02 December 2014
Expert column of Group DF CIO Alexey Yankovski ‘Cyber Security: What Will the Global Companies Spend $76.5 billion on?’
Today no one doubts that we should pay close attention to the issue of information protection. Thus, according to the results of PWC’s research, on the average large companies lose $5 million due to cyber attacks. Consequently, providing data security becomes a top-priority task, and businesses invest more and more in it. According to Gartner’s forecasts, companies’ expenses for IT-security will increase by 7.9% and amount to $71.1 billion in 2014. In 2015, the growth will come to 8.2% more, up to $76.9 billion.
Virtual war affects not only corporate but also national interest. In 2014, cyber attacks are widely used against Ukraine during the conflict on the East of the country. This year Ukraine has faced unauthorized phone tapping and leak of negotiations; attacks on websites of government institutions, mobile spam during elections, TV signals jamming and radio interception.
Influential media, financial and government institutions suffer most from cyber attacks in Ukraine. At the same time, both number of attacks on information infrastructure and their complexity increase. Malefactors use different types of attacks: physical (attacks on television relay towers which resulted in stopping of TV or radio broadcast in the zone of anti-terrorist operation), DDoS attacks (on websites of Central Election Commission, Verkhovna Rada and key media), hacking of information resources (CEC’s website and politicians and journalists’ email inboxes), attacks on mobile networks (interception of conversations, spreading viruses via SMS, SMS to protesters on Hrushevskoho Street during Maidan).
Large companies and financial institutions of our country are willing to invest heavily in data protection. At the national level a few bills were drafted to change approaches to Ukraine’s information security. We just have to build up a new system, which will be able to identify information security risks in proper time and respond appropriately. What problems should be solved first and foremost?
5 key problems in information security:
An efficient national information security management system cannot be developed during a day, a week or a month. Nevertheless, we have to begin with something. I would like to point out 4 main tasks.
First, we should establish a unified coordinate body for information security and IT. Secondly, we should set a regulatory framework, which meets requirements of international standards. We can achieve immediate results using documents, which are available in Ukrainian and can be implemented. In particular, standard of providing information security ISO-27001/ISO-27002 translated by the National Bank of Ukraine and Cobit, and IT management standard developed by the Information Systems Audit and Control Association (ISACA).
Thirdly, branch centres for responses to threats in IT security have to be founded. These response centres should share details of attacks on corporate and government resources as well as blacklist servers, which launch attacks.
Lastly, we have to arrange the process of education and training specialists in IT management and information security that are lacking in Ukraine.
New approaches will help business and the government to reply to new today's challenges. In the long term improvement of the information and IT security will make the country stronger in geopolitical confrontation.