When you need to think about the problem of cybersecurity. IBM: Cybersecurity challenges for industrial control systems and critical infrastructure. The most dangerous cyber attacks
Cybersecurity technologies: what solutions are promising and is it possible to fully protect yourself now?
Market overview and expert opinions
Classmates
With the development of the digital economy and computer systems, the global information security market is rapidly growing in size. According to Gartner analysts, in 2018, global sales of IT security products will increase by 8% compared to 2017 and amount to $96.3 billion. This market showed approximately the same growth rates in 2017.
At the same time, the lack of qualified specialists and the complex nature of the information security threats themselves are pushing companies to switch to outsourcing in this area. Thus, in 2018, according to Gartner estimates, spending on outsourcing services in the field of data protection should grow by 11% to $18.5 billion.
ISACA specialists believe that by 2019 the shortage of personnel in the information security sector will increase to 2 million vacancies. Frost & Sullivan analysts come to similar conclusions, noting that about 62% of HR managers already report a shortage of information security specialists.
Global businesses are being forced to increase spending on data protection tools by high-profile stories related to data leaks due to cyber attacks, scandals surrounding large companies or even individual countries, and changing rules for regulating information security. But what could be the threats in the data market?
Experts distinguish three types of information security threats depending on the tasks that security measures must solve: these are threats to availability, threats to integrity and threats to confidentiality. Availability threats include unintentional errors and user failures, as well as systems and the infrastructure that supports them. Integrity threats include risks associated with the actions of attackers, forgery and theft of information. Privacy threats include the dangers posed by unreliable security. confidential information, be it corporate data or information about individuals.
Corporate and personal data
Today, the most common threats to corporate information security are “crime as a service”, risks associated with the Internet of things and the work of companies with suppliers. The use of the “crime as a service” model by non-professional hackers is becoming increasingly widespread.
Cybercrime has now become accessible to almost every novice hacker due to the penetration of low-cost criminal service packages from mature hacker communities into the darknet market. This in turn significantly increases the number of cyber attacks in the world and creates new threats for corporations.
The use of the Internet of Things in various companies also contains potential risks. IoT devices today tend to have weak security, which opens up additional features to attack them. According to Kaspersky Lab, in 2017 the number of malicious programs attacking Internet of Things devices more than doubled. In addition, companies using the Internet of Things cannot always track which of the data collected by smart devices is transferred to external organizations.
Supply chains threaten companies with losing control over the valuable and confidential information they share with their suppliers. Such organizations face all three types of threats: risks of violation of confidentiality, integrity and availability of information.
Anyone can become a victim of hackers
Meanwhile, with information security threats in everyday life almost every one of us faces. For individuals, significant risks are posed by malware (viruses, worms, Trojans, ransomware), phishing (gaining access to user logins and passwords) and identity theft (using other people's personal data for enrichment). In this case, the targets of attackers are accounts on social networks and applications, passport data and credit card data of users.
The issue of selling personal data of clients of large companies to third parties is also particularly relevant now. One of the most high-profile cases of illegal use of a large amount of personal data is a scandal involving the consulting company Cambridge Analytica and social network Facebook fire in March 2018. According to journalists, the British company used the data of about 50 million Facebook users to influence the course of elections in different countries peace.
Promising data protection technologies
Cryptography
Security specialists today pay special attention to cryptographic encryption of information. Cryptographic encryption methods are divided into symmetrical And asymmetrical. In the first case, the same key is used to encrypt and decrypt data. In the second case, two different keys are used: one for encryption, the other for decryption. At the same time, the choice of one solution or another depends on the goals that the specialist sets for himself.
Data encrypted using cryptography remains protected in itself, and access to encrypted information may not be limited at all by any other technology.
Not all developed countries can afford truly strong cryptographic protection tools today. Only certain states, including Russia, have the knowledge and tools necessary for this.
An example of cryptographic methods of data protection is a digital (electronic) signature. Algorithms can be used in its development hash functions- this is the third type of crypto algorithms, besides the other two discussed above. Digital signature allows authentication electronic documents and has all the main advantages of a regular handwritten signature.
Today they use electronic signature not all ( therefore, for example, the possibility of making a number a personal identifier is being discussed mobile phone- it is expected that it will be more affordable option. - Approx. Rusbase), however, its merits have already been appreciated by numerous enthusiasts among individuals and companies. In addition, electronic digital signature- a mandatory element when conducting certain operations in Russia, such as submitting financial statements, participating in procurement, maintaining legally significant document flow and filing arbitration claims in courts.
