Information Security (Trends)

Main article: Trends in the IT market in Russia

2023

Named 7 main trends in the information security market in 2024

In 2024, the rapid development of artificial intelligence, including generative systems, will increase the complexity of cyber attacks, and fraudsters will increasingly use neural networks to create believable and convincing content. On the other hand, AI tools will help improve information security tools. This is stated in a study by InformationWeek and Google Cloud, published at the end of December 2023. The authors of the report highlight seven key trends in the global information security market in 2024.

1. Threats and means of protection using AI

AI technologies will make it easier for attackers to find new vulnerabilities and organize attacks. These can be sophisticated phishing schemes and large-scale cyber campaigns based on social engineering methods. AI tools, experts believe, will also be used to create fake news and generate. deepfakes At the same time, AI tools will be actively used by specialists in the field, cyber security which will create improved systems for checking software and networks for weaknesses and potential threats. In addition, AI will enable a proactive approach to protection.

2. Geopolitical tensions

In 2024, against the background of the current geopolitical situation, a significant number of attacks by cyber groups supported by the governments of various countries, as well as politically motivated hacktivists, are expected. The Google Cloud report specifically highlighted threats from North Korea, as well as incidents involving China and Iran.

3. Supply chain attacks

Attackers take advantage of the growing complexity of supply chains and target third-party suppliers to achieve their goals. It is noted that risks associated with third parties in 2024 will remain a significant factor affecting the sustainability of business operations.

4. Cloud Security Priority

As more organizations adopt a cloud-centric approach, cybercriminals are looking for new ways to attack hybrid and multi-cloud environments. One method of intrusion in this segment is to exploit system configuration errors. Experts believe that during such attacks, attackers will try to perform horizontal movement on multi-cloud environments.

5. Programs extortioners

Such malwares remain a profitable business for intruders. Experts warn that in 2024, a wave of double attacks could hit companies and organizations, extortioners when a second is introduced to the system following the initial invasion and encryption of data. virus extortioner This approach can result in huge losses for the victim, including related to the downtime of IT systems.

6. Zero-day exploits

According to estimates by the Zero-Day.cz Tracking Project, 87 zero-day vulnerabilities were discovered in 2023, compared to 52 in 2022. China is especially active in this regard, and this trend, according to the authors of the report, will continue in 2024. Zero-day vulnerabilities are increasingly exploited by ransomware groups.

7. Control by regulatory authorities

Increased control by the authorities could change the way businesses approach cybersecurity. Experts point to the possibility of increasing responsibility both at the personal (for management) and at the corporate level. And this can lead to a change in the priorities of companies in terms of cost management.^[1]

Forecasts in the field of information security for 2024

On November 21, 2023, Ideco shared its forecasts for information security for 2024 with TAdviser. It is expected that the era of import substitution in 2024 will be in an active phase: this year companies have tested various solutions, and next year will be a stage in the transition to domestic products. However, in 2024, the information security situation will continue to deteriorate. The threat landscape is evolving at a rapid rate and companies are forced to adapt quickly. To protect a business or state structure from threats, it is necessary to continuously study the topic of cybersecurity and keep abreast of the main forecasts, said Dmitry Khomutov, Director of Ideco.

The number and complexity of hacker hacks is expected to continue to grow. In 2022 alone, hackers leaked more than 1.5 billion records containing personal information Russian citizens - full names, phones, place of residence and others. personal data Hacker hacks are being modified: attackers will be able to combine information from various sources and draw up a portrait of a particular person or company. With this technique, fraudsters will be able to implement more advanced, individual schemes for attacks organizations and ordinary users. Such hacking techniques require more developed and innovative protection methods, for example, the use of firewalls, - SIEM systems, modern ones. antiviruses

One of the main problems that will continue in 2024 is the lack of qualified IT specialists. Due to the increasing demand for information security specialists, an increase in the importance of their role in organizations and an increase in wages are expected. If earlier salaries grew by an average of 10-20% per year, and this was the average for the IT market, then recently there have been increases of 30% and higher.

