In the footsteps of the black swan: what cybersecurity experts talked about at the conference “Smart solutions – smart country”

The year 2020 was diplomatically called “extremely atypical” in his report Andrey Golov, CEO of Security Code company. Step by step, he traced the chain of changes brought about by the coronavirus pandemic. “Remote” destroyed the usual security perimeter of corporate infrastructure, giving rise to new patterns of consumption of IT services and, as a result, significantly changing the landscape of cyber threats. Added to the above are a macroeconomic perfect storm, a cascade of government lockdowns, and a disruption in supply chains.

Andrey noted the explosive growth in demand for network security solutions and their service personnel, logically moving on to the inevitable acceleration of the digitalization of social services, which has already begun.

All these challenges require work that can only be done at the state level. This includes, in particular, the integration of the entire IT technology stack as part of the import substitution process. The dialogue between the country’s leadership, the expert community and business is under way in this direction, and Andrey assessed its results as positive.

Separately, the speaker dwelled on the issues of ensuring “digital sovereignty”. Now this issue is being dealt with all over the world, and it is extremely important for Russia to keep up with global processes. Indeed, in the near future, IT systems will control literally all life in the country. The country’s leadership understands this and continues to increase the requirements for the protection of critical infrastructure.

Seven Cybersecurity Trends That Will Influence Your Organization in 2021

Perhaps the most “rich in new trends” was the report Alexei Lukatsky, a Cisco Security Business Consultant. Alexey identified seven main trends related to cybersecurity, both directly and in terms of business.

• The regulatory burden on operators of information systems is increasing and the responsibility for violations is being tightened.
• The most important metric in information security is the time to detect an attack, and information security reports include more and more metrics related to the business goals of the enterprise.
• The inability to provide absolute protection against threats shifts the focus of information security services from preventing attacks to timely detection and response to them.
• The weakest link in any security system is the person. The number of attacks related to social engineering will only grow.
• The number of security events in a complex information security system exceeded the physical capabilities of specialists to respond to them.
• Attackers are increasingly targeting not their victims directly, but their software and hardware vendors.
• The importance of “Safe development”, which imposes new requirements on the creators of software code at all stages of its production.

Cybersecurity in the digital transformation era

The world is sinking into digital, and uncertainty is growing. The number of cyberattacks that threaten the new reality is also growing. Nikolay Fokin, Head of the Information Security Department of LANIT-Integration, recalled that cyberattacks are in the TOP-5 of global threats along with climate change, epidemics and natural disasters. By 2022, according to the WEF, the damage to the global economy from cybercrime could reach $ 8 trillion.

With the advent of the coronavirus pandemic, the cyber threat landscape has changed dramatically. A recent report from Interpol said that with the arrival of COVID-19, more and more hacker groups, seeking to increase their income, began to shift the focus from individuals and small businesses to large corporations. Attacks on industrial enterprises using encryption programs have become a fashionable trend. The long-term production downtime caused by these attacks entails huge losses, and even the payment of the ransom does not guarantee the injured party the return to its own infrastructure.

“One of the most common attack vectors for ransomware is RDP… In the shadow market, the cost of purchasing an organization’s credentials is only $ 20. At the same time, most companies do not apply the necessary means of protection against this threat. “

Nikolay Fokin

Nikolai’s conclusion is not encouraging: 90% of companies can still be hacked in a few days, and 77% of businesses do not have a clear plan for responding to cyber incidents. This situation can only be helped by a total revision of all IS policies, tightening control over the means of remote access, the introduction of multi-factor authorization technologies and programs for training personnel in the rules of “digital hygiene”.

Project “Safety of children of KhMAO-Ugra on the Internet”

The digital transformation of society has had a great impact on the formation of the child’s psyche, which is now taking place surrounded by all kinds of gadgets. He devoted his report to the protection of the second generation of “digital natives” Konstantin Ignatiev, an expert at Kaspersky Lab for child safety in the network.

