According to a study of the Polish company AMP Only 15 percent institutions from the public sector orders so -called penetration testsi.e. controlled attacks on ICT systems that are aimed at practical assessment of the current state of infrastructure safety, and in particular susceptibility and resistance to attempts to break the security. Whereas 18 percent does not order any controlled burglaries.
Experts from AMP confront this with the research “The State of Pentesting 2023”, which indicate that 88 percent organization in the world has experienced a violation of security in the last two years, Although on average they use 44 different protection tools.
– according to our research mainly among public institutions Only 15 percent entities order the so -called penetration tests, That is, controlled attacks on ICT systems that are aimed at practical assessment of the current state of infrastructure safety, and in particular susceptibility and resistance to attempts to break the security. As our practice shows in most cases Within 3-5 hours, we are able to break the security of a selected hospital, clinic or local government unit – comments Przemysław Wójcik, president of the Polish company AMP SA.
Continuing text under video material
– Basically, I am convinced that our specialists can break into any public institution in Poland within three days. I can bet on it. And such cyber criminals are not only financial losses, but also threats to human life and health – he adds.
Not only financial losses
“Increasingly, reports of hacker attacks do not end only with financial losses. In hospitals there are interrupted operations, canceled treatments and failures of systems that can cost human life,” AMP experts indicate.
Last month, hackers attacked one of the hospitals in Krakow. The IT system was paralyzed, the operations had to be transferred, some of the documentation was encrypted. The staff saved the situation with paper cards and telephones.
The material also gives other examples from recent years:
- 2021, Germany – the patient died because the hospital in Düsseldorf could not accept her because of the ransomware attack. This is the first documented case of death due to cyber attack,
- 2023, USA – as a result of an attack on the Commonspirit Health hospital system, many facilities had to cancel the procedures, and the results of the research disappeared from the system,
- 2024, France – the University Hospital in Rouen was paralyzed a week after the hacker attack, which immobilized the registration and treatment systems.
In addition, experts warn that traditional anti -virus software has ceased to be an effective shield. Today's cybercriminals have tools based on artificial intelligence that can analyze victims' systemsavoid detection and generate unique malicious code in real time.
– These are no longer meticulous hackers sitting for weeks above the code. Today, they need a few hours and a ready AI tool that will do it for them – says Przemysław Wójcik, president of AMP.
– Cybercriminals began to use the same technologies that until recently were to protect our world. Today Artificial intelligence is able to write a ransomware code itself, analyze the gaps in real timeand even conduct talks with the victim's employees, pretending to be a man. An ordinary anti -virus will not detect this, because it is no longer an attack based on the old signature pattern – it is a dynamic, self -eating mechanism. If the institutions do not start using as advanced defense methods as attack methods, they will lose this war – he adds.
AMP experts believe that conducting penetration texts should be done at least twice a year. Such “legal burglaries” consist in simulating attacks that reproduce the actions of real hackers. Red Team pretends to be cybercriminals and tries to get to the systems, using the same methods: phishing, social engineering attacks, password breaking, port scanning, using gaps in security.