Quantum cryptography
Analysts call cryptography one of the most promising data protection technologies today. This technology allows for almost absolute protection of encrypted data from hacking.
The operation of a quantum network is based on the principle of quantum key distribution. The key is generated and transmitted through photons brought into a quantum state. You cannot copy such a key. When attempting to hack, photons transmitting information, according to the laws of physics, change their state, introducing errors into the transmitted data. In this case, you can only select and send a new key - until the transfer reaches permissible level errors.
Quantum cryptography has not yet been used in practice, but the technology is already close to this. Active research in this area today is carried out by IBM, GAP-Optique, Mitsubishi, Toshiba, the Los Alamos National Laboratory, the California Institute of Technology, as well as the QinetiQ holding, supported by the British Ministry of Defense.
Blockchain
The development of information security technologies is also closely related to the capabilities of and. When researchers realized that it was possible to enter not only cryptocurrency transaction data into the register, but also various metadata, the blockchain began to actively expand into the field of information security. This technology can guarantee not only the safety, but also the immutability and authenticity of data, and also makes it almost impossible to deceive identification systems.
Today, experts call blockchain one of the most secure, transparent and immutable information storage systems.
The possibilities of using distributed registry technology for credit card verification are already being studied at Mastercard. The payment company says that the integration of the new solution into POS terminals will reliably protect transactions and eliminate the need for users to carry payment cards with them.
Tokenization
One of the most reliable ways to protect payment data is tokenization technology. Its essence lies in the replacement of real confidential data with other values, or tokens. As a result, trading companies may no longer need to store user payment data, and attackers who gain access to information about company customer cards will not be able to use it in any way.
Tokenization is especially actively used in . At the moment, the technology is supported by payment systems and, however, with the development of contactless payments and financial technologies, the use of tokenization may in the near future spread to the entire trade market.
Moving Target Protection Technology
Moving target technology can also make a significant contribution to cybersecurity in the future. Currently this technology is only being tested and is not widely used in practice.
The new protection system was first introduced in 2016 by scientists from the University of Pennsylvania. With the help of moving target protection technology, the developers intend to solve one of the main problems of data protection - to deprive the authors of cyber attacks of access to the code used in encryption. Experts say that the mere fact of encryption is not enough today. To protect data, you need to continuously change the system, and then the attacker will not be able to obtain up-to-date information about its state, which can be used at the next point in time. As a result, planning an attack will be extremely difficult.
Biometric authentication
Among the promising areas of information security, experts also include biometric authentication technologies that allow users to be authenticated by measuring physiological parameters and characteristics of a person and the characteristics of his behavior.
The fastest growing technologies in this segment are voice biometrics and facial recognition. These solutions are already actively used in the field of criminology and social control and are gradually becoming standard function in smartphones. However, analysts believe that the future of biometrics lies in the use of “closed data”, such as heart rate, the pattern of intraocular vessels, the shape of earlobes, and more. In addition, chips implanted under the skin, tablet computers, as well as DNA testing and analysis of human neural connections will make biometric data secure.
On the one hand, biometric data stronger than passwords, but on the other hand, where are the guarantees that they cannot be faked?
Artificial intelligence
Artificial intelligence is opening up new opportunities for information security specialists. Machine learning technologies are already helping to protect corporate data in the Gmail email service. In June 2017, Google introduced new system detects phishing attacks for companies using machine learning technology that sends instant alerts when suspicious links are clicked, sends unsolicited response messages to recipients outside the domain, and offers built-in protection against new threats.
Kaspersky Lab actively uses artificial intelligence for data protection in its work. Machine Learning technology for Anomaly Detection,
According to a study conducted by Orange Business Services and IDC, the market corporate services in the field of cybersecurity in Russia should approach 6 billion rubles (about $103 million) in 2021. The cybersecurity consulting segment will develop fastest on the market. In 2017, its volume in Russia amounted to almost $30.9 million, and in 2021 it will reach $37.8 million. The main reason for the growth of the information security sector, according to experts, is the shortage of specialists in the labor market. As a result, companies are forced to attract external contractors, and this in turn stimulates market development.
Maria Voronova clarifies that data protection should be understood as ensuring the confidentiality, availability, integrity and authenticity of information. At the same time, none of the technologies can perform all these functions simultaneously. Therefore, compliance with each of these principles requires the use of appropriate solutions.
