Stagnation amidst growing threats

What is happening to the information security market.
Origin source
According to experts in the field of information security (IS), losses from cyber threats by 2018 could reach $ 2 trillion. This is already in the world today no less than 40 million of cybercriminals, and the total damage caused by their unlawful actions - about $ 500 billion.

Cybercrime has become so form a business that for each type of attack there price list, according to which access to US account in social networks is worth about $ 129, and in Russian "Odnoklassniki" and "Vkontakte" - $ 194. And only 40 000-60 000 rub. You can "order" any information about the Russian competitors: information on bank accounts, VAT, the constituent documents, information about employees and phone numbers.

Originally from the nineties

The number of virus attacks increases by an average of 3% per month. How to respond to these challenges, the Russian business? Whether to change the priorities in the field of protection of corporate resources, and whether making adjustments in the process of "re" policy of import substitution? To understand the situation should be considered prerequisites for the information security market in Russia. He began to take shape in the 1990s, cohbut on the basis of scientific institutes and private enterprises developed the first domestic remedies Information (GIS) for the commercial sector, are not burdened with a requirement to protect state secrets. After some time, the business began to look closely to them - to the Russian demand GIS became steadily grow with the expansion of the IT-market. First of all, new technologies penetrate into the banking sector, develop corporate information systems for large businesses, and the first state information system on a national scale (the tax authorities, customs, the Pension Fund, and so on.), Which required the adoption of adequate measures for data protection from unauthorized access. At the same time the market came first IT-integrators, which have started to promote our market overseas methods of information protection. This area is developing rapidly, which led to the narrow profile integrators in the field of information security.

In their work - from the birth of the IS market, and to this day - a significant effect continuous improvement of the national regulatorybase. In particular, the growth of the market of GIS and information security services in Russia is seriously affected by the law "On information, informatization and information protection" (1995), the doctrine of information security of the Russian Federation (2000), the law "On Personal Data" (2006). The most important direction for information security regulatory initiatives also include the federal law "On electronic digital signature"; developed by the State Technical Commission under the President of the Russian Federation (currently FSTEC RF) guidance documents governing the organization and protection of information technology and the work of the certification system of GIS; the adoption of state standards on the basic elements of cryptographic protection (encryption, hashing, digital signatures), and more. As for the customers services and solutions in the field of information security, the interest of corporate structures began to be serious in the second half of the 1990s, when it became clear that without careful attention to information security can not be further development and strengthening of corporate information technology. This understanding has arisen primarily in the major financial institutions, corporations in the oil and gas complex in CompansBarrier-providing communications and telecommunications. These structures started to actively deal with the creation of corporate standards in the field of information security. Nevertheless, the introduction of GIS has stopped at the level of large and medium-sized enterprises, without venturing into the broad consumer masses. Small businesses and individual consumers rarely ask for GIS - much more concerned about their other risks.

Whatever it may seem paradoxical, but some market participants noted the development of the market of information security as a separate segment of the economy until the end of 2014 - beginning of 2015, aided by import substitution initiative (order the Ministry of Communications of Russia from 01.04.2015 №96 «On approval of the import substitution program plan security ", where the Russian information security market position has been fixed in the issue of import substitution and partly defined as a separate segment of the economy with its own code).

Classics of the genre

What are the rules of the market develops the IB under the weight of sanctions and the difficult situation in the economy? After all, traditionally it even in the largest companies spend no more5-10% of the IT-budget. According to Sergei Zemkova, Managing Director of "Kaspersky Lab" in Russia, the Caucasus and Central Asia, information security market has traditionally experiencing economic fluctuations calmer - data protection is always an area to which the money trying to highlight, because the incidents caused by the forced savings, can lead to more costly consequences and affect the core activities of the company. In addition, the IB - heavily regulated industry, where many products need to be implemented to meet the requirements of the legislation. But, of course, most of the companies in 2015 to reduce the budget by 15-20%. This is confirmed by Fedor dBar, commercial director of "Security code", which does not notice the compression market and assesses its currently around 80 billion rubles.