Given the constant development of technologies and the emergence of new threats, in addition to technical and organizational measures, it is necessary to strengthen partnerships in the field of cybersecurity. Cooperation between companies, as well as the exchange of information about new types of cyber threats, will be a critical action to minimize the possibility of cyber attacks by more than 70%. Interoperability between companies can be achieved by building industry alliances and cybersecurity forums, where by combining resources and expertise, the industry can collectively increase its resilience to hacking.

Despite hackers trying to attack AI for their own gain, artificial intelligence and machine learning are continuously evolving. This area has become an integral part of our lives, revolutionizing various industries, and, of course, cybersecurity is no exception.

Cyber ​ ​ threats continue to grow and develop and are becoming more sophisticated, so organizations are increasingly turning to AI, as it has a number of advantages to combat vulnerabilities. One of the key qualities of neural networks in the analysis of cyber threats is their ability to process huge amounts of data in real time. AI handles this 98% faster than the traditional analysis method. Moreover, using algorithmic machine learning, the neural network can constantly adapt to new threats, ensuring that organizations will always be one step ahead of cybercriminals.

Technical progress shows growth in various areas, and the field of cybersecurity is no exception. The forecasts described emphasize the importance and relevance of information security at the individual, organizational and state levels. "Warned means armed" is a phrase that will perfectly personify the cyber market in 2024.

Current threats and key cyber security trends in 2023: what experts are talking about

Current threats

The main threats from 2022 continue to be DDoS attacks on business, but for attackers it has already become clear that their effectiveness as various means of protection are implemented, the SMU SSOP works and subscription to cloud protection services against DDoS attacks decreases. Therefore, now the malicious activity of hackers is aimed at creating an effectively working threat pipeline in which each participant does his own thing: someone, through phishing, lures out the credentials of corporate users and sells them to hackers; Someone, having obtained these credentials, builds their malicious infrastructure within the victim's company and sells access to it for the following specialists in the chain; someone looking for important data in the captured infrastructure and outputting it for sale; and someone infects the infrastructure with logical bombs or ransomware and demands a ransom for restoration, although now it is already clear that there will be no recovery. Such end-to-end threats require end-to-end security solutions, often integrating with the developer's infrastructure to use the expertise of its employees to more effectively repel attacks.

iTPROTECT Technical Director Maxim Golovlev:

In general, the situation has not changed much compared to 2022. The most common types of cyber attacks remain DDoS, phishing and data encryption. These are the types of attacks that are developing most rapidly and, apparently, have not yet exhausted their malicious potential. For example, in the case of DDOS attacks, power is constantly growing, as well as the difficulty of filtering requests from security tools. Do not forget that a significant part of the attacks still fall on individuals, but this does not mean that there are fewer attempts to penetrate corporate networks, rather the total number of attacks has increased. In this regard, in whatever area the organization works, these three types of threats must be taken into account first.

Director of the Information Security Center of Jet Infosystems Andrei Yankin:

The change in the profile of attacks on Russian companies compared to 2022, although not fundamental, is still impossible to miss. Russian companies have more or less learned to cope with DDoS. At the same time, the volume of classic directed attacks, which aim to gain control over the victim's infrastructure by hacking the perimeter or using social engineering methods, does not decrease. True, hackers more often began to attack large companies not directly, but through their contractors and partners, who are often a much simpler victim. We see that attackers often monetize the results of such hacks by selling on the dark web and in specialized telegram channels. And it already depends on the final buyer what happens next: a ransom demand for decryption of data, theft of confidential information or complete destruction of the infrastructure with a deface of the site.

Lead Engineer CorpSoft24 Mikhail Sergeyev:

The most urgent threats to Russian companies in 2023 remain phishing, DDoS attacks and attacks on service providers (supply chain attacks).

Director of Strategic Business Development of Innostage Andrey Tymoshenko:

Attacks have become more difficult, cybercriminals use the developments and results that they received during mass attacks in 2022. They are more targeted to implement the attack and conduct thorough preparation, actively exchange data about companies, as well as hacking tools and methods, often coordinating their actions in real time. And also attract new participants to implement certain actions at different stages of hacking. Among the threats that organizations face today, in particular, are vipers. They are malware aimed at massively destroying all data that can be accessed. As a result of its implementation, the normal activities of any organization can stop for a long time.