“As smart devices become an integral part of our cities and homes, we are at risk of new types of cyber attacks. In the near future, residential buildings will be complex networks with tens or hundreds of devices. Cybercriminals will be able to adjust the temperature of our thermostats, invade our privacy with security cameras and baby monitors, place orders to buy goods at our expense using a smart speaker, add a smart TV to a botnet, and commit home robberies by exploiting smart vulnerabilities. locks When we go outside, we will once again be surrounded by the Internet of Things, including smart traffic lights and autonomous cars. It is clear that the IoT ecosystem around us must be secure from hacking to keep us, our homes and families safe.”
Louis Corrons says quantum cryptography technologies will continue to develop rapidly in the future. The specialist is confident that this particular direction will significantly improve methods of protecting data transfers. However, according to Louis Corrons, it may take at least 10–20 years to implement these developments.
In addition, experts from Avast predict a great future for the use of blockchain technologies. Distributed ledger technology is already being implemented in areas of information security such as digital identity and voting. At the same time, initial testing, according to Louis Corrons, this technology will take place exactly where it was intended - during operations with cryptocurrencies in crypto exchangers and digital wallets.
InfoWatch specialists see the future of the information security industry in solutions designed to proactively detect attacks and violations of security systems. At the same time, big data analysis and machine learning technologies will have to help companies accurately predict possible threats in the future.
cybersecurity digital substation reliability
The main essence of the cybersecurity problem is that the closed nature of the site is no longer a barrier to a cyber attack that can overcome the isolation, and all data at the top level of the AP with the implementation of IEC 61850, unless special measures are taken, may become accessible for other purposes. Currently, IEC 61850 is best implemented over an Ethernet infrastructure, which, due to the connection to the corporate network, robs the system of the isolation benefits. Additionally, it is noted that peer-to-peer communications via GOOSE are subject to risks associated with event replay and manipulation, and client-server communications that support more than one client increase the possibility of an unauthorized client being introduced into them.
Safety requirements
To ensure security requirements and to assess its level, the mentioned working group proposes to use seven fundamental requirements codified in ISA 01/01/99:
Access Control (AC Access Control) to protect against unauthorized access to a device or information;
UC Use Control to protect against unauthorized manipulation or use of information;
Data integrity (DI Data Integrity) to protect against unauthorized changes;
DC Data Confidentiality to protect against eavesdropping;
Restricting data flow (RDF Restrict Data Flow) to protect against the publication of information on unauthorized sources;
Timely response to an event (TRE Timely Response to Event), monitoring and logging safety-related events and taking timely measures to eliminate consequences in critical tasks and critical safety situations;
Availability network resource(NRA Network Resource Availability) to protect against denial of service attacks.
It is noted that these requirements do not differ from those for conventional computer networks, however, due to the isolation of the object and the associated illusion of security, such networks have often not been applied to such networks until now.
Standards Analysis
An analysis of existing and developing standards carried out by the working group of the CIGRE Research Committee on Relay Protection showed that none of the documents reviewed satisfies all seven requirements. However, some proposed solutions turned out to be contradictory and leading to confusion. At the same time, it is necessary to look right decisions, because these requirements should be the initial guidance for relay engineers because they:
Define cybersecurity requirements in custom specifications;
Improve existing cybersecurity measures when applying IEC 61850;
Improve cybersecurity mechanisms used in existing systems ah using IEC 61850.
It has been determined that of all current standards best solutions in terms of security measures for the first three requirements (for access control, data integrity and confidentiality), the IEC 62351 standard offers. This standard explicitly recommends them when implementing IEC 61850. However, for other requirements, such as timely response to events, there are no standard solutions. In general, IEC 62351 is a series of standards that regulate security issues for protocol profiles based on the TCP/IP stack, including the IEC 60870-5, IEC 60870-6, IEC 61850 protocols. Figure 1 reveals the mapping of the IEC 61850 standard into the standard IEC 62351.
Figure 1 Structure of the IEC 62351 standard
Other standards, such as ISA-99 and NERC CIP, cover a broader area of fundamental requirements, but provide recommendations rather than specific instructions about what should be done and how. The CIGRE Study Committee B5 working group concluded that only IEC 62351 and ISA-99 technical requirements standards offer security requirements for the transmission of IEC 61850 messages within substations. It should be noted that the technical requirements of ISA 99 are still at an early stage of development.
Photo by Nicholas Vallejos/Flickr.com
The word "cybersecurity" in lately sounds more and more often in Russia. It cannot be said that the frequency of its use corresponds to the seriousness of the attitude towards the problem and the quality of the solutions found. But global challenges and local changes force the Russian authorities to react and take action. These actions are actively influencing many areas of digital life, including the media ecosystem.
