Cyber attack attempts are a daily occurrence for most Polish companies. Phishing, i.e., emails or text messages posing as various institutions to steal data and money, pose the most significant threat. The number of ransomware attacks, i.e., encrypting an organization’s resources for ransom, is also increasing. Most entrepreneurs do nothing about fraudulent attempts they recognize. Only a small percentage report incidents to CERT Poland, often unaware of the potential benefits of doing so.
“Looking at KPMG’s ‘Cyber Security Barometer’ from 2024, two-thirds of companies have experienced a cyber incident. As ING, we asked our clients what types of cyber attacks they experience. Phishing is the most common type, where clients receive an attachment or link to a fake site in their emails,” Wojciech Kordas, director of the Expert Centre for Fraud Prevention at ING Bank Śląski, told Newseria agency.
A study commissioned by ING Bank Śląski shows that 56% of companies have encountered phishing attempts. Fake invoices or fraudulent investment proposals were received by 44% of the respondents. KPMG indicates that companies in Poland report a higher level of maturity, with 40% highly rating their internal network security. Yet, nearly one in five companies do not control security in software development processes.
“The most common attacks against companies, as observed by CERT Poland, are ransomware attacks, where an organization’s data is encrypted, stolen, and then a ransom is demanded from the organization. The attack is usually caused by vulnerabilities, such as devices or software exposed to the internet, which criminals search for and exploit for attacks on the organization. Here, updates are most crucial,” says Marcin Dudek, head of CERT Poland.
ING’s study reveals that 90% of entrepreneurs believe they have at least a basic understanding of internet security. However, they may not know specific attack types and protection methods. Half of the respondents correctly defined spoofing – criminals disguising themselves as banks or offices to extort data or money. Slightly fewer knew the purpose of a DDoS attack. The vast majority incorrectly identified the most effective protection method against phishing – it’s not a firewall or antivirus, but a U2F key (identified by only 28% of respondents).
“When a password leaks, criminals can use it to remotely login to a company. If there’s no second factor, like a physical token or a device that must be connected to a computer, then the criminal will gain full access to the company. If there’s no requirement to provide an additional SMS code for email, a criminal having the password will be able to log in and carry out an attack on the organization, for example, using this mailbox to send emails within the organization to extort data or attack other employees,” explains the head of CERT Poland.
Another common mistake is keeping backups in the same network as the rest of the company’s resources. A network breach then risks encrypting all organizational data, including backups created in case of a cyber attack.
“It’s very important to have separate backups. It’s key for recovery after such an attack,” says Marcin Dudek.
“ING, in its study, asked entrepreneurs about their reactions to attempted attacks. It turns out that entrepreneurs usually ignore such attempts and are satisfied that they did not fall for the attack, but they usually do nothing more,” says Wojciech Kordas.
Depending on the attack type, 56% to 69% of respondents reported having done nothing or not remembering. Of the entrepreneurs who reacted, 8-22% reported the incident to CERT Poland. This most often related to phishing and fake invoices. 8-14% reported the incident to the police – most frequently in response to phishing, spoofing, and malicious software. Entrepreneurs most often reported phishing attempts (19%) and spoofing (27%) to banks.
“Not every company reports an attack to us, at CERT Poland, because only a quarter of companies know about CERT Poland. So we see a need to improve our visibility. On the other hand, even when companies know about us, they are often afraid to report, thinking it could have some consequences. I want to reassure – we don’t publish attack information, we don’t share it with media, report data is protected, an entity can only get advantages from reporting, ” assures Marcin Dudek.
As he emphasizes, mass cyber scams require time and money from criminals. Reporting to CERT Poland can disrupt their plans.
“We must be aware that these types of cyber attacks are mass attacks. Emails with links, SMS, and phone calls reach thousands of people. By responding and reporting this incident to CERT Poland, we can break this chain. CERT is able to block a false page or SMS,” underlines a representative of ING Bank Śląski.
One of the tools developed by CERT Poland experts is patterns of SMS created based on reports from citizens. So far, nearly several hundred such patterns have been created, allowing 1.5 million messages from fraudsters to be stopped before they reached users. The team also blocks access to data extortion pages used by scammers. In March 2020, CERT Poland launched a warning list of dangerous websites. Today it adds an average of 265 addresses per day. In 2024, 75 million attempts to access sites on the list were blocked.
“Reporting an attack to CERT Poland offers a range of benefits. First and foremost, it improves visibility, which helps protect other companies. We know what types of attacks are currently being carried out in Poland, what we should be warning against, how we should educate to prevent attacks. But there’s also a direct benefit as we assist in defense against attacks and post-incident, we send a number of tips on how to behave, how to communicate with the media, what actions should be taken in terms of law,” enumerates Marcin Dudek.
ING has been supporting clients in ensuring online security for years. Promoting CERT Poland’s activities is another way to mitigate the negative effects of cybercrime. For the “Cybersecurity for Companies” campaign, the bank, in cooperation with Piotr Konieczny, an internet security expert, prepared “10 rules for a safe company online.”
“As part of the campaign, we remind entrepreneurs of the best way to respond to these types of attacks,” adds Wojciech Kordas. “Entrepreneurs should respond actively and report each attempt of this type of attack on the incident.cert.pl website. This is the right institution which can take action in this area.”