Deputy General Director of the Garda Group of Companies Rustem Khayretdinov:

The financial motive of the attackers today, while not completely gone, is not dominant. Attackers seek to damage the maximum number of citizens, that is, today their goal is to disrupt the digital service, destroy infrastructure, leak sensitive data. Attack vectors have not changed much, the main way to penetrate information systems is phishing and other social engineering methods, exploiting vulnerabilities in applications and infrastructure, but after penetration, cybercriminals are now faster to encrypt and disable services, often without even extorting money for recovery.

Key trends

From the point of view of protection in 2023, almost all companies already understand that without secure digital services it is impossible to work in the modern market. It is digital technologies that allow you to conduct an operational and competitive business in modern conditions, but its protection requires certain costs and, most importantly, competencies. At the same time, there are not so many people with these competencies and they, as a rule, are gathered from manufacturers of protective equipment or in integrators. Therefore, the main areas of development of the information security market in 2023 were the provision of services for the protection of corporate systems or cloud products by commercial cyber attack response centers (SOC). For companies that can afford both specialists and support of their own equipment, an integrated approach to organizing protection, prompt detection of threats and their timely elimination come first. In general, we can say that the market has finally realized what real information security or effective information security is. It should be noted that now the specialists who previously promoted and served foreign manufacturers have switched to work in Russian companies, due to which the quality of service and work of domestic manufacturers of protective equipment has greatly increased - they began to work almost according to international standards.

Lead Engineer CorpSoft24 Mikhail Sergeyev: {{quote 'The key trends of the Russian information security market in 2023 are: a) Growing demand for cloud information security solutions and services.
b) Increased use of artificial intelligence and machine learning to detect and prevent cyber attacks.
c) Development of solutions for monitoring and analysis of cyber threats in real time.
d) Strengthening measures to protect personal data in accordance with the law.}}

Director of the Information Security Center of Jet Infosystems Andrei Yankin:

In general, customers have a request for an understandable and tangible result of the introduction of protective equipment, the purchase of external services or the development of their information security team: not the purchase of the best protective equipment in the rating, but the absence of hacking; not SLA to respond to information security incidents, but the absence of missed attacks by hackers or pentesters. In general, neither vendors nor integrators have yet learned how to form a high-quality offer in such terms. But if there is demand, there will be supply. A similar reversal is observed in the work of regulators. An example of this is negotiable fines for leakage of personal data (and not for the lack of certified IPS), in part - regulation in the field of CII, approaches to managing operational risks from the Central Bank of the Russian Federation.

Director of Strategic Business Development of Innostage Andrey Tymoshenko:

Against the background of an increase in the number of new Russian means of protection, there is a need for a sustainable domestic ecosystem. The demand for SOC is growing, primarily due to services with a deep customized approach. It is difficult for organizations to quickly build their own SOC, so they seek the services of external centers for countering cyber threats. Some companies pay attention to IT and information security solutions based on open source. Such organizations, despite localization, retain the Western mentality and do not want to switch to domestic counterparts yet.

BI.ZONE Product and Technology Director Muslim Mejlumov:

Separately, I would like to say about the change in the attitude of customers to system integrators. If earlier it was easier for a system integrator to rebuild from competitors through an exclusive partnership with some foreign player, and each participant in the competition could come to the customer with a disjoint set of products, now the number of competitive offers on the market has sharply decreased, and almost everyone has to choose from one set of working domestic solutions. Thus, the customer begins to look more at the added value that the integrator carries and selects the team with the most expert experience.

A list of 8 main cybersecurity forecasts for the coming years has been compiled

On March 28, 2023, Gartner presented a report that examines key trends in the development of the global information security market. It is noted that the current macroeconomic situation and uncertainties pose new tasks for business representatives and various organizations, on the successful solution of which operational efficiency will depend.

There is no doubt that the Directors of Information Security (CISO) and their teams should be as focused as possible on what is happening today to ensure the best possible security for their organizations. But they should also distract from everyday problems and assess market prospects, "said Richard Addiscott, senior analyst at Gartner.