Maxim Kornev
Cybersecurity and media
We live in turbulent times where media has become a battlefield. Moreover, at all levels: physical, digital, institutional. There are more than enough examples:
- ISIS hackers are hacking social media accounts of the US Department of Defense and are actively mastering social media;
- The death of the French cartoonists from Charlie Hebdo exposes the conflict between traditional Islamic and modern post-Christian cultures in Europe;
- In a full-scale information war in connection with the events in Ukraine, media with Russian participation are becoming targets of influence.
It is not surprising that the defense of the information space is a serious task not only for any developed state and cultural society, but also for various influence groups.
Cybersecurity issues are broader than the issues of media restrictions. Just as the topic of information security is even broader than cybersecurity problems. But we can say that it is with the help of the media that threats and measures to eliminate them are realized in the digital space. Therefore, media is a key component in the cyberspace defense system.
Without going into terminological nuances, cybersecurity is the security of information and supporting infrastructure in the digital environment. It is also necessary to take into account that there are several levels of problems and solutions: from the private, related to the protection of citizens and a specific person from various types of attackers, to the state and supranational, where problems are solved national security and information wars.
The key event and discussion platform on cybersecurity in Russia can be safely called the Cyber Security Forum (this year it will traditionally take place in February). Here, in addition to information security problems, they also discuss the security of communications in the media, malicious technologies for disseminating information, as well as the possibilities of influencing people through the media. It is important that during these types of meetings, participants discuss and develop legislative solutions that, at a basic, infrastructural level, directly affect the work of the media and establish the boundaries of opportunities and responsibilities for authors of publications.
Cybersecurity in Russian: what happened to the National Strategy Concept?
The main document on cybersecurity issues was to be the “Concept of Cybersecurity Strategy Russian Federation" In theory, it could lay the foundations for the interaction of all participants in digital virtual communications in Russia. But the concept remained in the status of an uncoordinated project, although the need for it was long overdue. In particular, industry experts pay a lot of attention to this problem. Since the importance of information security of the Runet, the state cybersecurity strategy of Russia and the need for international cooperation in 2014 was often discussed at all levels, including this topic was voiced more than once by President Putin.
At the end of November 2013, parliamentary hearings on the “Concept of the Cybersecurity Strategy of the Russian Federation” took place. Next, the project had to go to the Security Council, where it would receive approval in order to start the process of developing the strategy itself. However, on at the moment The fate of the project is unclear, and there are reasons to believe that it was stuck at the approval stage or was rejected altogether. This is indirectly confirmed by the fact that Ruslan Gattarov in February 2014 resigned early from his position in the Federation Council and moved away from developing the concept, returning to Chelyabinsk. His place in the Federation Council was taken by Lyudmila Bokova, who will also oversee the development and strategy of cybersecurity. Previously, she was mainly involved in issues of school education and pedagogy.
Cybersecurity in Russia and the World: main trends and how does this threaten the media?
Thus, at the moment in Russia there is no fundamental document that corresponds to modern realities and challenges that would explain how to deal with cybersecurity at the national level. This is bad for everyone, including the media.
Instead of a structured system of regulations, in Russian practice there is a number of declarative documents (Information Security Doctrine, National Security Strategy until 2020, the draft Cybersecurity Strategy Concept (pdf) and others), as well as packages of restrictive and prohibitive laws and amendments (including resonant 139 -FZ on protecting children from harmful information, 136-FZ on insulting the feelings of believers, “blogger” Federal Law-97 and others). Such measures are obviously not enough to create a flexible and effective security system in the cyber environment. Therefore, there is a lot of work ahead to develop national standards and their harmonization with international standards.
This is how we differ significantly from “Western” approaches to the development of a secure Internet. In Europe, the network aims to promote social development and multiculturalism, support cultural and linguistic diversity, empower users and encourage openness. At the same time, the Internet must be globally accessible, open, and decentralized in management. Accordingly, cybersecurity issues must proceed from these seemingly simple but deep value premises. Although in Europe not everything is so good with openness and multiculturalism, there are starting points and rational guidelines for designing the future.
You can start with the basics. First of all, in Russian practice it is necessary to differentiate the concepts “ information security" and "cybersecurity". Also, the main trend in international practice is the emphasis on cooperation between the state, business and civil society, that is, on the creation of an ecosystem to counter cyber threats. At the same time, developed countries are trying to avoid both excessive regulation and insufficient attention from the state.
