• A
  • A
  • A
  • ABC
  • ABC
  • ABC
  • А
  • А
  • А
  • А
  • А
Regular version of the site

Unprecedented Cyber Attacks: Information Security Comes First for the State and Business

Unprecedented Cyber Attacks: Information Security Comes First for the State and Business

© iStock

Changes related to the pandemic and the sanctions regime have led to the restructuring of the Russian information industry and changes in the policy strategy of its participants. What are the main risks and how best to cope with these new challenges? These issues were discussed during the ‘Digital Transformation of Business in the New Post-crisis Reality’ master class, organized by HSE Department of the Theory and Practice of Business-Government Interaction.

Over the past three years, digital technologies have made a significant change to life in Russia, said Sergey Mytenkov, senior lecturer at the Department of the Theory and Practice of Business-Government Interaction, Vice President, Managing Director of the Regional Development Department, RSPP. This has become especially noticeable after the pandemic: there are many more digital services, and IT companies are actively in demand in the Russian economy. ‘We've switched to virtual reality,’ he says.

A register of domestic software and a register of companies operating in the field of information technology have been created in the country. And the state intends to provide deferment from military service to IT employees. Food delivery, car rental, ticket purchases — all of these services have moved online. Digital profiles, so-called digital twins, have been created for both business and communication.

Along with the development of the virtual sphere, the issue of information security is becoming more and more relevant today, says Sergey Mytenkov.

Sergey Mytenkov, Senior Lecturer at the Department of the Theory and Practice of Business-Government Interaction

‘The number of cyberattacks has literally increased tenfold in recent years. Many of us have faced potential attacks by cybercriminals — for example, fake phone calls claiming to be our bank. Information security issues are of the utmost importance, and this is a critical fight in the Russian Federation. We have faced unprecedented attacks on our infrastructure and websites, including the website of public services, as well as other ministries and departments.

We all know that previously, Russian companies often built all their networks on imported equipment, including American equipment. And now this equipment poses a rather high threat from the point of view of information security, the expert believes. Therefore, Russian companies should refocus on Russian or Chinese equipment for the digital industry. Although the Russian industry cannot currently produce everything necessary, we know this one of the goals of the Russian leadership, and the government is allocating unprecedented amounts of money for these purposes.’

Lev Fisenko, Executive Director of Cross Technologies, spoke about the essence of information security and how to solve its most pressing problems. He highlighted the three most serious problems. These include the threat of privacy violation — unauthorized access to classified information, the threat of violation of information or content integrity, and the threat of accessibility violation — when services become inaccessible to their owner as a result of hackers’ attacks.

According to Lev Fisenko, the uncontrolled use and distribution of personal data of citizens leads to a violation of information security. Economic and legal problems are another risk factor, says the expert.

‘These may include problems arising from leakage, distortion or loss of commercial and economic information, trademark or intellectual property thefts, disclosure of information about the financial situation of citizens, and other acts of industrial espionage,’ he notes.

The risk factors also include problems caused by political issues: cyberwars, electronic intelligence, attacks on defense departments and other federal structures, including transport and industrial facilities.

Fisenko adds that 2022 was a year of dramatic changes for IT specialists – many things were unable to continue in the way that had previously worked. We needed to restructure, and change policy strategies, but everyone was flexible and prompt enough to meet this challenge, which actually even benefited the industry and strengthened it. Nevertheless, several serious problems remain unresolved. For example, while there is no shortage of information security software today, the situation with hardware for the production of equipment is not as good, and it is difficult to work without imported chips.

There is a shortage of specialists, in particular due to staff outflow. As a result of the departure of foreign vendors, the market is becoming monopolized. Thus, individual players are beginning to act as monopolists. In his opinion, the state should control this trend, and the Federal Antimonopoly Service should be more active. In addition, the expert sees risks in the fact that companies are not ready to invest more in information security.

Lev Fisenko believes that there are a number of measures which could contribute to the development of the information security industry in Russia in 2023. For example, the provision of support to organizations that are actively involved in work with young specialists. He also highlighted the promotion of domestic information security tools.

Answering a question about whether it is better to have your own information security service or to outsource it, Lev Fisenko said: 'Of course, there should be at least one person in the company who is responsible for information security.'

Lev Fisenko, Executive Director of Cross Technologies

‘In some cases, it is cheaper to use outsourcing services. In addition, I have already mentioned the shortage of specialists, and if every company wants to have their own service, there will be an even greater shortage of specialists.’

See also:

HSE Students Become Winners and Finalists of CTF Cup of Russia

Two teams including students from the HSE Faculty of Computer Science and the Moscow Institute of Electronics and Mathematics, are the best in Russia in practical cybersecurity in the framework of the Capture the Flag (CTF) competitions. The main purpose of this type of competition is the exchange of experience and knowledge in the field of information security, professional growth and the development of programming and system design culture among students and young scientists involved in cybersecurity.

MIEM, WorldSkills Russia, and Industrial Partners Hold International Corporate Security Training Modules and Competition

From June 22 to July 9, 2020, the 2020 International BRICS Future Skills Camp Championship, which allows students to both expand and test their skills in enterprise information systems security, took place. The event was jointly organized by WorldSkills Russia (WSR), the HSE Tikhonov Moscow Institute of Electronics and Mathematics (MIEM HSE), and Far Eastern Federal University (FEFU). Students from Brazil, Russia, India, China, and the Republic of South Africa participated in the competition.

HSE Team Wins Student Information Security Competition

On November 10-11, the finals of the Moscow Capture the Flag interuniversity student competition in information security (M*CTF) took place in Russia. The winning team was Shadow Servants, which included students from the HSE Faculty of Computer Science and MIEM. This is the third year in a row that Shadow Servants has won M*CTF. Their next step is the 2018 Russian CTF Cup, which will take place between November 30 and December 1 at the Skolkovo Innovation Centre.

Students on the ‘Information Security Management’ Programme Get Training in China’s Huawei

Students studying for an MA in ‘Information Security Management’, Katerina Arinarkina, Eldar Beibutov, Evgeny Gusev, Nina Osenmuk, and Aminat Tarchokova, under the supervision of teacher Petr Baranov, have completed training courses with Huawei as part of the international ‘Seeds for the Future’ programme. The two-week course focused on studying contemporary information-communication technology, the principles of protecting information while working with it, experience of ensuring information security in a corporation that has a global network of subsidiaries.