DLP Solutions Market (Russia)

Information leakage prevention. DLP Systems and Projects Catalog

Шаблон:Main 'Information Security - Information Leakage Prevention

Details: What are the scares of data breaches and how to protect yourself from them?

Шаблон:Main 'What are the scares of data breaches and how to protect against them? TA Details

2022: Demand for data breach protection systems has increased in Russia

In early June 2022, it became known about a sharp increase in demand for systems for protection against leaks data (DLP). Market participants spoke about this trend. So, according to estimates, in InfoWatch January-May 2022, sales of solutions for preventing data loss using artificial intelligence for predictive data analysis increased by 25% compared to the same period in 2021.

Such systems allow you to predict information security violations and prevent incidents in advance. With the help of artificial intelligence, a dynamic model of the behavior of each employee is built, and then deviations in behavior are tracked by various methods of communication: in behavior on various sites, in correspondence by mail, work instant messengers, in what the employee sends to print, saves to the cloud or to a flash drive.

According to Vladimir Ulyanov, head of the Zecurion analytical center, the demand for DLP systems in Russia in the first five months of 2022 increased by 30% compared to a year ago. Galina Ryabova, director of the Dozor Product Center of RTK-Solar, noted that interest is noticeable from foreign consulting companies, food producers, and the Russian industrial sector.

Ryabova believes that the demand is mainly caused by the forced transition of foreign companies, which remained in the Russian Federation, from foreign systems to Russian ones. Ulyanov considers one of the important factors in the growth of the aggravation of cybersecurity threats for Russian business. And we are especially talking about insider threats, when information is disclosed by mistake of an employee or by malice.

{{quote 'Another factor is several loud leaks that happened and attention to them from a wide audience. This is fraught with fines from the regulator, although so far these are relatively small amounts (up to 500 thousand rubles), and a decrease in the business indicators of companies, - quotes Ulyanov RBC^[1] }}

2016

InfoWatch: The number of leaks of personal and financial data in Russia approached the total population of the country

According to the results of a study of confidential information leaks from organizations in Russia in 2016, the InfoWatch Analytical Center recorded 213 cases of information leaks from Russian companies and government agencies, which is 80% more than in 2015. In nine out of ten cases, personal data (PD) and payment information were leaked in Russia, and the total amount of data compromised over the year increased more than 100 times to 128 million records, but did not exceed 4% of the global volume of information leaks.

Russia is characterized by a higher share of so-called "qualified" data leaks compared to the rest of the world - cases when an attacker deliberately uses information stolen by him to achieve personal gain (data fraud, bank fraud), or gains access to information that is obviously not necessary for him to perform a labor function (exceeding access rights).

Internal violators in the organization caused about eight cases of data loss out of ten, almost every tenth leak occurred with the participation of the organization's leadership. Russia is characterized by a higher share of leaks caused by management than in the world (8% versus 2%), and a lower share of leaks caused by an external attacker (21% versus 55%).

Most often (in 64% of cases), a network channel (a browser with an Internet connection) was used to steal data, every fourth incident occurred using paper media.

The Russian industry distribution of leaks is seriously different from the world one. In the world, more than 25% of information leaks come from medical institutions, in Russia the share of such leaks is 7%. Noteworthy is the high (in comparison with the global) share of leaks that fell on banks and financial institutions (12%).

The largest number of data leaks in Russia was recorded in high-tech companies, educational institutions, state bodies and banks.

In 2016, the most "attractive" for data thieves in Russia were trading and high-tech companies, to which financial institutions were added. In these industries, more than half of the leaks accompanied by compromise of personal data were deliberate.

The victims of external attacks aimed at data theft were most often high-tech and trade organizations. Banks, trading companies and municipal institutions, where the liquidity of the data with which staff work, were extremely high, were more often affected by the malicious actions of the internal violator.

2015

Anti-Malware.ru

In 2014 and 2015, the Russian DLP market in rubles showed high growth rates, first increasing to 4.7 billion rubles. But in terms of US dollars, the market dynamics turned out to be negative. In 2015, the market collapsed by 26% at once. In absolute terms, the market volume decreased from $105 million in 2013 to $78 million in 2015, having rolled back to the level of 2012.

Sales volumes of the main DLP market players in Russia for 2013-2015 (million rubles)

In terms of sales on the Russian DLP market in 2015, Russian manufacturers are leading: InfoWatch (1.46 billion rubles), Rostelecom-Solar, Rostelecom-Solar (formerly Solar Security, Solar Security) (821 million rubles) and SearchInform (703 million rubles). They are followed by Zecurion (652 million rubles), DeviceLock (572 million rubles) and MFI Soft (139 million rubles). Foreign manufacturers Forcepoint (formerly Websense), Lumension and Symantec have significantly weakened their positions, losing the market to Russian competitors.