It is noteworthy that national online security strategies have emerged relatively recently. The United States, as one of the leaders in the development of this area, acquired a national cybersecurity strategy only in 2003. For example, France developed its rules and regulations only in 2011, and a unified strategy for the European Union appeared only in February 2013.
In 2014, the emphasis in new generation strategies shifted significantly. If earlier the state was focused on protecting citizens and organizations, now it is on society and institutions as a whole. This is due to the growing role of the Internet in the economy and government, as well as potential threats from other states. That is, cybersecurity problems have grown from private problems to the interstate level in just a couple of decades. Therefore, interdepartmental cooperation and public-private partnerships within countries and interstate cooperation outside are encouraged. The role of media in this situation can be compared with the role of the nervous system in the human body: transmit impulses and signals that lead to correct operation the entire social organism.
Without idealizing the role of society and the media, it should be noted that state sovereignty and the protection of one’s own economic and political interests are placed in first place by all active participants in the process, while the value of the openness of the Internet and its self-regulation are recognized as unshakable. Civil society and journalism as a public institution are called upon to help maintain this balance: the use of a flexible strategy on the part of the state should help develop facts and practices for decision-making (based on bodies of knowledge, monitoring cyber threats and response schemes to them). In particular, expert Elena Voinikanis from Rostelecom spoke about these facts at the already mentioned Cyber Security Forum 2014.
This year, 2015, will obviously intensify control and fight against cyber terrorism, but expanding the participation of citizens and the media in building a network security system will benefit all participants.
Cybersecurity, the problem of network trust and media
Another key problem, the increasing influence of which was observed throughout 2014 and continues to intensify, is the problem of trust between countries. The revealing scandals with Julian Assange, Edward Snowden and the wiretapping of German politicians by American intelligence agencies have exposed the distrust and suspicion of countries towards each other. It got to the point that German Chancellor Angela Merkel started talking seriously about “digital sovereignty,” and some German departments proposed returning to the use of typewriters.
The mutual hostility of intelligence services and leaders of countries, flavored with a clash of interests in local conflict zones and fueled by the actions of international terrorists, is actively relayed by the media, and also captures millions of people on social media. As it turned out, the Internet can not only effectively unite, but also divide and exacerbate conflicts between people around the world, dividing them into opposing camps.
In this regard, experts predict the possible disintegration of the Internet into a number of national or even group segments. And the “general” Internet will turn into a “wild field” and a marginal environment where laws do not work and many dangers reign. This is the so-called “balkanization” problem of the Internet, which was ranked first among online threats in last year’s Pew Research Center study.
One of the consequences (or partly the cause) can also be called the problem of the “red button” for the Internet: it is technically possible to temporarily disconnect some country from global network. But access will be restored quite quickly, and the militarization of the Internet and cyber threats from closed segments are growing even more. For example, Saudi Arabia, Syria, Iran, North Korea, and China live with varying degrees of closedness of their “Internets,” and this does not benefit the global network and world security. Some analysis of what could happen if they try to disconnect Russia from the Internet as a result of sanctions can be read in an article on the website of the Electronic State Expert Center.
As for Russian measures to restrict freedom on the Internet, in general, the authorities’ desire to cultivate the online space and propose rules of the game is understandable. Even acceptable in some places, but at the micro level legislative initiatives are often expressed in a prohibitive and punitive manner. And this is bad for both sides: the authorities never get solutions to the problems, and the media and the active public are increasingly moving into the “gray” zone, and problems disappear from view, but are not removed from the agenda.
As practice shows, attempts to limit freedom of access to various sites and mass media are ineffective, and even achieve opposite goals. For example, the “Humpty Dumpty” blog from the hacker group “Anonymous International” has been keeping the Russian political establishment on edge for more than a year. The situation is approximately the same with Alexei Navalny’s website (navalny.com). Blocking root resources does not produce results, since redirects and “mirrors” of the main resources are organized. Good review on network bans, “The Internet has gone into the shadows” was published in mid-January on the website slon.ru by Anton Merkurov.
Of course, we need standards, we need to cooperate internationally in the fight against fraud, terrorism and criminal content. But it is shortsighted to try to build boundaries within the Internet. In response to this, other forms of online activity or online communities are developing, even more inaccessible to supervision and control by the authorities. For example, deep web projects, anonymous networks like Tor, and anonymous social networks or instant messengers without an Internet connection are being developed. And these are not all the information security trends of the near future.
Key trends for 2015
Based on the largely fulfilled forecasts of analysts from RAEC, GROUP-IB and Kaspersky Lab for the past year, as well as from our own observations of the trajectory of events, we can identify several key trends in cybersecurity for the coming year.
