There is no limit to cyber perfection

[root]

 

[root]

There is no limit to cyber perfection​

How have cyber threats changed and why are most organizations not ready for them

The transition to the digital economy implies not only the introduction of business solutions, but also the protection of information. The development of the Internet of Things, wireless communication methods and remote services requires a different attitude to the cyber security systems of enterprises, experts say.

THE THREAT IS GROWING

According to Kaspersky Lab, almost every tenth cyber incident in organizations is classified as critical and can cause serious failures or opens unauthorized access to classified information. Most often, such situations are recorded in government agencies (41%), IT companies (15%) and financial institutions (13%). At the same time, organizations may be subjected to repeated attacks – security specialists often find traces of previous attacks in corporate networks.

By the end of 2020, Russia has risen to the fifth place in the global Cybersecurity Index, which is formed by the International Telecommunication Union. Russia shares a row in the table with the United Arab Emirates and Malaysia. Spain, the Republic of Korea and Singapore are in fourth place, Estonia is in third, the United Kingdom and Saudi Arabia are in second. The United States is leading in the ranking, with 100 points.

However, according to the Ministry of Internal Affairs of Russia, the number of registered crimes committed using IT technologies increased by 20% in the first half of 2021, to 300 thousand. Against this background, the issue of increasing the level of security of the state information systems of the Russian Federation, as well as personal data of citizens, deserves special attention, said Deputy Head of the Ministry of Finance Alexander Shoitov at the online conference "Access to data and information security in the digital economy".

EVERYTHING HAS CHANGED

Over the past year, the level of cyber threats has increased dramatically. According to Igor Lyapunov, CEO of Rostelecom-Solar, the most significant incidents in the field of information security over the past year were:
A cyberattack against US government departments and private companies using SolarWinds ' Orion software in March 2020.
Hackers attacked the operator of the Colonial Pipeline oil pipeline in the United States in May of this year. The attackers stole an array of data, blocked computers and demanded money.
Amid the increased frequency of cyber incidents, the US Senate Intelligence Committee has developed a bill requiring infrastructure operators, government contractors and federal agencies to report attacks within 24 hours from the moment of the attack, the media reported. If the new rule is approved, the US Cybersecurity and Infrastructure Security Agency (CISA) will fine organizations that did not report the incident within the allotted time.


The whole world has reached a fundamentally new level of attacks on critical information infrastructure (CII) and public administration systems
Now cyber attacks have ceased to be carried out for purely commercial purposes. "More and more attacks are being carried out by very skilled groups on the KII. These attacks are very difficult to detect and repel, " I. Lyapunov notes.


To ensure information security, the following conditions are necessary: the well-
established work of the company's security service;
high-quality threat management and monitoring;
regular testing of actions in emergency situations.
Igor Lyapunov, Rostelecom-Solar:

- Previously, it was believed that monetization in a critical information infrastructure was impossible. But the opinion about the attacks on the CII changed when the strategic oil pipeline in the United States was inoperable for a whole week. The amount of the ransom-according to media reports, about $ 5 million-became a good prey for cybercriminals.

In our country, regional executive authorities are at the very bottom of the conditional information security rating. According to experts, banks and other financial organizations are currently the most protected from cyber threats.

According to Andrey Vybornov, Deputy Director – Head of the Department of Information Security of the Bank of Russia, the tasks of the regulator from the point of view of information security are:
control of cyber risks of credit and financial organizations;
resistance to attacks and ensuring the continuity of the provision of banking services;
protection of consumer rights in the field of the use of social engineering.
At the same time, one of the key tasks is to ensure the security of biometric identification, authentication and cloud electronic signature. All this is extremely important for the remote provision of banking services, emphasizes Vybornov.

LEARN TO DEFEND YOURSELF

But, despite the growing risks, information security is still not a priority area for the development of many organizations, Mikhail Pribochy, managing director in Russia, the CIS and the Baltic States of Kaspersky Lab, draws attention. "When an industrial enterprise is being built, the last thing they think about is IT protection," he noted. As a result, many organizations use an approach in which some of their own protected systems are simply isolated. But this does not work, the top manager emphasizes.

Mikhail Pribochy, Kaspersky Lab:

– One large and well-known Russian company did just that and believed that everything was fine with its security. We signed a contract with her, and on a bet, already in the evening of the same day, we were inside her perimeter.

The employees of Kaspersky Lab were helped to penetrate the smoke sensors that are in every room, the expert shared. You can also use surveillance cameras, pass sensors, and other office equipment to penetrate isolated systems. All of it is electrified and is a potential channel for an attack.

There are many vulnerabilities in CII objects where automated process control systems (automated process control systems) are used. Most automated control system engineers do not believe in the existence of hackers and are convinced of the power of relay protection of automation, the expert says. They rely on the isolation of their systems from the Internet, which is simply impossible.

At the same time, modern malicious software (VPO) consists of hundreds of diverse and complex components. "First, a bot is landed on the attacked site, which is a real control center. He begins to load the corresponding functionality with his own means of protection, " says I. Lyapunov.

Modern malware is a unique IT complex
In the darknet, there is a complex infrastructure with a division of labor: some attackers prepare malware, others create phishing mailings, and others ensure the withdrawal of funds received as a result of the attack. The released malicious software is even guaranteed that it will not be detected by antiviruses. If this still happens, manufacturers immediately release a product update and promptly replace the outdated VPO to the client.

According to M. Pribochy, to ensure security, it is necessary:
to lay down the parameters of cyber protection at the design stage of the enterprise, and not to hang it urgently before threats;
check the internal code of the system for possible vulnerabilities;
systematically train employees in the basics of security.
In addition, a well-developed procedure for responding to cyber incidents is very important. Not all organizations have such documents, complains I. Lyapunov. Meanwhile. cyber studies, during which the coherence of actions is worked out, are an obligatory factor of information protection.

However, absolutely secure systems do not exist, emphasizes I. Lyapunov. The company should have a monitoring system that will detect an evolving attack. In addition, a kind of layered defense system is needed. "Early detection of an attack and its relief before the onset of irreparable damage will help to withstand the attack of hackers," the expert emphasizes.