The top three in 2014 and 2015 showed a steady increase in sales volumes. InfoWatch in 2015 increased sales by 23% in rubles, and a year earlier - by 45%. Sales of the following Solar Security and SearchInform companies in 2015 increased by 37% and 29% in rubles, respectively. Zecurion, DeviceLock and MFI Soft also increased sales in rubles by 19%, 5% and 21%, respectively.

An important market driver was the actual adoption of DLP decisions as an integral element of the security system of any large Russian company. This is primarily due to the fact that over the past years, Russian business has accumulated significant intellectual property, arrays of personal data, client databases and other types of confidential information that need to be protected.

In 2014-2015, InfoWatch, Solar Secury (relative to the share of Jet Infosystems) and SearchInform significantly strengthened their position in the market. Thus, InfoWatch, the leader of the Russian market, increased its share by 6.4%. Solar Secury's market share grew by 2.9% relative to its predecessor, Jet Infosystems. SearchInform managed to increase its share by 3.8% and enter third place in the market. Such results are especially impressive amid sluggish market changes in previous years.

The market shares of Zecurion and MFI Soft have not actually changed in two years. The first strengthened its position by 0.7%, which is significantly worse than the leaders, and the second share actually remained at the same level, decreasing by 0.2%. DeviceLock turned out to be the only Russian company that lost a significant part of the market, its share in two years decreased by 3.4%.

Forcepoint (formerly Websense), Lumension and Symantec are gradually losing ground. Thus, the share of Forcepoint in two years decreased by more than half to a modest 1.5%, the share of Lumension - by 2.8%, and the share of Symantec fell by two-thirds to 1%.

Market shares

"The difficult economic situation on the one hand led to a slowdown in the growth rate of the Russian DLP market in rubles and its fall in dollar terms, and on the other, contributed to accelerated import substitution. The leading six positions in the market in 2015 are occupied by Russian manufacturers, whose total market share is already more than 91%. Among Russian companies, fierce competition is unfolding in the large business segment and the public sector, which contributes to a gradual decrease in price, an increase in the quality and functionality of domestic DLP systems. At the same time, penetration into the mid-sized business segment, which has great potential, is not yet enough, and there is still a lot of work to be done here - the potential of this segment, in my opinion, will only grow, "comments the results of the study Shabanov Ilya, Director General of the Analytical Center Anti-Malware.ru.

The instability of the political and economic situation in the world gives rise to a high level of uncertainty in the Russian economy. In an unfavorable scenario, the business will greatly limit capital investments, which will entail stagnation and a fall in the IT and information security markets as a whole. This uncertainty factor will have a strong negative impact on the DLP market.

"The growth

of the Russian DLP market is expected to continue in the current 2016, but its pace will slow down. According to our estimate, in 2016 the market should demonstrate growth at the level of 13-15% in rubles, thus reaching the volume of 5.3-5.4 billion rubles, "added Ilya Shabanov.

Volatility in the foreign exchange market also does not contribute to the growth of the market. In most cases, DLP systems are tied to expensive equipment, databases and other auxiliary software and services that you need to buy for currency. Therefore, the average cost of a project with a fall in the ruble exchange rate will inevitably grow even among Russian manufacturers. Foreign manufacturers with a further increase in the US dollar exchange rate may completely lose the sales market in Russia.

The third important factor of influence on the market is import substitution, which is maintained at the state level, especially in the field of IT and information security. Import substitution is increasingly moving from the format of slogans to programmatic actions, which will inevitably lead to a new redistribution in the DLP market. Foreign manufacturers, especially from the United States, come under additional pressure, which will gradually lead to their complete squeezing out of the market. There are at least six noteworthy Russian DLP systems on the market - there will be a replacement for imports quickly.

Zecurion Analytics

According to Zecurion Analytics, the damage to companies from data leaks in 2015 increased record - from $18 billion to $29 billion. These are the biggest losses in the history of statistics.

Government agencies suffered the most from data leaks (17.9%). Trends in recent years make it possible to assert that in the following years, state organizations will remain among the main culprits of mass leaks of personal data of citizens. Retail enterprises have reduced their share to 13.1%, but are still in the top for information leaks. The top three industries are closed by banks, whose share in 2015 amounted to 12.9%.

Among the compromised types of information, the share of financial data of individuals (credit card numbers, cash deposits, account transactions) almost increased by 2 times and amounted to 19.1% from all incidents. Other personal data, for example, e-mail, passport data, continue to lead among types of information, the share of which was 58.2%.

