First BiH Cyber Threat Report presented to BiH MPs meeting with the British Minister

Data from the threat report shows that more than 9.2 million separate cyber attacks were recorded in BiH in November 2022 alone, against a wide range of targets. This illustrates the significant vulnerability of citizens, companies and institutions to cyber security threats, in the absence of coherent strategies, focused regulation and modern capabilities to respond or protect against such attacks.

These are the results of the first report assessing cyber security threats in Bosnia and Herzegovina, whose authors are the Centre for Excellence in Cyber Security (CSEC) and the Balkan Investigative Reporting Network in Bosnia and Herzegovina (BIRN BiH).

Baroness Neville-Rolfe said:

“The first BiH cyber threat report shows that BiH institutions, businesses and the general public are acutely vulnerable to attacks and online interference from around the world. Attacks numbers in the millions, and are already costing businesses, harming institutions, and taking advantage of the public. I hope today’s discussion will help decision-makers better understand what needs to be done now to protect all of BiH society from cyber threats.”

The report prepared by CSEC and BIRN BiH assessed the scale of the cyber threat in BiH and highlighted the growing importance of an urgent government response.

The report was presented to members of the Parliamentary Assembly of Bosnia and Herzegovina (whose systems were targeted last year), European Integration and Security Caucus, different levels of legislative bodies in BiH and discussed with a range of cyber experts. Wider learning and reporting from CSEC and BIRN BiH on cyber security issues were also presented.

An updated threat report will be published every six months, providing an up to date assessment of cyber threat trends, and sharing practical advice on how to protect against them.

CSEC, with the help and support of the United Kingdom Government, has been monitoring the number of attacks using two devices that impersonate a digital target. The most common form of cyber attacks recorded were Distributed Denial of Service (DDoS) attacks, which attempt to disable or obstruct the functioning of an IT system by bombarding it from many different sources simultaneously. CSEC recorded 3.8million DDoS attacks in BiH in November alone. The media in BiH were frequent targets of these attacks. Along with DDoS, attackers often tried to control computers, and to exploit various databases and devices with the Android operating system.

As only two devices were used to monitor attacks, the coverage in this threat report is not comprehensive: the total number of attacks is assumed to be far higher.
Detecting attacks is only the first step. The report indicates that BiH still needs a comprehensive strategy to direct government and society efforts to defend against threats from the cyber world. This report also cites the lack of comprehensive cyber security incident response teams (CERTs) as a critical problem in BiH, as well as the long-standing absence of an effective legislative framework.