More than half of parents admit that they use gadgets to keep their children busy. Nine out of ten parents use electronic devices to educate their children aged 3-6. To make these processes as safe as possible, the project-finalist of the IT Stars award named after Georgy Gens “Child safety in the Khanty-Mansi Autonomous Okrug-Ugra on the Internet” is called upon.

The Khanty-Mansiysk Autonomous Okrug became a platform for an experiment not by accident. Many parents work here on a rotational basis and are often unable to control the time their child spends on the Internet or the nature of the content they consume. A special product Kaspersky Safe Kids was called to help them in this.

During the year of its use, children’s Internet traffic has undergone major changes. Interesting was the drop in popularity of computer games from 32% to 16%. This is most likely due to the fact that the parents considered this category the least desirable. But the traffic of news resources, online stores and banks has grown significantly. The project has already received numerous thanks from parents, teachers and representatives of the district administration.

Protection against unauthorized access to business infrastructure

With the spread of business digitalization among all tools for analyzing information security of corporate infrastructure pentest comes to the fore. Murad Mustafayev, Head of Information Security at Onlanta, and Dmitry Donskoy, Development Director of the Echelon Group of Companies, spoke about how a premeditated hacking helps to objectively determine the level of security of a company, and gave a living example.

The main conclusion of the experiment was a clear understanding of the need to monitor all IS events in real time. The best way to do this today is to use SIEM systems… It is not surprising that such tools are given a lot of attention in Federal Law No.187-FZ, which is dedicated to the requirements for protecting critical information infrastructure.

Enterprise virtual cloud security

Report Dmitry Zhechkov, Business Development Manager for VMware Network Virtualization and Security in Russia and the CIS, was dedicated to new approaches to ensuring information security in the context of the “new normal”. In parallel with the trend of business digitalization and the massive transition to remote work, three main potentially vulnerable areas have emerged in the IT infrastructure of any enterprise:

• remote users;
• custom devices;
• applications not monitored by company security.

The traditional approach to protection, based on the use of a large number of specialized products (software and hardware), leads to an overcomplicated infrastructure and its saturation with dozens of disparate information security solutions, which themselves can become a target for an attack. According to VMware experts, the future belongs to universal digitalization platforms, already equipped with native and elasticly scalable information security tools that operate at three critical levels: on any device, in all applications, in all clouds (private and public).

VMware has already taken this path by offering secure digital enterprise ecosystems based on Workspace ONE, Carbon Black, NSX and CloudHealth solutions.

Economic assessment of information security risks

And now a little about my performance. I work as the head of the department of information security department of LANIT. For more than eight years, our company has been consulting in the field of assessing both information security risks and broader risks related to the functioning of the business as a whole. The risk map created during this time includes 152 indicators, summarized in nine groups:

• production;
• infrastructural;
• managerial;
• organizational;
• anthropogenic;
• legislative;
• sanctions;
• violations;
• reputational.

The analysis of more than 3 thousand incidents allowed our team to deduce general patterns that help to understand what economic damage can be caused by certain undesirable events. So, for example, the LANIT experience shows that the damage from incidents related to the disruption or blocking of business as a result of a hacker attack for medium-sized companies, as a rule, is in the range of 0.5-10% of annual turnover. Damage from theft of confidential information can reach 100% of the annual turnover. Moreover, the smaller the company, the higher the level of damage.

Information security remains one of the key areas of IT. The tonality of the reports presented at the conference “Smart Solutions – Smart Country” suggests that the problem of its provision is not just not solved, but every year it becomes more and more urgent. This means that we will continue to discuss it next year. Including – on Habré.

Video recordings of reports, as well as presentations of speakers of the conference “Smart Solutions – Smart Country: Innovative Technologies for New Reality”, organized by LANIT, are available until February 1, 2021 at platform of the event… You will need to fill out a simple registration form and select the material of interest in the “IT Knowledge Library” section.