- 1. Trends in Internet regulation in all areas will only intensify. The development of new bills and amendments to current legislation in the field of ICT and computer information will continue actively.
- 2. The relevance of the topic of digital sovereignty of the Russian Federation will continue to grow, especially in connection with the aggravation in relations with the West and sanctions against Russia.
- 3. Hence the priority of information security of critical objects.
- 4. The topics of children's safety on the Internet, the protection of believers and morals, as well as anti-terrorist rhetoric will continue to be used to overcome the resistance of public opinion in making the necessary government decisions.
- 5. The importance of government agencies and their influence on the Internet industry and telecom companies will increase, but the counter-movement from business and the professional community in the form of initiatives, joint projects and decisions will also intensify.
- 6. At the everyday level, cybersecurity: mobile, spam, botnets, viruses, phishing, fighting fraudsters and international criminal groups of Internet scammers. All this leads to people’s desire to further protect their privacy and personal secrets, and therefore the development of platforms and services is moving in this direction.
- 7. Threats to business: Cybersecurity from the point of view of commercial interests is becoming an increasingly pressing issue. Especially in the field of banking, IT and media business and personal data protection.
Cybersecurity in Russia: what is it based on and how does it affect digital media?
What is being developed now instead of a “cybersecurity strategy” or at least its “concept”? What is Russia’s cybersecurity based on, both within the country and abroad? RAEC experts helped answer these questions in a special bulletin for Cyber Security Forum 2014 (PDF). Below are the main documents with explanations and an update on their current status.
Cybersecurity strategy concept was designed to unite business, government and civil society to ensure cybersecurity in the country. After Parliamentary hearings in the Federation Council and discussion on the Federation Council website, the document was supposed to go to Valentina Matvienko for its further movement through the chain of improvements and approvals. But it seems that after a short discussion online, the initiative died out.
Project “Fundamentals of state policy for the formation of an information security culture”. Work on it was completed in July 2013, the current status of the document is unknown, and even the text cannot be found by search engines.
Law on blocking “pirated” content at the request of copyright holders(No. 187-FZ Federal law“On amendments to certain legislative acts of the Russian Federation on the protection of intellectual rights in information and telecommunication networks”). It does not achieve the goals of regulators, but it has increased the risks of running a legitimate Internet business in Russia. In force since August 1, 2013, law enforcement practice is being formed.
Bill on changes (there are more than 15) to the rules of regulation in the field of personal data(No. 416052-6 “On Amendments to the Federal Law “On Personal Data” and ). Now it is under consideration in the State Duma and experts are practically removed from the influence and corrections of its subsequent editions.
Bill to protect critical information structure (The bill “On the security of critical information infrastructure of the Russian Federation” and the Federal Law on amendments to other laws in connection with its adoption). RAEC has prepared more than 20 comments and observations on the document, which is currently under consideration in the State Duma.
Methodological document “Measures for protecting information in government information systems”. Since February 11, 2014, it has been regulating measures to protect information systems in government agencies.
Law on the immediate blocking of resources with extremist content at the request of the prosecutor's office(No. 398-FZ “On Amendments to the Federal Law “On Information, Information Technologies and Information Protection”). The RAEC Commission on Legal Issues formulated its comments, but none were taken into account. The law came into force on February 1, 2014.
A bill on informing subscribers by Internet providers about the capabilities of systems parental controls (No. 231833-6 " "). Rejected by the State Duma at the end of April 2014.
Bills No. 428884-6 “On amendments to certain legislative acts of the Russian Federation on the issues of streamlining the exchange of information using information and telecommunication networks” (aimed at streamlining the dissemination of information and data exchange between users on the Internet) and No. 428896-6 “On amendments to certain legislative acts of the Russian Federation" (tightens the requirements for electronic money transfers). The same RAEC had many professional questions regarding these laws, where experts pointed out a number of shortcomings of a technical, legal, conceptual and technological nature. Both laws came into force in May 2014.
Package of “anti-terrorism amendments” aimed at countering terrorists. In fact, many experts see them as a formal reason to “tighten the screws” in various directions: to limit the possibilities electronic payments, dissemination of objectionable information on the network and strengthen control at the level of providing access to the Internet. As part of the expansion of the same package, the “Law on Bloggers” was adopted, which actually equates active publishers with responsibility to journalists, without giving anything in return (except for a privilege, of course,
, February 17, 2017Attackers, including unscrupulous employees, increase companies' cybersecurity risks through existing and emerging threats.
