The cyberattack against the Shirbit insurance agency is still ongoing, and the hackers' ransom demand still stands. The firm is set to face multiple legal and economic hurdles. What kind of information did the agency have? Apparently home addresses, credit card numbers, past insurance claims, copies of checks, outpatient summaries, payslips, and other personal information that could cause long-term damage to some of the insured.
The hacking of Shirbit's databases also raises questions about the vulnerability of other databases, chief among them those managed by local authorities. While government databases are relatively secure - the exception being a leak of the Interior Ministry's population registry data in 2006 – local authorities are the weakest link in the cybersecurity chain. How weak? In February 2015, the government called for the promotion of cybersecurity preparedness across all of Israel's local authorities. In practice, Interior Ministry cybersecurity preparedness is in its infancy, and a professional body for overseeing general preparedness on a local level has yet to be established. As both the Justice and Interior Ministries continue to hold the other responsible for this task, each local authority is left to contend with the issue alone, as they see fit, and according to what their budget allows.
Follow Israel Hayom on Facebook and Twitter
What kind of information do local authorities possess in their databases? A conservative estimate would indicate far more private information on Israel's citizens than that kept by insurance agencies. For example, information on education systems; shuttle systems; information pertaining to the municipal hotline; including access to cameras, internal communications by clerks, credit card information, addresses, welfare databases, at-risk youth – a massive trove of sensitive data to say the least. On Wednesday, hackers accessed the Herzliya Municipality's computers. While the details of the event have yet to be revealed in full, the city is one of 15 independent municipalities that do not receive government funding. What kind of chance do other, less affluent municipalities have at preventing an attack?
Hacking into a municipal database is far easier than breaking into a private insurance agency. Who will take responsibility once information is leaked? The state comptroller has spoken to the importance of the issue a number of times, including in his most recent report two months ago. From their responses to the report, we learned that only 20 of the 257 internal auditors of local authorities focused on the issue of cybersecurity between 2008 and 2015. The comptroller recommended the Interior Minister clarify the guidelines on "future threats," in particular in the field of cyber, a field he said, "has not been adequately regulated in local authorities." A series of recent cyber threats to local authorities makes one thing clear: It's only a matter of time before hackers break into a local authority's database, and by the time we learn about it, the damage will have been done.
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
