Register and Cadastre of the Republic of Lithuania. It took the most time-consuming effort to restore the e-health service system, Emotet malware also curtailed access to the National Public Health Centre e-mail and disrupted public information processes as a result.
The National Cyber Security Status Report 2020 not only underlines the growing importance of cyber security of the state information resources and critical information infrastructure as a result of increasing cybersecurity risks but also reviews another issue of significant public relevance, i.e., website insecurity.
The cyber threats recorded in Lithuania correspond with the threats seen in Europe or worldwide. Peak spread of the Emotet malware was seen both in Lithuania and Europe in 2020 , as well as increased number of Ransom-based DDoS cases. Other large cyber incidents did not bypass Lithuania either, the most known of which was the malware deployed through Solar Winds software updates. Even though the gravity of the cyber incident was concentrated in the United States organisations, the malware reached Lithuania as well.
Digital property is under the most serious threat from ransomware, phishing, and cyber scams.
The State Data Protection Inspectorate recorded 181 reports of personal data security violations in 2020, that is not a significant increase as compared to 2019, however, bearing in mind the growing number of cyber incidents, it is likely that the authority is not receiving information about a significant number of violations so far.
The National Cyber Security Status Report 2020 underlines that cyber security risks accentuated by the pandemic are increasing and, therefore, it is particularly important to keep cybersecurity among the state policy priorities. The plans set in the area of cybersecurity oblige the Ministry of National Defence to work towards a better cyber resilience and a more effective cyber incident prevention in the country in cooperation with other actors of the public and private sectors and scientific and education institutions. Cybersecurity is on all of us. Legalisation of ethical bug exposure in communications and information systems is also expected to mature cybersecurity in Lithuania.
This is the fifth National Cyber Security Status Report made public by the Ministry of National Defence.
Photo credits: Giedrė Maksimovicz-Alkema
