Data from the first cyber threat report show that more than 9.2 million separate cyber-attacks were recorded in Bosnia in November 2022 alone, against a wide range of targets.
The scale illustrates the vulnerability of citizens, companies and institutions to cyber-security threats, in the absence of coherent strategies, focused regulation and modern capabilities to respond or protect against such attacks.
These are the results of the first report assessing cyber-security threats in Bosnia and Herzegovina, authored by the Centre for Excellence in Cyber Security CSEC and BIRN Bosnia and Herzegovina, BIRN BiH.
Baroness Neville-Rolfe said the report “shows that BiH institutions, businesses and the general public are acutely vulnerable to attacks and online interference from around the world. Attacks numbers in the millions, and are already costing businesses, harming institutions, and taking advantage of the public. I hope today’s discussion will help decision-makers better understand what needs to be done now to protect all of BiH society from cyber threats.”
The report assessed the scale of the cyber threat in Bosnia and highlighted the importance of an urgent government response.
It was presented to members of the Parliamentary Assembly of Bosnia and Herzegovina, whose systems were targeted last year, the European Integration and Security Caucus, different levels of legislative bodies in Bosnia and discussed with a range of cyber experts. Wider learning and reporting from CSEC and BIRN BiH on cyber security issues were also presented.
An updated threat report will be published every six months, providing an up-to-date assessment of cyber threat trends, and sharing practical advice on how to protect against them.
CSEC, with the help and support of the UK government, has monitored the attacks using two devices that impersonate a digital target.
The most common form of cyber-attacks recorded were Distributed Denial of Service DDoS attacks, which attempt to disable or obstruct the functioning of an IT system by bombarding it from many different sources simultaneously. CSEC recorded 3.8 million DDoS attacks in Bosnia in November alone.
Media were frequent targets. Along with DDoS attacks, attackers often tried to control computers and exploit various databases and devices with the Android operating system.
As only two devices were used to monitor attacks, the coverage in this threat report is not comprehensive: the total number of attacks is assumed to be far higher.
Detecting attacks is only the first step. The report indicates that Bosnia needs a comprehensive strategy to direct government and societal efforts to defend against threats from the cyber world.
This report also cites the lack of comprehensive cyber-security incident response teams, CERTs, as a critical problem, as well as the absence of an effective legislative framework.