Increasingly, such information falls to attackers not from the owners themselves, but as a result of targeted attacks on companies or due to accidental information leaks, which last year were ahead of targeted ones and accounted for almost 40% of all cases of data leaks. However, despite the seeming harmlessness of such cases in office space, it is because of them that companies suffer the greatest losses. According to statistics, more than 60% of employees take important corporate data home, 41% tell their colleagues their passwords from work accounts, and 72% throw confidential paper documents into garbage bins.

Personal and other confidential data is still most often leaked through web services (21.9% of cases). This trend has been going on for 4 years. The share of leaks through mobile computers and tablets has practically not changed (14.1%). The changes are traced in the indicators of the number of leaks through mobile drives (an increase from 6.4% to 11.6%) and a halving of the share of leaks through paper documents.

SearchInform

The analytical center of SearchInform (ChurchInform) conducted an all-Russian study at the beginning of 2016 and led the results of information security for 2015. More than 1,700 specialists (mainly heads of information security departments) from 25 cities of Russia and the CIS countries took part in the survey. More than half of the companies surveyed (52%) faced leaks of confidential information in 2015.

This is despite the fact that in almost all Russian companies (84%), employees sign an agreement on non-disclosure of corporate data, and 72% of organizations conduct information security briefings, these methods are clearly not enough.

What they protect "' Russian companies primarily protect e-mail (33%). A fifth of Russian companies (21%) took control of external carriers. The HTTP channel controls only 19% of companies in Russia.

Interestingly, such a popular method of data transfer as Skype is checked in Russia less often than others - only 8% of organizations consider it dangerous. Perhaps this is due to the common myth that Skype cannot be controlled. At the same time, 9% of companies control documents transferred to print, apparently assuming that 21st century insiders make documents only in printed form.

Insider portrait "'

In 2015, managers (31%) tried to steal confidential information more often than others.

Data and department managers like to steal (19%). It is logical that it is the managers who have legal access to the highest level of confidential information. And the delimitation of access rights, which is used by 92% of companies, does not stop them. Most of the leaks due to the fault of employees of senior positions were recorded in Novosibirsk - 27%.

IT specialists are in third place in terms of data theft - 12%. Accountants, economists, financiers - 10% and secretaries - 7%. Also, developers began to appear among insiders.

Record theft activity in this category was recorded in St. Petersburg (37%) and Moscow (36%).

In 2015, the list of stolen information expanded significantly. Employees are interested in everything that can be earned or used as bonuses at an interview. These are project documentation, databases with customer data, information about the investment activities of the organization, and commercial proposals, and personal data of employees, and information about movements in customer accounts, and much more.

Crime and punishment

If the employee acted without malice, then the story usually ended with an explanatory conversation or reprimand. But with gross and malicious violations of information security rules, serious sanctions were applied. 36% dismissed offenders, fined or deprived bonuses - over 20% of Russian organizations.

Insiders are most strictly treated in Novosibirsk: almost half (49%) of companies part with security violators. The most loyal attitude towards insiders in organizations Moscow is 34% layoffs, 13% of companies have no sanctions.

Liability of the parties

Just 11% of companies in which the leak occurred apologize to customers, 88% prefer to remain silent, believing that the damage caused is insignificant and no one will suffer from it. Also, 20% of companies do not consider it necessary to inform employees about the availability of DLP systems or other solutions for data protection and control of information flows.

2014

According to Natalia Kasperskaya, CEO [1], the Russian DLP systems market grew by 30-35% in 2014, and the entire global DLP systems market amounted to $700 million. In Russia, there are five developers of DLP systems (the main ones are InfoWatch, Jet Infosystems, Zecurion, SearchInform (SearchInform)).

Shares of major vendors of the Russian DLP systems market by sales volume

Source: Anti-Malware.ru, September 2014

76.3% of the Russian DLP systems market belongs to three domestic vendors. According to Anti-Malware.ru forecasts made in September 2014, according to the results of 2014, the volume of the Russian DLP systems market was supposed to be $85-88 million. Large business (64%), the public sector (26%) and medium-sized businesses (10%) are leading in implementing DLP systems in Russia.

The publication "Computerra" interviewed experts in the field of information security for data leaks within companies. Experts agreed that the fundamental trend determining investments in projects by Russian customers in the near future will be the financial crisis^[2].

An unfavorable economic situation will lead to the fact that the number of data thefts from the company, the withdrawal of customers, fraud will increase many times over. As a rule, it is precisely such events that are accompanied by any stagnation in the economy. Secretly working for a competitor company, unscrupulous employees are simply insured against possible financial difficulties, Sergei Khairuk from InfoWatch is sure.

Obviously, the market, first of all, will concentrate on cost optimization, as well as point financing of the most relevant projects.