Experts highlight eight key trends in cybersecurity for the coming years. It is assumed that these forecasts will help companies implement an optimal strategy for protecting their information infrastructures.

By 2027, 50% of information security directors will implement employee-oriented approaches to their cyber defense programs. This will help minimize operational differences and improve the effectiveness of controls. A Gartner survey shows that more than 90% of workers who admitted to committing potentially dangerous transactions knew that their actions would increase the risk to the organization, but still did so.

In 2024, modern privacy regulation will cover the bulk of customer data. However, less than 10% of organizations will be able to successfully use privacy tools as a competitive advantage. Gartner recommends implementing solutions in accordance with the General Data Protection Regulation (GDPR).

By 2026, 10% of large enterprises will have a comprehensive and formed zero trust infrastructure. For comparison: as of the beginning of 2023, this figure was less than 1%.

In 2027, approximately 75% of the company's employees will purchase, modify or create technologies outside the IT department. In 2022, the value was 41%. In such a situation, organizations are encouraged to rethink the cybersecurity operating model in order to work more closely with workers.

By 2025, 50% of cybersecurity leaders will unsuccessfully try to use cyber risk quantification to make corporate decisions. Profile professionals should focus on quantitative assessments requested by decision-makers instead of self-assessment of threats.

Nearly half of cybersecurity executives will change jobs in 2025. At the same time, 25% will move to other positions solely due to numerous stressors associated with their professional activities. Moreover, due to the COVID-19 pandemic and the lack of personnel in the industry, the situation is only getting worse.

By 2026, 70% of companies will have one member of the board of directors with experience in the field of cybersecurity. Gartner recommends that information security executives advance their initiatives at the management level of their organization.

In 2026, more than 60% of Incident Detection, Investigation and Response (TDIR) will use risk management data to validate and prioritize detected threats. In 2022, this figure was less than 5%. TDIR capabilities provide a single platform to provide a complete picture of the risks and potential impact of threats on the company's IT infrastructure.^[2]

The main problems of the information security specialists market are named

Many information security (IS) professionals are exposed to numerous stress factors associated with their professional activities. This is stated in a study by Gartner, the results of which were published on February 22, 2023.

It is noted that cybersecurity professionals face unacceptable levels of stress. This psychological impact directly affects the quality of decision-making and ultimately the effectiveness of an organization's IT infrastructure protection.

Given the pressure of the work, as well as the huge market opportunities for cybersecurity specialists, the turnover of personnel poses a serious threat to the relevant divisions of companies. According to Gartner, by 2025, almost half of cybersecurity executives will change jobs, with 25% moving to other positions solely due to stress factors.

In fact, information security directors are constantly responsible for protecting their organization. And this means only two possible outcomes: either the IT infrastructure will be hacked or not.

Gartner's research also shows that compliance-compliant cybersecurity programs, low management support and poor industry maturity are all signs of an organization that does not consider cybersecurity risk management critical to business success.

Gartner notes that the human factor remains the main problem in the field of IT security. A survey showed that 69% of employees violated their organization's cybersecurity recommendations over the past 12 months. Specifically, 74% of employees said they would be willing to circumvent cybersecurity guidance if it helped them or their team achieve the business goal. The study was carried out in May and June 2022 and covered 1,310 employees of various companies.^[3]

2022

How the attacks on corporations will take place in 2023. Kaspersky Lab Forecast

Experts Kaspersky Lab on December 8, 2022 presented their forecast for trends in the field of threats cyber security to corporations and large organizations in 2023.

First, the number of personal data leaks will continue to grow. This trend will receive a new round: attackers will not only "merge" databases, but also combine information from various sources. As a result, they will be able to obtain a detailed "dossier" per person and then implement more advanced, targeted social engineering and cyber espionage schemes in attacks on businesses.

Another point is that ransomware comes out of the shadows. Ransomware authors create blogs that post company hacking ads as well as stolen data. The number of such publications increased significantly in 2022 compared to 2021, according to Kaspersky Lab. The company's experts believe that in 2023 this trend will be further developed.

