October is Cyber Security Awareness Month in Europe. One of the most prominent problems in Lithuania, affecting thousands of users – phone scams. This year, the Communications Regulatory Authority (CRA) took a number of important decisions to tackle these scams: mobile operators were obliged to block access to harmful internet resources and to only forward text messages that match the identifiers provided by the senders.
As of 1 November, a new obligation comes into force for operators to block Lithuanian fixed-line numbers when calls are initiated abroad. Operators will also have to block and not transit calls originating from fixed and mobile numbers or service numbers if the numbers used are not authorised by the CRA and are not assigned to specific service providers.
During a discussion on Friday with representatives of mobile operators, the Lithuanian Criminal Police Bureau, the Bank of Lithuania, the Lithuanian Post, the National Cyber Security Centre (NCSC), the State Tax Inspectorate (STI) and the Center of Excellence in Anti-Money Laundering, it became apparent that the first results of the adopted decisions are coming to light. For example, the NCSC currently blocks around 2,000 attempts to click on harmful links from scammers every day.
Unfortunately, there are also less positive examples – so far, only Lithuanian Post has specified identifying features that operators can use to identify the messages they send to consumers and to block those who try to impersonate them.
Zero tolerance for security incidents
Darius Kuliešius, Deputy Chair of the CRA Council, says that when dealing with such scale persistent problems as telephone fraud, it is very important to work together promptly, cooperating at national and international level, to show zero tolerance for security incidents.
“Together, we can create an effective cyber shield for Lithuania, because our goal is safe users, safe service providers and safe networks,” emphasises D. Kuliešius.
Identifying and preventing incidents before harmful messages reach users’ devices is crucial, he said.
“That’s why we have agreed to continuously identify, assess, eliminate and manage risks. During the meeting, we heard good practices from the financial services sector in implementing compliance requirements, where a very important principle applies: “know your customer”, explains the Member of the CRA Council.
The existing and newly effective Access Network Rules of the CRA provide the tools and opportunities to apply filtering of incoming communication traffic to Lithuania according to the most relevant risk factors. According to D. Kuliešius, this is a necessary, effective and good practice applied in cyber security policies: “We will implement it in Lithuania by working together with all user safety authorities and private entities.”
“The existing and new requirements that come into force with the NIS2 Cybersecurity Directive extend the traditional boundaries of cybersecurity actors, scopes and responsibilities. Providers of electronic communications services need to consider the distribution of SMS and harmful content as a cyber-attack that poses general and individual security risks,” said D. Kuliešius, the Member of the CRA Council.
Updated on 2024-03-15