The National Insurance Institute (NII) has not updated its cyber security and information security policies for around ten years, in spite of the fact that the threats in these fields have developed and NII policy states that these must be reviewed and updated yearly, according to a comptroller report released Tuesday.
It has also been over two years since the NII’s cyber steering committee has met, the report added.
“Especially in wartime, cyber weaknesses are a failure,” said State Comptroller Matanyahu Englman
“We cannot wait for our enemies to lay their hands on NII databases – we must fix the weaknesses long before.”
The NII gets tens of thousands of alerts of cyber attacks a day that must be examined by a lone analyst manning the NII’s cyber control center, the report said, adding that the NII is lacking the proper teams to respond to the threats and alerts it faces.
Some 87% of NII cyber security policies are only upheld partially, and there is no periodic tracking of this, said the report.
The systems the NII uses to transfer…