"There will

only be funding for what is really needed. We see that the demand for DLP systems and systems related to personnel control remains (and even increases). The demand for anti-fraud solutions, solutions for protecting web applications (primarily WAF and protection against) is also significantly increasing DDoS , "said the Valentin Krokhin marketing director. Rostelecom-Solar, Rostelecom-Solar (formerly Solar Security, Solar Security)

At the same time, organizations will pay special attention to directly planning information security activities, strategy issues in changing conditions.

Experts believe that the range of solutions under consideration will more often include products from domestic manufacturers. Those companies that are ready to take market share from foreign vendors should start improving the line of information protection tools. Otherwise, not finding an effective alternative to a foreign product, Russian customers will focus not on the price, but on the performance of the proposed solutions.

Zecurion

Zecurion Analytics conducted a study and interviewed more than 8.4 thousand people from 11 universities in 8 cities of Russia. 54.3% of potential employees plan to copy important information for themselves in the event of a change of job. Only 15.7% of respondents in principle will not use the confidential information of the previous employer.

Such indicators are due to the fact that almost half of all respondents (49.3%) are convinced: the employee has the right to dispose of corporate information at his discretion. 19.2% of students explain this by the fact that the information collected at the workplace is the result of the work of the employee himself, and 30.1% are sure that access to information automatically allows you to use it at your discretion.

Analysts Zecurion in the fall of 2014 also conducted more than 100 interviews with top managers of companies and cybersecurity specialists and studied real cases of detection of deliberate and accidental leaks of corporate information.

It turned out that only 8% of organizations do not suffer from data leaks, and in 30% of large and medium-sized businesses record an average of two attempts per month to steal valuable information, the loss of which affects the financial stability of the company. This is confirmed by the maximum amount of damage of $30 million suffered by the Russian company from the leakage of confidential data.

Most companies suffer indirect losses due to theft by employees of the client base. In cases of theft and illegal use of commercial information by employees, 9% of companies dismiss insiders and only 2% bring them to criminal or administrative responsibility. If there is no malicious intent in the employee's actions, in most cases (61%) everything ends with explanatory conversations. With the serious consequences of unintended leaks, 17% of employers resort to official reprimands and fines.

The loudest leaks of 2014

Sberbank

In January 2014, in Izhevsk: confidential documents from a branch of Sberbank were found at a local landfill. Among the construction waste were questionnaires with passport data, information about the contents of bank cells, official correspondence, copies of work books and other documents.

As it turned out, the documents were taken out of the bank branch, where the reconstruction was carried out. The results of the investigation are not reported. A similar incident was recorded in 2013 in one of the Moscow offices of Sberbank. Then the documents were found in garbage containers near the bank branch in Zelenograd. Apparently, following the results of this case, measures were not taken to exclude similar situations in the future.

Other Russian banks

As it became known in January 2014, clients of several Russian banks suffered from the actions of fraudsters. In total, the members of the criminal group withdrew more than 70 million rubles from the accounts of depositors.

In the scheme used, a significant role belonged to bribed bank employees. They handed over to the attackers information about large depositors, as well as copies of their passports. Using the available information, fraudsters made fake passports, started accounts, to which they subsequently transferred funds from the main accounts of depositors and through which they cashed money.

To arouse less suspicion, the entire monetization process was stretched over time, which in turn raises concerns why for such a long time fraudsters managed to act unnoticed. Bank customers were surely concerned about unauthorised write-offs. At the same time, obviously, the information leaks themselves were not detected in a timely manner by the security services of banks.

Bank "Pervomaisky"

Employees of Pervomaisky Bank (Krasnodar Territory) for several months withdrew money using their own official position and access to confidential information.

Credit sector operators "issued" loans according to the personal data of former and current clients of the bank. It is noteworthy that among those who managed to apply for a loan, there were also dead people. The total amount of damage that the fraudsters caused to the bank is estimated at more than 2 million rubles. Given how long the attackers acted, the amount of damage could have been even greater.

Dmitry Medvedev

The story of the leak of passwords to the Prime Minister's accounts began with the posting of a resignation message on Dmitry Medvedev's Twitter account. Soon it became clear that the message was left by another person, and the attacker has access not only to Twitter, but also to other Internet services of the official.

In particular, it was about accounts in postal services, which the prime minister used both for personal purposes and for working correspondence, as well as accounts that were used, presumably, to read records of political opponents on social networks. To top it all off, personal photos of Dmitry Medvedev taken from his iPhone appeared on the Web.

Since simultaneous hacking of all accounts is unlikely, the most plausible version is that the passwords were leaked by a person who knows them, or the attackers managed to gain access to one of the critical accounts and use it to log into all other accounts.

In the summer of 2014, hackers hacked Deputy Prime Minister Arkady Dvorkovich's gmail mail. From the published correspondence, it became known that state officials even at the top level use public services to resolve official issues.