Cybersecurity is a process, not a one-time solution, and the problem of attackers, including unscrupulous as well as inattentive and uninformed employees, will not be solved over time. Every new or improved security measure is good until you can figure out a way to get around it.
The best that cybersecurity tools can do is stop the attackers and fix the problems they find. However, the situation is not hopeless. While existing problems such as viruses, ransomware, bots, zero-day threats, etc. are being resolved, attackers are expanding their arsenal with new threats like the following:
Another challenge relates to cybersecurity professionals. There is a shortage in the market (46% of organizations say they lack qualified cybersecurity professionals) and they are sometimes overworked to do their jobs well.
According to the new study, more than half (56%) said they are not providing the required level of skills development to combat new evolving threats. “This study highlights the dangerous game of catch-up that is growing, and today's cybersecurity professionals are on the front lines of this ongoing battle, often knowing that they are outnumbered and under-trained and under-supported,” Jon said. Jon Oltsik, senior analyst at Enterprise Strategy Group (ESG).
As the variety of cyber threats increases, so does the number of solutions, but fatigue from constant news and warnings about the dangers of new threats can affect the current state of affairs. “There is a pattern of increasing desensitization to daily reports of cyberattacks and threats to the point where some are beginning to wonder: What is the point of cybersecurity?” Earl Perkins, Gartner Research vice president and digital security guru, noted in a recent blog post.
Fortunately, well-designed security procedures, techniques and solutions can almost completely stop attackers. But this requires the joint efforts of specialists, employees, partners and customers to minimize all types of attacks and ensure that problems do not develop into disasters.
The concept of cybersecurity refers to a set of methods, technologies and processes designed to protect the integrity of networks, programs and data from digital attacks. The goal of cyber attacks is to gain unauthorized access to confidential information, copy it, change it or destroy it. They can also serve to extort money from users or disrupt work processes in the company.
Cybersecurity may also be referred to as computer security or security information technology.
Why is cybersecurity important?
In the modern world, each organization, be it government agencies, financial, commercial, medical and others, collects, processes and stores huge amounts of personal data of people, users, clients, and employees. Basically, all this information is confidential and its leak, loss, or theft can have negative consequences both for the individual as a whole and for the organization.
In particular, organizations that provide the infrastructure of the city, country and society as such may come under cyber attack. These include: electricity supply, water supply, heat supply, transport structures, etc. To one degree or another, each system interacts with a computer, and the security of these and other organizations is extremely important for the full functioning and life of society.
Cybersecurity Issues and Challenges
There are more technical devices (computers, smartphones, tablets and others) than people, and therefore, today it is extremely necessary and important to ensure effective measures to protect information technologies.
Cybersecurity, like any other security, requires coordinated actions of the entire information system. Problems and issues that cybersecurity includes:
- (preserving the integrity, availability, confidentiality of data);
- security of programs and applications;
- penetration testing;
- network security;
- organization risk management;
- mobile security;
- (identification, authentication, authorization, etc.);
- disaster recovery;
- training of users, employees and staff.
However, the main problem is that time goes by. The technology, nature, and principles of cyber attacks are changing and improving. In this regard, the traditional approach, where the emphasis is on protecting the most important resources from already known threats, while leaving less important components- is not effective and, moreover, carries great security risks in general. Accordingly, just write technical document about risks for a specific information system - is not effective, therefore, to control and improve the level of security, constant monitoring, analysis and updates of the cybersecurity system are required.
According to Forbes, the global cybersecurity market reached $75 billion in 2015. In 2016, 2017 and this year - 2018, it continues to gain momentum and is expected to reach more than $170 billion in 2020. This rapid and rapid market growth is driven by many technological innovations and trends, including ever-changing security requirements.
Major cybersecurity threats (cyberthreats)
Security threats develop faster than our understanding of the possible risk in a particular aspect of the system. What previously did not pose any danger can today turn out to be a very serious and critical problem. However, there are a number of well-known threats that you should be aware of and take appropriate protective measures to prevent their occurrence.
Cyber threats can take various forms, the main ones being:
- malware (a type of software designed to gain unauthorized access to confidential information or cause damage to a computer or data);
- (Methods that attackers can use to deceive a person in order to obtain confidential information or unauthorized access to an information technology system);
- (This is one of the most popular cyber attack techniques which basically involves tricking the user by sending fake emails).
