Slovenian firms warned to take cybersecurity seriously

Slovenian companies and institutions have been warned to take cybersecurity seriously after the global ransomware attack that hit tens of thousands of targets on Friday.

Slovenian IT experts Gorazd Bozic and Bostjan Kezmah pointed out that in most cases, price wins over quality when security systems are selected, ensuing system vulnerabilities make the work of hackers easier, the Slovenian Press Agency (STA) reported on Saturday.

Kezmah, an ISACA certified information systems auditor, told the STA that big privately-owned companies in Slovenia were more aware of the importance of cybersecurity than the public administration as well as small and medium-sized enterprises.

The ISACA is an international professional association focusing on IT governance, previously known as the Information Systems Audit and Control Association.

According to Kezmah, because it picks security systems via public procurement in which price is the decisive factor, the public administration in particular is at risk, as it ends up picking systems of poorer quality. Tender rules are too lax, he stressed.

Kezmah said that institutions should turn to experts for help in drafting the tender rules so that only companies providing quality protection could apply.

Bozic, the head of the Slovenian Computer Emergency Response Team (SI-CERT), agreed that something should change in the field. For example, insurers should start offering cybersecurity insurance packages.

SI-CERT received eight reports about Friday's attack in Slovenia, including by Revoz, Renault's assembly plant in Novo mesto. The plant had to halt production because its computers were locked and the company was requested to pay 300 U.S. dollors in bitcoins in three days to unlock them.

SI-CERT gets around 4,500 reports of attacks per year, with Bozic pointing to banking as the most high-risk sector because of the vast amounts of money handled by banks. Endit