Mail services

Yandex.Mail, Mail.ru, and Gmail - the databases of millions of users appeared in the public domain within three days in the fall of 2014. Immediately there was a heated debate about the sources of the data. The companies categorically deny the facts of the leak from the inside, and indicate that the bases were compiled from various sources. Some of the information was compromised earlier, the other was obtained by phishing and using malware that collected information for several years.

He announced his readiness to check Internet companies, Roskomnadzor but it soon became clear that logins and passwords to personal data had nothing to do with them, and the body would not conduct any checks.

* QIWI

In January 2014, QIWI missed 90 million rubles. This is the result of the actions of hackers. It is known that attackers found a vulnerability in the security system of the payment system, which allowed them to commit a scam. The company noted that the attackers managed to hack 687 accounts. Hackers replenished "stolen" wallets without the knowledge of the owners, and then accumulated funds in their accounts.

Source: Zecurion, 2014, * open sources

2013

Anti-malware.ru

The volume of the Russian DLP market, according to Anti-Malware analysts, should reach $76-78 million by the end of 2013 and will grow twice as fast as the world market in 2014 - by 45-50% per year. Russia in the global DLP market looks very solid, occupying about 10%, then in the global IT market as a whole its share is only 2%.

The main players in the Russian DLP market are InfoWatch (in 2013 the market share was 35.9%), Jet Infosystems (21.2%), Zecurion (19.2%), Websense (8.9%), MFI Soft (4.6%), Symantec (4.4%), McAfee (1.4%), GTB (0.8%). The strategic initiative is owned by three Russian vendors, while their sales over the past year have grown by 25-40%. Other signs of the market: it presents different solutions in price and functionality; the applicability of DLP products began to go beyond the original purpose; the market is far from saturated despite the increasing level of competition.

For the first time, the Anti-Malware report segmented the DLP customer market: 64% is in the corporate business, 26% is in the public sector, and 10% is in the medium business. Analysts then noted that in 2013 there were such trends as the growth of customer maturity, the complexity of projects and the responsibility of manufacturers; increased competition and, as a result, a gradual decrease in the average price of projects.

InfoWatch

InfoWatch has presented a report on the level of information security in medium and small businesses. The share of large-scale leaks in medium-sized businesses is higher than in large corporations. In some cases, when databases with a number of records of 5 thousand or more were leaked, and the damage was over 10 thousand rubles, it was about small and medium-sized companies. In general, according to official data alone, the total damage to medium and small businesses from leaks amounted to more than $2 billion in 2013.

The share of leaks of "uncertain" nature (when it is impossible to determine whether the incident was accidental or intentional) is very high in this sector. In medium-sized companies, this figure was 23%, in small organizations - 43%. For comparison, in global statistics, the presence of intent remains unclear only in every tenth case.

Employees and heads of small and medium-sized companies "leak" information more often than their colleagues in large businesses (76% versus 45%). In general, there are no significant differences in the distribution of those guilty in companies of medium and small businesses and large businesses, which indicates the fundamental similarity of psychology and the actions of the offender or negligent employee who leaked.

According to Natalia Kasperskaya, there are several prerequisites for the growth of the Russian DLP market. Firstly, this is a tightening of the requirements of regulators for the protection of information: increased fines for failure to comply with the requirements for the processing and protection of personal data; inclusion of DLP systems in the category of recommended for data protection in information systems (FSTEC of the Russian Federation).

Undoubtedly, the increase in the number of leaks also entails the demand for DLP systems. And yet: today they began to talk and write more about information security problems - that is, the awareness of companies and their leaders has increased.

The target of the attack can be a commercial company, and even an entire state. According to statistics from the InfoWatch Analytical Center, more than others, the financial sector (about 30%) and the oil and gas industry (20%) are targeted by attackers. The share of attacked science-intensive industries is 17%, industrial companies - 15%, telecommunications companies - 11%. It is noteworthy that the percentage of attacks on organizations with less than two thousand employees is approximately equal to the percentage of attacks on enterprise-level companies with more than 2,500 people. At the same time, 85% of information leaks in the world are associated with personal data.

Meanwhile, the leakage of personal data is an inevitable damage to the company. Firstly, these are financial losses. If a mortgage client moves to another bank, the loss is about 260 thousand rubles of income per year. One CASCO client is a loss of 60 thousand rubles of income per year. Secondly, if a leak is detected, the organization will face a deterioration in reputation, which is fraught with the loss of 10% of current customers and 20% of new customers. For non-compliance with the requirements for ensuring the security of personal data, the fine is from 25 to 50 thousand rubles. All this can lead to a loss of market share for the organization and increase the risk of bankruptcy.

Compared to 2012, the number of PD leaks increased by more than 2 times. In total, 3.1 million personal data records were compromised in 2013, InfoWatch told CNews.

