Afterthought: Cyberattack On Bulgarian Tax Agency

The Bulgarian government’s brief cyberattack mishap is not an unique incident, but it was certainly preventable.

More than 70% of data on Bulgarian citizens were stolen from National Revenue Agency (NRA) recently. The incident evidently exposed vulnerability in Bulgarian cybersecurity strategies. A similar incident was also witnessed in Miami as the Riviera Beach government was forced to pay US$600,000 in ransom to hackers who launched cyberattack on the system.

The unfortunate incident was suspected to have occurred since June 2019 but it was not made public until third parties escalated the fiasco. E-mails were sent to news outlets by a hacker claiming responsibility for the cyberattack. Had the media was not alerted on this breach of data, the damage could be worse – in a nation whereby 5 millions Bulgarians, and 7 millions foreigners reside at the EU nation.

Culprit Identified

Possible Russian ties were suspected to play a hand in this incident. This is because the mail sent to the news agencies came from a Russian domain.

In reality, a white hat hacker from Sofia, Bulgaria was held accountable and arrested. He was later released and charged with terrorism.

Where Malaysia stands in the world of cybersecurity? One major setback is facing the local enterprises to implement a solid security strategy.

Vulnerability Identified

Weaknesses in cybsersecurity measures of Bulgarian government leaves opportunities for cyberattack to take place: Out-of-date computers and lack of preventative actions.

The government Commercial Registry also suffered a cyberattack less than a year ago. It is more than likely that the cyberattack prevention measures were not reinforced by the federal government since last incident. Ultimately, this leads to another episode.

How To Prevent Cyberattack?

Data loss is an economic loss for enterprises and government agencies alike. Cybersecurity specialists should deploy smarter strategies to prevent cyberattack disaster experienced by Bulgaria’s NRA.

Reinforce Wireless Security: Extensive review of wireless devices must be completed prior to installation. Vulnerabilities in such devices provide ample opportunities for hackers to enter the network. Continuous maintenance is also required to safeguard the network. One can opt to keep an inventory of devices and access points to monitor suspicious activities.

Data encryption: IT specialists at the workplace should be trained to familiarize with data encryption techniques. Converting files into unintelligible data makes it harder to be decoded by cyber criminals. Different encryption schemes such as PC’s own encryption program, secret key encryption, and public key encryption are available at an expert’s disposal.

Protect Mobile Device: It is uncommon for employees to complete their works out of office and work at home. Some may even take advantage of workplace productivity breakthrough such as Microsoft 365 to work anywhere.

Some general rules of thumb may apply to prevent data theft on mobile devices:

• Do not jailbreak mobile devices.
• Avoid processing sensitive data on the device without encryption programme.
• Do not open or follow URLs sent from suspicious sources – e-mail, SMS, and MMS.
• Be cautious when connecting to public Wi-Fi.

It is generally a good idea to work in the safe and secured workplace only. Should the need to work elsewhere arise, it would be wise to install anti-malware softwares in the mobile devices.C

Monitor IT outsourcing: Enterprises may need to employ IT-enabled business solutions for their enterprise. Third parties should be closely monitored by internal IT practitioners. Some practices can be applied in such scenario.

• Access to privileged accounts on Administrator level issued should supervised to prevent unauthorized use and access to restricted data.
• All user ID and privileges of a resigned employee must be revoked immediately.
• Security best practices such as regular update of patches, virus signatures, and password policy should be enforced at all times.

Better Cybersecurity Policy

For any corporation which manages high load of user data, data theft must be prevented at all cost. This is true for government agencies and private enterprises in banking, finance, healthcare, and others.

To accomplish this, professional training for IT specialists must be prioritized. Loss of data is equivalent to the loss of consumers’ trust in the corporation as well.