Previously, attackers acted differently: they hacked companies, and then demanded a ransom without attracting public attention. Now they are not trying to contact the company, but immediately post a message about the hack on their blog with a countdown to the publication of the stolen data and are waiting for the victim's reaction.

The chief expert of Kaspersky Lab, Sergei Golovanov, in a conversation with TAdviser, noted that now there is a trend when it is often useless to contact the attacker himself, who encrypted corporate data, and offer to pay him a ransom: criminals simply do not respond to such requests. They are now distributing ransomware that was originally created not to get a ransom for encrypted data, but simply to make the data inaccessible to the company.

Previously, malware - ransomware was a business, and now they are often simply used to disrupt the company's infrastructure, and in the future this will all continue, says Sergey Golovanov.

Hacking or fake? It doesn't matter. Another trend that Kaspersky Lab experts foreshadow is that attackers will hack companies to "brag" and make a reputation for themselves. Information about the leak, published in open sources, even without real hacking can harm the victim company.

Buying ready-made accesses. In 2023, attackers will more often turn to the resources of the darknet to buy access to already compromised networks of different organizations. Increasingly, attacks begin with the use of previously obtained information about user accounts published on shadow resources.

This trend is dangerous because the stage of data compromise can go unnoticed. Only after receiving tangible damage (for example, faced with interruptions in the service or data encryption), the victim company will find out about the committed attack.

The topic of selling access to companies has already gained turnover in 2022. For example, selling employee accounts, using which, you can instantly access company data. If you look at the "market" of such data, then most of the offers of such access are cheaper than $1,000, said Yulia Novikova, head of the analytical department of Kaspersky Threat Intelligence. This is a ridiculous amount, if we talk about such a serious threat to the organization, she added.

As for other trends in the outgoing 2022 regarding attacks, in addition to the already known history of record DDoS attacks on Russian organizations after February, Kaspersky Lab records that the number of complex attacks on companies has increased by about 4-5 times.

Also, at the moment, there are practically no large companies left that have not suffered from the "drain" of personal data of employees.

At the same time, there used to be a topic that attacks, for example, financial institutions, industry, telecom, and now the attacks have become fanning - it often makes no difference to attackers in which industry to attack a business. "Now it's delivery companies as well. Who was interested in attacking delivery companies in 2021?, " - notes Sergey Golovanov.

And if earlier some companies saw somewhere in the Telegram channel a message that they had been hacked, and could ignore this message, "go unconscious," then in 2022 the companies already took a responsible approach to such cases, and even in the event of a fake, the management demanded reports, added the chief expert of Kaspersky Lab.

In addition, against the background of migration from Western IT solutions, Russian companies began to use open source software more often, but at the same time, companies do not always provide completely secure development. Attackers began to use this and add malicious code to open source. At the same time, with the correct use of open source code and established processes, such software can be used safely.

IDC: 10 Corporate Data Protection Forecasts

On November 17, 2022, IDC presented a forecast for the development of the corporate data protection tools market: we are talking about the introduction of new mechanisms for ensuring security and preventing leaks, which can turn into millions of losses for enterprises.

Analysts say that as various cloud services spread, more and more volume of distribution data is generated and accumulated, for the effective analysis of which advanced automated systems based on artificial intelligence are required. At the same time, the number of cyber threats is growing and the intensity of attacks aimed at stealing confidential information is increasing. At the same time, against the background of changing requirements for the storage, transfer and processing of data, companies need to ensure the stability of the functioning of digital infrastructures.

In general, the list of ten forecasts regarding corporate data shows the relationship between privacy, ensuring the necessary level of security, compliance with established standards and existing risks. In addition, environmental, social and corporate governance (ESG) is affected.

• Forecast 1. By 2026, 30% of large corporate organizations will switch to autonomous security management centers, which can be accessed by distributed teams to respond more quickly to incidents and effectively fix problems.

• Forecast 2. By 2024, 35% of companies will hire a privacy specialist to implement the concept of strategically built-in privacy (Privacy by Design) in IT systems, processes and products.

• Forecast 3. By 2024, 30% of organizations will use confidential computing technologies to combine and improve important information, subject to privacy.