Personal data became the most massive type of leaked information Russia in - they accounted for 81% of all Russian leaks, while in 2012 this figure was 65%. The increase in the number of leaks recorded in the media is partly due to the attention states of regulators to the protection of personal data. However, analysts InfoWatch predict that even increasing awareness of the problem and its frequent media coverage will not have a significant impact on the level of PD security in Russia.

"The ease of penalties for domestic PD operators who have leaked, as well as the passive reaction of the citizens themselves affected by the leaks, and lead to the fact that the situation does not change," the company said.

It is noteworthy that in two cases of their three PD leaks in 2013 came from small organizations (less than 500 PCs). Moreover, the scale of the leak in such companies was not necessarily small. In some cases, when databases with a number of records of 5 thousand and higher were leaked, it was about small and medium-sized organizations, InfoWatch said.

According to the company's analysts, for medium-sized businesses, the consequences of leaks of large PD arrays are very critical - this is a serious reputational and financial damage, which in some cases is more tangible than in large companies. In a number of industries (trade, tourism), where mainly small organizations are represented, the leakage of the client's database can lead to losses comparable to the company's turnover over several months.

At the same time, Russia in the first half of 2013 ranked 2nd in the world in the number of leaks of confidential information, in the first place - the United States, said in September 2013 at the DLP-Russia 2013 international conference, InfoWatch CEO Natalya Kasperskaya.

According to her, in just the first half of this year, InfoWatch experts recorded 496 leaks, which is 18% more than last year, and the United States accounted for 62.9% of all leaks that occurred. Kasperskaya recalled that we are talking about public leaks that have become the property of the media - this is about 1-5% of all leaks in the world, since many, but not all countries are obliged by law to report leaks of confidential information.

In Russia, the number of leaks (confidential information from companies and government agencies in the Russian Federation) in the first half of 2013 amounted to 42 cases, this figure increased by 27% compared to the same period last year, followed by the United Kingdom - 41 leaks, and Canada and New Zealand close the top five in confidential information leaks.

MFI Soft

The analytical center of MFI Soft published in November 2013 [the https://drive.google.com/file/d/0BzpiIBsGLoCOMWlnWGpkdFFJRTQ/edit?usp=sharing comprehensive study of the development of the technological level of information security in Russia]. The study is based on the results of a survey survey of directors and information security specialists.

In total, more than 270 specialists took part in the study. As a result of the study, it turned out that every second company in Russia has faced information leaks at least once. Half of them suffered losses as a result of insider activities. Despite this, only one in five companies uses specialized DLP systems to protect information.

Most often, information leaks can be identified by companies Moscow - 22% of respondents encounter insiders 3-5 times a year or more. The largest share of direct losses arising in connection with information leaks are borne by Ufa enterprises (56% of insider activity entails this type of damage here).

The most conservative approach to information security is used by specialists who most Nizhny Novgorod often resort to such radical measures as banning USB ports, restricting access to Internet resources and traffic quotas - 91% of respondents in this region use such methods. In terms of technology support, the information security industry is leading - Yekaterinburg specialized DLP-class systems are used here in 34% of companies.

Most often, specialists identify information leaks that occurred using e-mail (29%) or removable media (25%). Most likely, the large number of leaks detected on these channels is due to the technical ease of their control and the greatest obvious to specialists. In regions actively using DLP systems, complex channels of information transmission (paper media, portable and mobile devices) can be more effectively controlled.

Insiders (employees who maliciously use the information received) are most often detected in St. Petersburg - 37% of data breach incidents were malicious here.

The largest share of specialists who are ready to admit that there are difficulties in identifying incidents is recorded in Novosibirsk. 52% of the total number of respondents in the region find it difficult to determine the frequency of information leaks, and only 50% of cases were able to establish the cause of the detected leaks in Novosibirsk.

Zecurion Analytics

According to Zecurion Analytics, there have been 48 reported incidents in all of Russia, most of which have been widely publicized in the media. Among the most high-profile: the theft of the database of more than 1 million customers of IC Zurich, the correspondence of employees of the mobile operator MTS with content providers, which fell into the public domain, losses in the amount of 2 million rubles caused to PhosAgro by a former employee, as well as confidential paper documents of Sberbank thrown into the trash can.

2012

Anti-Malware: DLP market in Russia grew by 64% to $52.5 million

The volume of the Russian market for systems for protecting against leaks of confidential information (DLP solutions) in 2012 increased by 64% - to $52.5 million compared to $32 million in 2011, said Ilya Shabanov, managing partner of the Anti-Malware information and analytical center, in September 2013 .

