“Business information security is just the bottom”
How developed the culture of cybersecurity in Russian business is? How to ask the management a million to provide information security to the enterprise? What new technologies do specialists warding off attacks on companies succour to? Answers to these questions were given during an expert dialogue Enterprise’s Information Security, which was on 1 October during IoT & AI World Summit Russia. More is in Realnoe Vremya’s report.
“To look for anomalies”
An expert dialogue dedicated to enterprises’ information security started with defining key tendencies in this sphere. So according to Atom Security’s representative Dmitry Kandybovich, on the one hand, the number of targeted attacks is now increasing, on the other hand, the DarkNet is developing actively, where more and more youngsters are going. In other words, attacks are developing everywhere.
“I am talking about both targeted attacks and a rise in the number of attacks made by clones. Yes, the latter are harmless, but they anyway happen somewhere because our protection culture is very weak. If we are talking about banks, everything is fine there, and if we are talking about business in general, it is just the bottom,” Dmitry Kandybovich said.
During the session, Project Director of Concern Sozvezdie JSC Grigory Bochechka gave a tip of one of the most topical ways of fighting cyberincidents in enterprises.
Director General of APROTECH (a joint venture of Kaspersky Laboratory JSC and ITELMA R&D) Andrey Suvorov added in turn that nowadays when attacks are becoming very complex and unpredictable, the capability to detect anomalies is a very effective method.
“In other words, one shouldn’t act by following the same patterns somebody already invented but look for anomalies that aren’t characteristic of, for example, types of information exchange between existing objects in the corporate network or external counteragents,” the speaker said.
“You will never be given a million rubles, if you don't start speaking the language of numbers and losses”
Another important trend: cybersecurity issues in big companies stopped being tasks of the information security officer of IT director — they are raised at the level of board of directors. As Andrey Suvorov notes, information security and cyberattacks are a new type of risks. At the same time, noticeable changes are taking place in the insurance market.
Another expert, Dmitry Kandybovich, decided to focus on the fact that at the moment cyberthreats were really becoming one of the important risks that compulsorily must be raised at a general meeting. “Another important remark: this topic shouldn’t be hidden, it should be translated into numbers, losses,” the speaker noted.
“Indeed, you will never be given a million rubles, even if you are using your usual terms like cyberattacks, threats, vulnerability and so on. The director will be telling you: “Get off me, you came over here again to ask for money for the things I don’t need”. Change the vocabulary of terms,” Director General of Aprotech Andrey Suvorov offered.
The expert says that a good way to improve information security is to find related, topical cases to demonstrate other enterprises’ losses because of the management’s lack of care for information security issues.