Poland in the Digital Crosshairs: Why Are We the Second Most Attacked Country in the World?
A Digital State of Emergency: Poland on the Cyberattack Podium
If you follow cybersecurity news with the same enthusiasm as the weather forecast, the latest reports from ESET might have sent a shiver down your spine. The global "ESET Threat Report" makes it clear: Poland is a key target for cybercriminals, holding the infamous second place worldwide for the number of attacks. This is not a typo. At the same time, another crucial report, "The Cyberportrait of Polish Business 2025," prepared by ESET and DAGMA IT Security, mercilessly shows why this is happening. The gap between declared knowledge and real actions in Polish companies is alarmingly wide.
Over the past twelve months, nearly half of Polish companies (48%) have recorded an increased number of attacks, and almost as many (46%) have noticed a significant increase in their diversity. In practice, this means that businesses must deal with increasingly complex attack scenarios, requiring both better technologies and faster reactions.
October, celebrated as European Cybersecurity Month (ECSM), is the perfect moment to take a closer look at what is actually happening behind our screens. This year's thirteenth edition, coordinated in Poland by NASK, focuses on the human factor and the growing role of artificial intelligence in attacks. It's time to take off the rose-tinted glasses and see what the real battlefield looks like.
The Human Factor: Our Weakest Link
Even the best protection systems are useless if the daily habits of employees fail. This is where "The Cyberportrait of Polish Business" report exposes the greatest weaknesses.
- Fatal Password Habits: A staggering 55% of employees use the same passwords for different work accounts and devices. This is like using one key for your home, car, and office – losing one means compromising everything.
- Lack of Training: This is perhaps the most alarming statistic – over half of employees (55%) have not participated in any cybersecurity training in the last five years. The report's authors describe this result as "fatal," and it's hard to disagree.
- Fear of Reporting: Disturbingly, 17% of employees who experienced a cyberattack at work did not inform anyone about it. Such a lack of reaction can lead to the uncontrolled spread of the incident throughout the company's infrastructure.
Added to this is a new, powerful threat – artificial intelligence. Awareness of it is minimal. As many as 58% of employees have never heard of the term "deepfake," and only 28% (including IT experts!) have participated in training on AI-related threats. The result? Nearly one in five employees (19%) admitted to sharing sensitive data, including financial information or confidential client data, with AI tools like ChatGPT.
DDoS, or a Flood of Packets: When Your Toaster Attacks Servers
Imagine thousands of your devices – from your fridge and router to your security camera – suddenly starting to send useless data to one place on the internet. This is the essence of a DDoS (Distributed Denial of Service) attack, which aims to paralyze a victim's server by flooding it with traffic.
Recently, the company FastNetMon reported thwarting one of the largest such attacks in Europe. At its peak, it reached a staggering 1.5 billion packets per second (1.5 Gpps). The source of this digital tsunami was thousands of infected IoT devices and popular MikroTik routers, spread across more than 11,000 networks worldwide. The attack was so powerful that it targeted a company specializing in... protecting against DDoS attacks. It's like trying to ram a tank factory with a tank.
Pavel Odintsov, founder of FastNetMon, warns that the mass exploitation of consumer hardware to conduct attacks is becoming an increasingly serious threat. Unfortunately, many Polish homes and businesses are unknowingly part of these global botnet armies. DDoS attacks are becoming more powerful – CERT Orange Polska reports a record attack in May 2025 that reached over 1.3 Tb/s.
Stores Under Fire: Ransomware and Security Flaws
Poland is also a prime target for ransomware attacks. A particular source of concern is that over half of the surveyed experts (54%) expect such attacks to become much more frequent in the near future.
But the threats to e-commerce are not just about ransomware. Adobe recently issued a warning about a critical vulnerability in its Adobe Commerce and Magento Open Source platforms. The flaw, dubbed "SessionReaper" (CVE-2025-54236), received a CVSS score of 9.1/10, meaning it's like a digital time bomb. An input validation error allows an attacker to take over customer accounts.
The e-commerce security firm Sansec rated "SessionReaper" as one of the most severe vulnerabilities in Magento's history. This shows how thin the line is between a successful shopping trip and a complete compromise of customer data.
