Should Ukrainian citizens today feel safe online?
Although significant efforts have been made to enhance cybersecurity and online privacy in Ukraine, like many other countries, one cannot guarantee 100% safety.
This is because safety online highly depends on individual actions and awareness to avoid falling victim to cyber threats. Basic knowledge of cybersecurity principles, like making secure passwords, using encrypted connections, and being aware of phishing scams, can make a significant difference. During war time we are protected when we are aware of all threats and have the appropriate skills to counter them.
What are some ways to protect oneself from online threats that anyone can employ?
Absolutely, there are several ways to protect oneself from online threats that are fairly easy to employ:
1. Use Unique and Strong Passwords
Avoid using easily guessable passwords. Consider using a password manager to generate and store strong, unique passwords for each of your accounts.
2. Two-Factor Authentication (2FA)
Enable 2FA on your accounts when available, providing an extra layer of security.
3. Keep your Devices and Apps Updated
Software updates often include security patches for recent threats.
4. Be Cautious of Phishing Attacks
Be wary of unsolicited communications asking for personal information or directing you to log in to a specific site.
5. Use a Secure and Reliable VPN
A VPN can encrypt your data and often provide secure and anonymous browsing.
6. Be Aware of Public Wi-Fi Risks
Avoid logging into personal accounts or conducting any sensitive transactions while connected to public Wi-Fi.
7. Backup Important Data
Regularly back up important data to an external drive or cloud-based service.
8. Configure your privacy settings
9. Educate Yourself About Latest Cyber Threats
Awareness is the key to stay safe online.
What is the most common threat from which data is being stolen/manipulated in Europe, and in Ukraine?
One of the most common threats in recent years has been phishing attacks. This is a method where attackers deceive victims into providing personal information or login credentials. They might send out emails or messages that closely resemble those from reputable companies and ask individuals to verify account details or confirm sensitive information. Once the information is provided, it's used to gain unauthorized access to accounts, steal identities, or potentially carry out financial fraud.
The most common victims of phishing during the active phase of Russia's war against Ukraine are representatives of civil servants, charitable foundations, public organizations, volunteers, elderly people, and relatives of military personnel.
Moreover, Ukraine was significantly impacted by the Petya and NotPetya ransomware attacks in 2016 and 2017, respectively, clearly indicating an increased risk and prevalence of ransomware attacks. In such attacks, malware is used to encrypt a user's data until a ransom is paid to the attacker to decrypt it.
Reports have also indicated an uptick in Advanced Persistent Threats (APTs), where hackers gain persistent and unauthorized access to network infrastructure to monitor activity and steal data over an extended period. In January to February 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) under the SSSCIP handled over 300 cyber incidents and cyberattacks.
Starting this year, CERT-UA records an increasing number of attacks aimed at espionage, with a focus on maintaining continued access to target organizations. Applications for data collection and remote access to user devices prevail among the malware spread by Russian hackers. This might be a sign that Russia is gearing up for a long war. Through their hackers, they attempt to get any information that might be useful for conventional warfare against our country — from military draft data to weapon logistics secrets.
So, while phishing might be the most commonly observed technique, ransomware, APTs also represent significant threats for data manipulation and theft in Ukraine.
How would you describe Europeans’ attitude towards privacy and personal data protection vs. your countries’ attitude?
In Ukraine, awareness and concern about data privacy have been increasing over the years, especially with the growth of digital services.
The Ukrainian Parliament passed a law in 2010 to strengthen personal data protection. Since then, there have been continued efforts in enhancing data protection regulations to align with European standards, highlighting a growing formal emphasis on the matter.
In comparison to some Western European countries or the USA where data privacy laws (like GDPR in Europe, CCPA in California) are firmly established, Ukraine may still be in the process of strengthening its legislation and enforcement in relation to data protection and privacy.
Nevertheless, the level to which individuals in any country, Ukraine or otherwise, value their online privacy can differ greatly. This may be due to factors such as personal experiences, tech-savviness, or education on digital privacy. Efforts to educate the general public about the importance of online safety are crucial to developing a culture of robust data protection.
Unfortunately, I believe that the level of understanding of the importance of data protection among citizens in Ukraine is low. That is why my organization - MINZMIN - creates educational campaigns for children and adults in the field of privacy.
Are EU institutions safe from cyber-attacks? How about your country's institutions?
Cybersecurity is a significant issue for all countries, and no country or institution is completely immune to cyber-attacks. In recent years, Ukraine has indeed been the target of several major cyber-attacks, which have led to a renewed focus on improving cybersecurity across the nation's critical infrastructure.
On a legislative level, Ukraine has implemented the law about the main principles of ensuring cyber security of Ukraine and developed a National Cybersecurity Strategy, indicating serious intent to bolster cyber-defence infrastructure.
However, defending against cyber threats is an ongoing effort that requires constant vigilance, regular updates, and strong cooperation between all parties involved. This includes government institutions, private businesses, and individuals. Continued investment in cybersecurity measures, constant updates to defensive strategies to meet evolving threats, regular audits of existing security measures, and a culture of cybersecurity awareness amongst employees are all essential for ensuring robust protection.