Not up and down - described the situation on the IS market, all participants review. However, the absence of explicit dynamics are not always due to financial difficulties. Dmitry Ogorodnikov, Director of Information Competence CenterFirst Security Company "Technoserv", says the IB market approached saturation. Contracts for the construction of complex information security systems are becoming a rarity. "For businesses have a tendency to maintain the functioning of the already used in data security solutions. The introduction of advanced technologies, and they are mostly foreign, today a rarity - says Dmitry Biryukov, director of "Atriniti" (group "Asteros") information security areas of the company. - In parallel, we are seeing a trend of refusal from expensive foreign software support, which is not tied-critical business processes, for the benefit of local support. In addition, the import substitution rate has stimulated a growing interest in domestic developments in the field of information security, especially in the public sector. "

However, the IS state structures, as the Russian practice - is a special segment of the market, the formation of which goes its own way. Dmitry Ogorodnikov said that today its development determines the increasing role of the sovereignOPERATION AND import substitution, which is now legally associated with the registry of domestic software. "At the same time over the past year the market came a few domestic manufacturers, to open a factory for the production of their own IT-equipment, but they are actually imported equipment of foreign companies in the form of components, and it peremarkirovyvayut collected under its own brand - continues to Dmitry Ogorodnikov. - This is probably the equipment complies with the features of the domestic, but certainly not conducive to the development of their own, while leaving all possible Bookmark and undeclared capabilities in the control software. Another trend in recent years for the market of state structures - the transfer of the entire IT-infrastructure, including security, to complete outsourcing to external contractors with the placement of their information systems in commercial data centers. " For commercial entities (and it is primarily the sector of financial institutions and retail), the main factor determining the development of the IS, is the work of cybercriminals - and often successful. This makes Bznes apply new technologies in the field of information security.

The best way to protect

What are the most serious threat? According to Herman Pozankova of company Trend Micro, the economic crisis around the world, and in Russia in particular, noted the rapid growth of online extortion. Programs-extortionists massive attack both business and home users. For cybercriminals it was a real gold mine - they block the users' files, which have to pay for it again to gain access to them. Another trend is the widespread transfer of cash turnover in non-cash form. Mobile and Internet banking, remote banking systems and internal ABS banks and payment terminals have become coveted aim of cybercriminals. Do not remain without attention and non-financial enterprises sector. There are gaining popularity solutions Class Anti APT (protection against targeted attacks), products for the protection of critical infrastructure and process control systems (PCS). The latter have a particular interest in industrial enterprises. And, as explained by AHDPE Zaikin, head of information security company "Krok", the activity is just beginning: Currently, this segment should be considered more promising than viable.

However, do not ignore the "classic" threats, the number of which, according to Valery Andreyev, deputy director for research and development of "CPI", increased sharply in connection with the application of new categories of software (free software, domestic proprietary software) in part of import substitution in the IT policy. "Some large enterprises are faced with due to the termination of anti-Russian sanctions technical support and receive updates for the software, which depend essentially on their processes, - Valery Andreyev said. For them it is a big problem that goes beyond the IB. This is quite possible increased threat of remote collection of information through the established Western software, and in some areas - even sabotage. These threats, only recently seemed fantastic to most leaders of organizations today require nezamedltional understanding, assessment and response. "

New political and economic conditions are really forced most companies to rethink the model of threats. "Business that is associated with the international market, of course, must take into account the increasing risk of economic and other sanctions in the context of information security. This may affect the impossibility of compliance, policy head offices (eg, the impact of sanctions on the supply of products of certain foreign vendors in the territory of the country), or the incompatibility of the local needs and requirements of the parent company, - says Alina Hegai, head of information security department of the company "LANIT-integration." - Also, for someone it may increase the risk of loss of availability when the probability of off Russian segment of the Internet. Some Russian companies may encounter problems when using the "cloud" solutions: one of the latest amendments to the law on personal data includes the collection, organization only on the territory of Russia. " Moreover, against the background of general decline in the standard of living and legal income, et aludnikov dramatically increase internal disturbances, as well as enhanced competition the attack, trying to win back market share.