• Forecast 4. By the end of 2024, 65% of large businesses will require their cloud service providers to control data sovereignty to comply with regulations to protect and keep sensitive information confidential.

• Forecast 5. By 2026, thanks to a dramatic expansion of the regulatory framework, personnel shortages and cost-effectiveness measures, 40% of organizations will invest in the CaaS (Compliance-as-a-Service) model to meet their regulatory requirements.

• Forecast 6. By 2027, 60% of companies on the Global 2000 list (the world's 2,000 largest public companies) will switch to continuous risk assessment in addition to annual security audits.

• Forecast 7. By 2025, the US Securities and Exchange Commission (SEC) will publish standards for cyber risk analysis, and public companies will be required to provide annually updated data on their assessment based on this methodology.

• Forecast 8. By 2024, 30% of organizations will improve their ESG and data management performance beyond standard reporting to deliver manageable costs and competitive advantages.

• Forecast 9. By 2024, 75% of large enterprises will implement specialized ESG data management and reporting software in response to new legislation and increased stakeholder expectations.

• Forecast 10. By 2025, 45% of business leaders who do not want to spend money on security systems without a predictable return on investment will begin to demand that specialized departments provide information on the effectiveness of implemented data protection and leak prevention tools.^[4]

Atakama: 5 forecasts for cybersecurity for 2023

On November 22, 2022, Atakama, a company specializing in the development of solutions in the field of cyber defense, announced its forecasts for information security for 2023. The authors of the study highlight five key trends.

It is noted that cyber threats will become more and more sophisticated. While basic security techniques will help fend off many attacks, organizations will need better solutions to protect themselves from the devastating effects of hacking.

"'Internet of Things (IoT) merges with" shadow IT, "posing a security risk

In 2023, approximately 43 billion various devices will be connected to the Internet, which will provide attackers with the widest range of targets. IoT equipment manufacturers prefer convenience and consumer attractiveness over security tools. Often, such devices are introduced into the company's infrastructure with default credentials. Moreover, the Internet of Things is combined with shadow IT systems, creating a threat of unauthorized entry even into reliably secure networks.

"'Increase in sophisticated data theft ransomware attacks

In 2023, the number of ransomware attacks will continue to increase. Attackers have more ways to monetize victims' sensitive data. In addition to encrypting information for ransom, cybercriminals can put stolen files up for sale on the dark web or publish them in the public domain. In such a situation, organizations will have to go beyond traditional data protection methods to implement new methods: this can be, for example, multifactorial encryption, which will make files useless to attackers.

"'DevSecOps will take it to the next level

Protecting development environments will be one of the most important areas for achieving effective organization security in 2023. Including just a few lines of malicious code during the creation of the application could potentially open up thousands of targets for attackers in the supply chains of partners and customers. Therefore, enhanced DevSecOps methods (ensuring security at all stages of application development) in accordance with the zero trust architecture and advanced data encryption solutions will become more common: organizations recognize that this approach is a critical need for business.

"'People will remain the weakest link in cybersecurity

In 2023, experts believe that ordinary users will still remain the main source of IT risks in any organization. Despite information training, employees can provide intruders with entry points through social engineering, phishing and other fraudulent schemes. In 2022, it is estimated that the human factor was a "key driver" in 82% of data breaches. Internal threats from corrupt employees or those harboring grievances will also remain a serious problem. In addition, threats from employees of partner organizations and third-party suppliers will require companies to be constantly vigilant and strengthen the implementation of zero-trust strategies.

"'Responsibilities of IT Security Managers

2023 could be a more challenging year for IT Security Managers (CISOs) due to the increasing intensity of cyber attacks and the need to maintain security. It is important for information security directors to regularly update their knowledge, since there is a constant development of not only threats, but also security solutions. At the same time, as noted, persons entrusted with the security and confidentiality of data must behave in accordance with the established requirements.^[5]

Key trends in the Russian information security market in 2022

In 2022, there was a significant increase in the trend of import substitution in the field of information security. If a year earlier, among the main trends was the development of remote access protection systems, now this area is practically not mentioned in the responses of information security specialists. In addition to replacing foreign information security solutions, the most current trends now include: an increase in demand for domestic security services, a forced transition to real cybersecurity, and an increase in companies' interest in secure development. In addition, many customers began to revise their information security strategies and restart projects in this area due to the departure of foreign vendors.

