The authorities did not undertake the necessary activities to ensure the basic prerequisites for cyber security, although last year 24 out of 68 institutions in Bosnia and Herzegovina (BiH)were exposed to cyber attacks, and this endangers the business of public administration and can lead to the alienation of data and financial resources necessary for the functioning of the country and everyday life citizens, warn from the Office for the Audit of Institutions of BiH.
In the report on the audit of the performance of the activities of the institutions of BiH in ensuring the basic assumptions for cyber security, conducted by the Office for the Audit of the Institutions of BiH, it is recalled that last year there was a cyber attack on the institutions of BiH, which suspended the work of employees and prevented access to official websites for almost a month.
“For example, jeopardizing the security of the e-government system would cause a halt in the work of the Council of Ministers and could delay the adoption of important decisions for the public administration and citizens. An attack on the information system of the Ministry of Finance and Treasury in the Council of Ministers would threaten the records of all financial transactions of institutions BiH and could cause the suspension of all payments from the BiH budget,” the auditors state.
Pointing out that there is no official data on the number and type of cyber attacks in BiH, the auditors state that the institutions of BiH were not effective in undertaking activities with the aim of providing the basic assumptions for cyber security.
Due to the above, the Office for the Audit of BiH Institutions has defined recommendations with the aim of contributing to the provision of basic assumptions for cyber security, and the first recommendation is to the Council of Ministers to define deadlines for the preparation and responsibility for reporting on the process of preparing relevant cyber security acts.
A recommendation was sent to all institutions at the BiH level to urgently adopt information security management acts.