In terms of sales in this market, the Russian companies InfoWatch ($20.4 million), Jet Infosystems ($11.8 million), and Zecurion ($9.5 million) are leading. They are followed by foreign manufacturers WebSense ($5.2 million) and Symantec ($2.6 million). At the end of 2011, companies' shares in the Russian DLP solutions market were distributed as follows: InfoWatch occupies 38.9% of the market, Jet Infosystems - 22.5%, Zecurion - 18.1%.

InfoWatch: The proportion of malicious leaks is growing - 46%

The InfoWatch Analytical Center presented in February 2013 an annual global study of information leaks registered and published in the media for 2012. According to analysts, in 2012, more than 1.8 billion records were compromised, including financial and personal data. 934 cases of confidential data leakage were published in the media, which is 16% higher than last year, only direct losses of companies that were published in open sources amounted to more than $37.8 million.

Research of information leaks and confidential data from companies and government agencies Russia 2012 (pdf)

"You should be aware that the financial losses that companies will make public due to data breaches are a drop in the ocean from the real losses that business incurs on a daily basis," comments Tatyana Beley, Marketing Director of InfoWatch. - Recently, there has been a positive trend in the publication in the media of information about leaks of valuable information, but there is reason to believe that the number of "public" incidents is no more than 3-5% of their real number, and even fewer companies indicate financial losses. If all these facts are taken into account, then tens of millions of dollars of losses result in absolutely fantastic amounts - tens of billions. "

InfoWatch analysts noted that when calculating total losses, it is necessary to take into account lost profits as a result of the incident, the costs of eliminating the consequences of leaks and litigation, compensation payments, etc. It is difficult to calculate and estimate all costs that may arise from criminal actions of employees, such as collusion, blackmail or fraud, as well as related to the theft and dissemination of confidential information, for example, bank secrets, commercial and financial information.

The introduction of protective equipment influenced the ratio of accidental and intentional leaks, since the means and methods available on the market are more effective in relation to accidental leaks than intentional ones. According to the analytical report, the percentage of accidental leaks is decreasing - in 2012, the share of accidental leaks was only 38%, and the share of malicious leaks is growing - 46%. The first place in terms of the type of leaks is still occupied by personal data - 89.4% (92.4% in 2011). Liquid personal data is of interest to a wide range of attackers, since they can be sold on the black market, so such leaks are massive and databases with personal data can be sold to a wide range of buyers.

At the same time, commercial or state secrets usually leak "to order" despite the fact that these organizations are serious about protecting information and try to comply with the requirements of laws and standards. If we consider the ratio of leaks in the context of "type of organization," then in 2012 the share of commercial organizations amounted to 41% and decreased by 5% compared to last year, the share of educational institutions decreased by almost half, amounting to 16%. Government agencies are frankly poorly defended, where the number of incidents related to information leakage amounted to 29%, showing a significant increase compared to last year.

2012 can be called the year of leaks in state-owned companies. The increase in the share of government agencies in the distribution of sources of leaks by type of organization is noteworthy and indicates insufficient attention to the problems of protecting information in the public sector. The second reason is even more obvious - the massive use of mobile devices (smartphones, laptops, tablets), for which the information security services of state and municipal organizations around the world were clearly not ready.

"According to the observations of InfoWatch analysts, last year state-owned companies were among the" leaders "in the growth dynamics of confidential information leaks," said Natalya Kasperskaya, head of the InfoWatch Group of Companies. - This trend indicates that the level of information security in the public sector is not yet high enough. The protection of information in government agencies should be given increased attention due to the presence in these organizations of information of high national importance, such as state secrets, secret strategic information, etc., as well as the enormous amount of personal data circulating here. This is especially true for Russia, where there is currently a rapid development of the public electronic services market. "

The annual research of the InfoWatch Think Tank is based on its own database, which has been conducted since 2006 and includes only incidents covered in the media or other open sources. For the first time in all years of research, analysts have encountered heterogeneity in the leak pattern in relation to various industries. Against the general background, banks, insurance companies, telecom operators stand out, where the share of accidental leaks is steadily decreasing. This picture with small reservations characterizes almost the entire commercial sector. Analysts attributed this to the increasing popularity of information protection and information flow control tools.

Gartner claimed that about a third of companies already use DLP systems. Experts emphasized that the perception of DLP systems as software that can independently, without effort from information security services, fight leaks is fundamentally wrong. And if DLP really copes with accidental leaks, then the fight against malicious ones requires a serious consulting component in DLP projects during the preparation, implementation and maintenance of systems, in particular during the investigation of incidents.

We should expect a change in perception and attitude towards DLP from both vendors and customers. As a result, the development of information security consulting with a subsequent increase in the culture of information security in companies that use security systems. In this case, it is possible to predict within 3-5 years a decrease in "typical" leaks - accidental and "inexpensive" intentional.

