The Government Plenipotentiary for Cybersecurity has warned of increased activity by hacker groups. Recent attacks have particularly targeted the healthcare sector. At the same time, the statement clearly indicates that the problem is not limited to medical facilities. The Plenipotentiary recommends that all organizations take action, as similar campaigns have also affected other sectors of the KSC.
The document places great emphasis on analyzing IoCs, or indicators of compromise. Such a review can help detect the presence of attackers in the infrastructure even before a full-scale incident occurs. This is particularly important in the context of ransomware and data theft. The statement therefore serves not only as a warning but also provides organizations with practical guidance for swift action.
The Commissioner primarily recommends strengthening perimeter security and remote access controls. Among other things, it highlights updating firewalls, disabling publicly accessible RDP services, enabling MFA for VPN and RDP, and implementing geo-blocking. The document also emphasizes the importance of Active Directory security. Organizations should monitor privileged accounts, analyze login anomalies, reset administrative passwords, and limit the use of domain administrator accounts on workstations. Monitoring, log centralization, and daily analysis of security alerts remain equally important.
The guidance also strongly emphasizes the role of backups. Backups should operate outside the domain, and the organization should regularly test data recovery. The Commissioner also notes that storing copies in WORM mode constitutes a minimum security requirement. The conclusion is simple: organizations should treat this document as a list of urgent actions, not merely a formal warning. Today, it is precisely rapid response, good access hygiene, and operational resilience that often determine the scale of losses following an attack.
