The real estate cadastre under attack: what is the lesson for your business?
Slovakia found itself in a chaotic situation. On January 7, 2025, the real estate cadastre information system was hit by one of the most serious cyberattacks in Slovakia's history. The attackers who accessed the state servers encrypted sensitive data (a so-called ransomware attack) and are demanding a seven-figure ransom in dollars for its recovery. (source: zive.sk) Electronic services are unavailable, cadastral offices are closed. And worst of all, the state does not have sufficient data backups, which only complicates the recovery process after the attack. How can we all learn from this attack?
The Simplest Security Holes
In cybersecurity, even the smallest weakness can open the door to unwanted attackers. This incident sheds light on several potential failures that could threaten your business:
- Phishing emails: It only takes one careless employee clicking on a malicious link for attackers to gain access to data or install harmful software.
- Unpatched software vulnerabilities: Databases like CVE Details clearly record known errors. Without regular software updates, systems remain easy targets.
- Poorly secured RDP connections: RDP is a protocol that allows remote connection to a computer. If remote accesses were set up incorrectly, hacking the portal was just a matter of time.
And most importantly – insufficient data backups. Without regular, secure, geographically separated, and tested backups, data recovery is practically impossible, which unfortunately proved to be a serious weakness in this case.
How to Eliminate Potential Threats Not Only in E-commerce
In today's digital era, responding to such incidents is just firefighting. What can protect you from massive financial losses, loss of public trust, and paralysis of key services is prevention.
From a cybersecurity perspective, our IT team at ui42 has identified several key steps that can help you reduce the risk posed by similar attacks:
- Regular software updates
Every update is a small shield against big threats. Ignoring updates means leaving your systems open to risks. - Strong firewall as the first line of defense
A firewall is not just technology – it's the first line of your defense against unauthorized access. - Threat Detection Systems
Suspicious activity? Automatic response. Modern threat detection tools are like your personal cyber alarm. - Regular penetration tests and security audits
Want to know where your system has weaknesses? Don't wait for attackers to find them – uncover them before it's too late. - Regular and secure data backups
Back up regularly and securely – necessarily to a geographically separated storage that is not directly connected to the system. - Incident response plan – your plan B
Every good strategist knows to be prepared for the worst. Having a clear and effective plan to handle a cyber attack is the difference between chaos and control. - Security from multiple perspectives
We recommend public institutions ensure a Two-level access, where one supplier implements security measures and another conducts independent audits to verify effectiveness and reveal potential gaps.
Basic and Quick Recommendations:
- Two-factor authentication (2FA)
Forget simple and repetitive passwords. With two-factor authentication, you add another level of protection. - Limiting employee access
Less access means less risk. Scale access according to role. Employees should only have access to the systems and data they truly need for their work – nothing more, nothing less. - Employee training and phishing simulations
Cybersecurity starts with people. Train your team, simulate unannounced phishing attacks on your employees, and teach them how to defend against the most common tricks of attackers.
uičkovský tip: Anyone who operates in the world of web applications has surely heard of the OWASP Top Ten project. It is an overview of the most critical vulnerabilities that can threaten your web. If you want to see the full list of critical vulnerabilities, we recommend visiting the official OWASP Top Ten Project website.
Always Stay One Step Ahead
In cybersecurity, there is no middle ground – you are either prepared or you pay. And if you think "it can't happen to us," know that everyone is a target because everyone has something to lose.
Prepare with a comprehensive strategy, strengthen your systems to the level of a digital fortress and always stay one step ahead of threats. It doesn't matter whether you lead a small team or a large institution – prevention and quick response to changes are your best protection.
Need to test/improve your online security? Fill out the form below and we will get back to you.
