The number of cyber incidents received by CERT-GOV-GE has totaled 491 during 2019. Today (as of Oct 8) that number is north of 536. The main targets of cybercriminals were the customers of commercial banks.
“The main Cyber-attack vector was fishing of online banking of the commercial banks,” said Nikoloz Gagnidze, Deputy Chairman at LEPL Digital Governance Agency (DGA).
Georgian governmental computer response team CERT-GOV-GE which is under the LEPL Digital Governance Agency of the Ministry of Justice of Georgia has automatized incident management systems and is receiving cyber incidents on daily basis.
According to Gagnidze, within Georgian state structures, the Public Service Development Agency is performing the best in terms of cybersecurity. “They are the best due to the Information Security index that was created by the Digital Governance Agency for performing internal evaluations among critical information systems subjects, which are to comply with the requirements of the Law on Information Security, and PSDA is one of them. In addition, PSDA is a trusted services provider, and the fact puts additional requirements on the organization – PSDA has to comply with European Union eIDAS regulation, with which Georgian legislation was harmonized for the purpose of trusted electronic service provision”.
The Deputy Chairman estimates the cybersecurity awareness among Georgians as poor. “We conduct many activities to raise awareness in cyber, but it’s not enough. We need a communication strategy and a corresponding action plan to perform targeted activities where all stakeholders from the government and private sectors will be involved. And we plan to develop such a strategy with the help of foreign partners”.
In Gagnidze’s words, generally targeted expenses of state institutions, which are in the list of critical information system subjects, related to cyber increased within last years. Mainly the expenses are related to the technical component of cyber.
On the background of growing cyber incidents, Gagnidze emphasizes the importance of cyber hygiene. Pursuant to him, any internet user has first of all to pass the cyber hygiene course and its test in order to realize in which level his/her awareness is. After, within any activity on the internet, the user has to think about what is he/she doing, can this manipulation be related to the risks mentioned during the training? Users have to think, what kind of actions can be performed to stay safe in cyberspace.
In order to encourage Georgian youngsters, involved in cybersecurity, the Government has initiated Olympiad – Cyber Cube – which is being conducted annually from 2015, and approximately 50 teams composed of 3 members are participating in exercises. This year the Olympiad was conducted online due to the COVID-19 pandemic. The format was changed and instead of teams now individual participants were taking part in the competition. Gagnidze positively estimates the overall knowledge of participants of the Olympiad.
“I would rate first top 20 participants as educated taking into account the fact that similar subjects are not being taught at
Georgian universities or secondary schools”.