The Never-Ending Story: A Festival of Vulnerabilities vs. Reality
Every second Tuesday of the month is "Patch Tuesday" for IT administrators – the day Microsoft releases security updates. September was no exception, bringing a real flood of critical vulnerabilities. This relentless arms race shows that there are no secure systems – only patched ones and ones that will soon be attacked.
And what is Poland's response to these threats? Unfortunately, it's bleak. Instead of building digital fortresses, we often put up fences made of twigs.
- Just 53% of companies use antivirus software. This means that almost half of all businesses operate without basic protection.
- Multi-factor authentication (MFA), one of the simplest and most effective security measures, is used by less than 25% of companies.
This shows that even the absolute basics of protection are underutilized in Poland. Fortunately, there is a glimmer of hope – cybersecurity is one of the few areas where companies are not planning budget cuts, with most maintaining or increasing their spending, treating it as a strategic priority.
From Digital Attack to Physical Blackout and Legal Chaos
The line between the digital and physical worlds is becoming increasingly blurred. The best example of this is the recent incident in Berlin, where the arson of high-voltage pylons by an anarchist group cut off power to over 50,000 customers. This physical attack on critical infrastructure shows what can happen when control systems become the target.
At the same time, there is chaos at the legislative level. The EU's NIS-2 directive was intended to expand the range of entities required to implement security standards. The reality? Over a third of those responsible for IT (36%) are unsure whether their company is even subject to the new regulations, which raises questions about their effective implementation and communication. In an unstable geopolitical environment, digital sovereignty is also growing in importance. Nearly six out of ten specialists (59%) prefer European technology providers, and half of the companies surveyed consider dependence on software from outside Europe a potential threat.
Time to Act
"The Cyberportrait of Polish Business 2025" report paints a picture of companies that increasingly understand the importance of cybersecurity but are still struggling with significant gaps – from the daily habits of employees and inadequate training to the failure to fully utilize basic protection tools. Digital security is not a matter of a single action or a single department. It is a system of interconnected vessels, where the weakness of one element can nullify the effort put into the others.
European Cybersecurity Month is an excellent opportunity to raise our guard. Update your software. Enable multi-factor authentication. Don't click on suspicious links. And above all – invest in regular employee training. Because in this game, it's not a question of if we will be attacked, but when. And our preparation will determine whether it ends as a minor incident or a digital catastrophe.
Sources:
- ESET, DAGMA IT Security, "The Cyberportrait of Polish Business 2025"
- ESET, "ESET Threat Report H2 2024"
- Adobe Security Bulletin
- FastNetMon Blog
- NASK, "European Cybersecurity Month"
Also read about Russian cyberattacks on Poland, attacks on the Polish energy sector, and the elite APT28 group behind many operations against Poland. Learn more about the NIS2 Directive and its requirements.
Aleksander
About the Author
Dyrektor ds. Technologii w SecurHub.pl
Doktorant z zakresu neuronauki poznawczej. Psycholog i ekspert IT specjalizujący się w cyberbezpieczeństwie.
Powiązane artykuły
Krajobraz Cyberzagrożeń: Wzrost Ransomware, Ataki na Cisco i Krytyczne Luki VMware
Pierwszy od trzech lat wzrost ataków ransomware, sponsorowane państwowo kampanie wykorzystujące luki w zaporach sieciowych Cisco i pilne aktualizacje dla produktów VMware – witajcie w październiku.
AI: Nowy Oręż w Arsenale Cyberprzestępców
Rok 2025 przynosi rewolucję w cyberbezpieczeństwie, gdzie Sztuczna Inteligencja staje się bronią obosieczną. Najnowsze raporty ENISA i OpenAI ujawniają, jak AI napędza zarówno zaawansowane ataki, jak i innowacyjne metody obrony, redefiniując pole cyfrowej bitwy.
Anatomia Katastrofy: Dlaczego Cloudflare zamilkł? Techniczna analiza incydentu z 18 listopada
18 listopada internet wstrzymał oddech. Cloudflare, gigant CDN, zamilkł na kilka godzin. To nie był atak DDoS, lecz błąd, który obnażył kruchość współczesnej infrastruktury. Oto dogłębna analiza techniczna tego, jak jedna zmiana uprawnień w bazie danych położyła na łopatki połowę sieci.
Komentarze
Ładowanie komentarzy...