Study: 26% of employees in Russia use official information for personal purposes

"According to a survey of more than 400 employees of Russian organizations this year, the New Search Technologies company, our distributor in Russia and the CIS countries, found out that 26.8% of respondents had already used official information for personal purposes, and almost 50% in case of dismissal sold or would have transferred it to competitors. In such a situation, we recommend that companies be vigilant and remember: how to suffer large losses from the leakage of valuable corporate information, it is cheaper to protect it - to distinguish employee access to it, to control its movement within the organization and into the outside world. We are constantly expanding the capabilities of the "Information Security Kontur" in accordance with the wishes that our customers have when using it, "said SearchInform CEO Matveev Lev.

2011

DLP Analysts IDC estimated the volume of the Russian market at about $30 million for 2011, and its growth rate, according to Zecurion data (formerly called Securit), is 15-20% per year. Studies conducted in Russia HeadHunter and Zecurion companies have shown that about 28% of companies operating in our country use specialized DLP solutions to protect against data leaks.

According to the data on sales volumes of leading vendors in 2010 and 2011 obtained by Anti-Malware.ru analysts, the top three increased not only sales volumes, but also market share, and the Russian DLP vendor Zecurion showed the largest increase in share, increasing it from 18.5% in 2010 to 20.3% in 2011. The number of DLP deployment projects (of various sizes) in Russia is currently in the hundreds. At the same time, experts noted an increase in user requirements for the functionality of DLP systems and after-sales service, which, as a result, leads to an increase in the responsibility of manufacturers for the quality of solutions and technical support.

According to Anti-Malware.ru forecasts, the Russian DLP market will grow by 38-45% in 2012 and reach a volume of 44-47 million dollars. At the same time, according to IDC forecasts, the global DLP market will amount to approximately $560 million in 2012. This meant that the share of the Russian DLP market in the global will exceed 8%.

According to an analysis conducted by the Anti-Malware.ru Information and Analytical Center in the summer of 2011, the volume of the DLP market in Russia in 2010 increased from $15.3 million to 22.7 million, demonstrating a growth rate of more than 48%, which is significantly higher than predicted. Such growth rates, according to Anti-Malware.ru analysts, are associated with delayed demand due to the impact of the global economic crisis of 2009, as well as with the increasing attention of large commercial and government organizations to the problems of confidential data leakage. It is projected to increase to $520 million in 2012 (about 35% from the previous period).

As a year earlier, the Russian companies InfoWatch ($7.4 million), Jet Infosystems ($5.7 million) and SecurIT ($4.2 million) were the leaders in terms of sales in 2011. They are followed by foreign manufacturers Websense ($2.8 million) and Symantec ($1.5 million). The market shares of InfoWatch and (33%) and SecurIT (19%) have practically not changed. According to the Anti-Malware.ru, the share of Jet Infosystems decreased from 29.4 to 25.1%. But foreign manufacturers in 2010 managed to "gain weight." Thus, Websense has increased its share by about 5% and now controls 12% of the Russian DLP market, and Symantec, which follows it, now occupies 7% (compared to the previous period, its zone of influence has expanded by 2%).

As Anti-Malware.ru explains, in this study, DLP refers to products that allow you to detect and/or block the unauthorized transfer of sensitive information through communication channels that use the enterprise information infrastructure. Due to the specifics of the market, the accompanying projects of the service, as well as the software and hardware of third-party suppliers included in the final product, were not deducted from sales volumes.

The leader among leak channels, according to InfoWatch, are paper documents (due to the traditionally weak protection of corporate printed devices), followed by user computers (largely due to the loss of mobile devices) and servers. Then come the Internet, intranet, email, etc. It is noteworthy that approximately 27% of the channels of deliberate leaks remain uncertain, which is generally understandable - the organizers of such leaks carefully disguise their malicious work.

In 2011, more than 90% of leaks were related to personal data. Approximately 3% each comes from data containing commercial and state secrets. This ratio in InfoWatch is explained by the reluctance of organizations to declare the loss of commercial and even more so state secrets, on the one hand, and the complexity (or illegality) of keeping secret the claims of personal data subjects about leaks of personal information about them - on the other.

In terms of the number of leaks that have become public, Russia ranked seventh after countries such as Great Britain, Ireland, the USA, New Zealand, Canada, Australia and Switzerland, which can be explained both by the transparency of business in our country and by weak data protection in Russian companies.

2010

The DLP market volume in Russia in 2010 showed a significant growth from $15.3 million to $22.7 million, thus, the market growth rate amounted to more than 48%, which is significantly higher than the projected values. Such growth rates, according to Anti-Malware.ru analysts, are associated with deferred demand due to the impact of the global economic crisis of 2009, as well as with the increasing attention of large commercial and government organizations to the problems of confidential data leakage.

Freely Available Reports

Analysis of the DLP market in Russia for 2009-2010

Notes