Breaking of the state websites: How to provide cyberprotection of Kazakhstan?
For last year in Kazakhstan a third of the computers going on-line at least once has undergone the web attacks and practically each company in our country annually faces at least one incident connected with information systems. How to be protected from the attacks of cybercriminals, read in material of the correspondent of BNews.kz.
It should be noted that on average every third computer at the industrial enterprise in Kazakhstan monthly was exposed to cyber attacks in the second half of 2016. At the same time total number of the attacked cars from July to December constantly increased. In total for this period 54% of the computers anyway relating to technological network of the enterprises have collided malicious software in Kazakhstan. Such data have been obtained by results of work of ICS CERT "Kaspersky Labs" – the center of response to computer incidents on industrial and crucial objects.
"Globalization of information space and development of technologies lead to appearance of new calls in the sphere of a digital security. One of consequences of global integration of a cyberspace was the fact that any company, the public authority or the individual in any country of the world can become the victims of the malefactors who are on the opposite side of the Globe or in the adjacent building. Not only the computer or the cell phone, but any gadget connected to the Internet (for example, "smart watch" or the video camera), can be a part of a hacker network, and the owner of the device suspecting nothing – the involuntary accomplice of a crime," the managing director of Kaspersky Lab in Kazakhstan, the countries of Central Asia and Mongolia Evgeny Pitolin told.
According to him, the attacks of swindlers or political outcasts go already not only to separate banks or natural persons – their targets become the whole banking associations and even systems authorities as it happened last winter in the zone gov.kz.
"The problem of cracking is very important because lately we heard already about some, rather serious cracking of systems and the websites of state agencies. In our opinion, there are several steps which should be undertaken in this situation. First, the problem in principle of protection of systems of state agencies as cracking of the websites, as a matter of fact, is hacking of the server on which it is is very important. The first task – correctly and systemically to protect the servers which are in the state agency. The second task – to track quality of a code in department as malefactors always on a step ahead. It is necessary also to understand as far as your system is ready to reflection of actions of malefactors, it is regularly necessary to book penetration tests and audit of information security. The third task – training and improvement of quality of knowledge at employees of information security and threats of the attacks from the outside," Evgeny Pitolin said.
As the expert claims, the majority of the attacks happen now because authorities don't update the systems in time, don't make installation of all modern security features. In this regard Evgeny Pitolin recommends to track continuous updating and compliance to the modern system of all complex of the hardware.
In turn the director of IT audit of the Baker Tilly Kazakhstan company Vlad Tkachyov has emphasized that the human factor was and remains the main vulnerable link in a security system of the organizations of any level.
"Non-compliance with regulations, unreasoned internal procedures or their absence, elementary negligence – here the main tools which malefactors use. Unavailability of administrative structures or owners of the companies it is constant to work on increase in efficiency of business processes in the broadest sense turns around in huge losses," Vlad Tkachyov told.
But experts are sure of the main thing that only collaboration at the same time over technical solutions and optimization of administrative processes can provide reliable protection of the organizations of any types against actions of cybercriminals.