While strides forward have been made, cybersecurity is an ever-evolving field. The nature of the threats is always changing, as are the technologies to defend against them. It's crucial to regularly reassess cybersecurity measures and adjust them as needed.
Is the business sector following the latest trends in cyber-security? Are private companies investing in security?
The business sector in Ukraine has indeed been increasing its focus on cybersecurity in recent years, following a rise in cyber threats globally. Many businesses, particularly those in critical industries such as banking, finance, and telecommunications, are investing heavily in cybersecurity to protect their digital assets and customer information.
Investments are typically directed towards building up cybersecurity infrastructure, implementing advanced threat detection systems, hiring skilled cybersecurity professionals, and providing cybersecurity training for employees.
There has also been a growing trend in cyber insurance in Ukraine, as businesses seek ways to mitigate potential financial losses from cyber threats.
However, cybersecurity preparedness can vary significantly among businesses. Smaller businesses or those with less available resources might not have the same level of cybersecurity provisions as larger corporations.
It's important to note that having the latest equipment is only part of a comprehensive cybersecurity strategy. Regular employee training, process auditing, and maintaining a culture of security awareness are equally vital in minimizing the risks of cyber threats.
Are parents, teachers, and school children sufficiently aware of the cyber landscape? Are they informed enough to protect their data?
Many schools and educational institutions are taking steps to increase cybersecurity education. There have been initiatives, including campaigns and workshops, aimed at raising awareness and teaching students, parents, and teachers about online safety. Topics often include things like creating strong passwords, identifying phishing attempts, and practicing good digital hygiene.
However, there is often room for improvement. The rapid advancement of technology, combined with the increasing sophistication of cyber threats, often means that education and awareness initiatives need to be regularly updated and reinforced.
In order to protect their data and navigate the digital world safely, it's essential for students, parents, and teachers to be knowledgeable and vigilant. In addition to simple, practical measures (like strong, unique passwords and software updates), knowledge about evolving threats, and strategies to counter them, is key to enhanced security. This includes being aware of the potential dangers of sharing too much information online, recognizing the signs of cyberbullying, and understanding one's rights to online privacy.
The Ministry of Digital Transformation, NGO MINZMIN, the International Renaissance Foundation, EUAM Ukraine and other partners on the government portal Diia Education - created practical guides, video simulators and educational series for children, teenagers, parents and educators. They are available in Ukrainian and English.
What are the “weak spots” of parents, teachers, and school children when it comes to cybersecurity and personal data protection in Ukraine? What habits can they develop to better protect themselves?
Cybersecurity education and awareness are essential in addressing weak spots related to cybersecurity and personal data protection. Some potential vulnerabilities for parents, teachers, and school children in Ukraine (and indeed globally) might include:
- Lack of Awareness - Basic awareness of different types of online threats and how they operate is foundational to internet safety. Users who are unaware cannot take steps to protect themselves.
- Sharing too Much Personal Information - Children especially may not fully understand the implications of sharing personal information online, making them more vulnerable to risks such as identity theft or online predators.
- Falling for Scams and Phishing Attempts - Not being able to recognize suspicious messages or links can lead users to disclose sensitive information to cybercriminals.
Here are some habits that can help them to better protect themselves:
1. Education and Awareness
Learn about different types of cyber threats and how to respond to them, and keep updated with the latest cybersecurity news.
2. Think Before You Click
Be cautious of clicking on suspicious links, especially from unsolicited emails or messages. This can help prevent falling for phishing attempts.
3. Limit Personal Information Shared Online
Be mindful of what you're sharing on social media and other digital platforms. The more information shared, the more potential risk.
By developing these habits, parents, teachers, and kids alike can significantly improve their online safety.
How would you describe the trend in recent years in terms of digital safety & privacy for the CSOs in Ukraine?
The trend in recent years shows an increased focus on digital safety and privacy within NGOs in Ukraine. This is due to several factors:
1. **Increasing Cyber Threats**
Ukraine has faced a surge in cyber threats, including those specifically targeting non-profit and civil society organizations. These threats have highlighted the need for improved digital safety measures.
2. **Increased Awareness**
Several high-profile cybersecurity incidents have raised awareness about the damage that breaches and other security incidents can cause.
3. **Regulatory Requirements**
Ukrainian NGOs that work with European partners or handle European citizens' data must comply with GDPR, which has strict requirements for data privacy and protection.
4. **Digital Transformation**
Like many sectors, NGOs have increasingly digitized their operations, which has necessitated greater focus on protecting digital assets, data, and online communications.
5. **Capacity Building Initiatives**
Various national and international organizations have been investing in capacity building initiatives, including training and resources, to help Ukrainian NGOs improve digital safety and privacy.
While these developments are positive, challenges remain. Many NGOs operate with limited budgets, so finding the resources to invest in cybersecurity can be difficult. While larger NGOs may be able to dedicate resources to digital safety, smaller organizations often struggle.
What would be your message to our readers – what should they avoid & be especially careful about?
Moreover, cybersecurity is not a one-off task, but an ongoing process that requires keeping up to date with the latest threats and appropriate mitigation strategies. Thus, it's crucial for all of us to foster a security culture, continually educate citizens, and regularly review and update security practices as needed.