- ransomware viruses (The main task of such software- extortion of funds, which is carried out by encryption and blocking access to data or computer system, in general, until the ransom is paid. If a ransom is paid, there is no 100% guarantee that the data and system will be restored to their original state);
Short video from " Cisco Russia&CIS" about how they are implemented and work ransomware:
Recently, automated attacks have been gaining popularity. They are lower in cost, but no less effective and complex. As a result, a cybersecurity strategy requires adaptability, especially in government and corporate networks where external influences can be disruptive.
In particular, there is a type of cyber threats that are aimed at state, secret, military, political or infrastructure assets of the entire people of any state. Such threats include:
- Cyberterrorism (An attack is carried out on computer networks or infrastructure by terrorist organizations for the purpose of ideological and political propaganda);
- Cyber espionage (a type of attack on information technology carried out through hacking and malware to obtain secret state, strategic, political, economic and military information without prior permission to review this data);
- Cyberwar (Large-scale international attack, which is carried out by highly qualified specialists (hackers) working under the auspices of the state. Penetrations are carried out in strategically important information systems another country, with the goal of compromising confidential data, damaging infrastructure, disrupting communications, etc.).
Cybersecurity Careers
Currently, the issue of information security in computer networks And mobile devices is more relevant than ever before. The topic of cybersecurity is already finding its place for children in computer science lessons in schools (tests are conducted, class hours) and for students in universities, and for the older generation in the workplace.
The most questions, of course, come from applicants who are going to enroll in a university, technical school or college and would like to connect their lives with information security, as well as from students graduating from a university with a degree in cybersecurity.
Specialists in the field of cybersecurity, upon graduation from a higher educational institution, have the opportunity to get a job in:
- security department of government agencies, banking and commercial organizations;
- law enforcement agencies;
- IT companies;
- in companies engaged in the production and sale of components and computers for information security;
- services for organizing the protection of urban infrastructure.
Positions that specialists in the field of information technology security can hold:
- security system software engineer;
- specialist in the field of cryptography and steganography;
- consultant for the development of security systems in an organization;
- technical safety systems research engineer;
- expert on computer security(tester);
- design engineer complex systems protection;
- specialist in organizing and managing the activities of the security service;
- specialist in banking security.
Skills and abilities that a graduate in cybersecurity will be able to possess:
- identification of existing and potential threats to information security in computer networks;
- system protection monitoring and violation analysis;
- assess the effectiveness of existing protection systems and measures;
- organize and develop new cybersecurity systems;
- carry out maintenance, monitoring and diagnostics of protection devices;
- use software to protect against unauthorized access and external influence on the security system.
The salary of a cybersecurity specialist can be as low as $300 or as high as $100,000 - it all depends on the level of training, skills, knowledge and job responsibilities.
Books on cybersecurity
Is the topic of information technology security relevant, interesting, necessary? Then it’s worth understanding it in more detail, so we bring to your attention a number of books on cybersecurity. Unfortunately or, fortunately, books on English, since the translated books are already very outdated.
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation (2014);
- The Practice of Network Security Monitoring: Understanding Incident Detection and Response (2013);
- Jeremy Swinfen Green. Cyber Security: An Introduction For Non-Technical Managers (2015);
- Jane LeClair,Gregory Keeley. Cybersecurity in Our Digital Lives (2015);
- Hacking: The Art of Exploitation, 2nd Edition by Erickson (2008);
- Henry Dalziel. Introduction to US Cybersecurity Careers (2015);
- Myriam Dunn Cavelty. Cybersecurity in Switzerland (2014);
- The Art of Computer Virus Research and Defense (2005);
- Reversing: Secrets of Reverse Engineering (2005);
- James Graham. Cyber Security Essentials (2010);
- Threat Modeling: Designing for Security (2014);
- Android Hacker's Handbook (2014);
- iOS Hacker's Handbook (2012);
As you can see by the year of release, the books were published quite a long time ago. Even two years is a very long period of time for cybersecurity. However, they contain information that is still relevant and will be for decades to come. And there is information that will be useful for the general development and understanding of the origin of certain things.
Movies and TV series on cybersecurity
You can also brighten up your leisure time by watching films dedicated to the topic of safety:
- Mister Robot (2015)
- Who Am I (2014)
- The Matrix (1999)
- Cyber (2015)
- The Girl with the Dragon Tattoo (2011)
- Ghost in the Shell (1995)
- Quiet People (1992)
- Hackers (1995)
Every year the topic of cybersecurity becomes more relevant and necessary in the modern world. Business owners need to create an effective one. For you personally - to be aware of what is happening, i.e. monitor in the field of information security, and also do not forget that the virtual world, like the real one, requires attention to little things, even those that sometimes seem completely insignificant.