"This kind of process is interdependent: each new external threat causes an adequate response on the part of the information security market, - says Dmitry Biryukov. - If in the recent past was enough to protect a workstation, but now the problem has become much more complex and varied: for example, the protection of geographically distributed corporate networks across the country, or "cloud" infrastructure. "

Optimization as a sign of the times

Challenging time in the economy, of course, disciplined customers, forcing them to rethink not only the concept of the protection of their corporate resources and budgets for information security. They are, of course, try not to cut, however, according to Alexander Buravtsova, head of information security services company "New cloud technology," the focus has shifted to the simple and reliable solutions with predictable functional and understandable to ensure information security functions. ANDThis applies not only to information security, but also to the entire market of application software - consumers are looking for among the Russian players who can offer an analog of known and proven products of foreign origin.

"At the forefront of customers is not so much a matter of having the IB system and cost optimization and use of the most effective approach, including the stages of analysis, a competent development and subsequent implementation of the concept, - says Andrey Zaikin. - All of this suggests that companies in crisis began to resort to a more informed choice of means of protection. " "And if earlier it was enough only formal complience (certificate), it is now important to all - ranging from architectural design, pledged at the outset, to regular security updates in support of life cycle of products", - adds Valentine Krokhin, Marketing Director at Solar Security.

According to Sergei Zemkova, companies seek to minimize long-lasting projects, carried out an audit of existing resources and optimize their solutions for the sametasks with no new large-scale investments too. Moving towards import substitution, many are beginning to consider the existing domestic counterparts, which were previously not taken into account carefully selected manufacturers and suppliers, the competition among them is reinforced. This means that the market is waiting for redistribution toward a professional services and services.

From a technical point of view, customers interested in information security, the focus of which is not information, and people. "This means that developers will move in the direction of behavior analysis, anomaly detection, collection and analysis of large data - explains Valentin Krokhin. - Customers are increasingly think in terms of business objectives and business benefits. For example, the customer does not want to simply keep track of data leakage, and trying to fix the problem with the disloyal employees. Therefore, if the product solves a narrow technical problem, the demand for it will inevitably begin to fall. As a consequence, many suppliers in the field of information security seek to build analytic functional. In addition, the market of information security achievementthis level when there is a need customers in the convenience for users. Frankly, until a few foods can boast, but we see a gradual movement in that direction. "

Sergei Zemke,

Managing Director of "Kaspersky Lab" in Russia, the Caucasus and Central Asia:

"According to" Kaspersky Lab ", the damage from one of information security incidents to major Russian companies is 11 million rubles, and for SME sector -. 1.6 million rubles. Over the last year the victim of a cyber incidents became virtually every Russian organization. More than half suffered from misuse of IT-staff resources, or from entering the corporate network of malicious software, which led to a decrease in business productivity.

Financial institutions - one of the favorite cybercriminals purposes. And if earlier in the sphere of interests of the attackers were only banks, but now there were payment systems, stock exchanges, companies operating with securities, and even bodytion, which provides information services to financial companies.

Also, it begins to develop the sphere of industrial espionage and "competitive intelligence", where the main purpose of the perpetrators are not the company's money, and valuable information such as contracts, business correspondence, etc. Of particular danger is posed by targeted attacks on businesses - from their postaradala almost every fourth company in Russia. Such attacks are well planned, take into account the individual characteristics of the victim, and, above all, difficult to detect and may go unnoticed for a long time, causing irreparable damage to the business. "

Alina Khegai,

Head of Information Security Department of the company "LANIT-Integration" (GK "Cheeks"):

"In the coming years the most popular topics will protect IoT, shadow accounting devices in the planning of complex safety and prevent leakage of non-traditional channels of information. Now we note the increased demand for the classic system of protection against data loss, which is likely related to largeThe volume of accumulated valuable information and frequent attempts to sell confidential data by unscrupulous employees who want to hit the jackpot in uncertain times, when the standard of living declined.

In addition, the retained interest in the media in the Internet access protection, perimeter protection and other sub-systems, which are usually a platform for the company's information security, and is increasingly being implemented in the "information security harvesters." Still popular with customers instruments of protection against sophisticated attacks. Their demand can be explained by both the increase in the number of complex multi-stage attacks (especially on the company's financial sector) as well as numerous cases of infection for corporate systems due to the human factor. Along with this increased demand for privileged access controls. This class of solutions being actively developed in connection with the creation of increasingly complex and large-scale IT-infrastructures and because of the attraction of the plurality of heterogeneous contractors large companies. "