Import substitution

Import substitution is perhaps the main trend for the information security market in 2022 and in the coming years. The ratio of foreign and domestic information security solutions used by Russian customers varies greatly depending on the industry. In the public sector and in significant objects of critical information infrastructure (ZOKII), the share of domestic solutions prevails significantly and can reach 90-100%. In general, among commercial structures, the ratio of foreign information security solutions used to Russian ones, according to the average assessment of experts, is approximately 50/50.

Compared to previous years, the pace of import substitution has accelerated significantly. The departure from the Russian market of a number of foreign vendors freed up some niches for domestic developers. However, the maturity of domestic solutions does not always correspond to the functionality of foreign ones, experts say.

Read more about import substitution in the field of information security and the difficulties of this process in a separate material.

Growing demand for security services

Among Russian customers, interest in the service model of information security services is growing. At times of infrastructure, people, money and time shortages, experts said, this is the only way to quickly secure digital assets.

The transition to a service model of services is a global trend, notes Ruslan Rakhmetov, CEO of Security Vision. As part of this model, customers are changing capital costs for operating and receive a guaranteed and predictable level of service, scalable as they grow, and vendors are able to offer their services at an attractive cost, while increasing their customer base.

Today, the largest Russian vendors in the field of information security and consulting companies have taken the path of "security as a service." This model allows you to ensure the required level of information security with less investment, says Murad Mustafayev, head of the information security service of Onlanta (part of the LANIT group).

Revision of cybersecurity strategy and restart of information security projects

The company is actively reviewing and updating existing plans for responding to cyber incidents and information security strategies in general. In addition, there is a forced restart of the cycle of implementation of information security projects.

Since large projects can be planned for quite a long time - from several months to several years, some customers found themselves in a situation where solutions have already been chosen, pilot and technical projects have been implemented, however, due to the need for import substitution, it is necessary to start all over again - load testing, functional study, pilots, - says Maxim Golovlev, technical director of iTPROTECT.

Forced transition to real cybersecurity

The past couple of years have brought a lot of events that have become a lever in shaping such a trend as the need for real cybersecurity. In other words, the business began not only to include the principles of information security in its strategy, but also to improve the systems that are responsible for protection.

The formation of this trend was served by several factors. Firstly, this is a global reorientation of infrastructures to the model of remote work of employees. Secondly, a significant increase in destructive hacker activities on a global scale. The risks associated with these factors affect the needs of many organizations to introduce additional means of protection to identify and counter hacker actions, - explains Nikolai Fokin, director of the Information Security Center of LANIT-Integration (part of the LANIT group).

Dmitry Vasiliev, head of the information security department, Softline believes that in order to ensure "practical security" it is necessary to start with an information security audit and checking the security of the infrastructure. These can be Pentest specialized solutions that allow you to identify risks for the company and identify the facts of their implementation, as well as, without fail, training personnel in the basics of information security. The second step is to plan migration from solutions of foreign companies to those available on the market, including Russian ones. On average, 25% of the customer's information security solutions are foreign. Selection of new solutions, evaluation of their functionality, process and data transfer design - focus number two.

According to Sergei Sherstobitov, CEO of Angara Security, the transition from paper security to real cybersecurity is now taking place at a accelerated pace. In his opinion, the main reasons for this process are the need to protect against cyber attacks and the requirements of regulators.

Ecosystem approach to cybersecurity

Another trend that experts are talking about is related to the ecosystem approach to ensuring cybersecurity.

According to Vitaly Masyutin, Deputy Head of the IBS Platformix Information Security Expertise Center, several major players have already implemented and presented ecosystems of security solutions integrated with each other, optimized for collaboration.

In a sense, this is an attempt to solve the problem of a shortage of specialists, - believes the IBS Platformix expert.

Growing interest in secure development

According to participants in the Russian information security market, there is now an increase in interest in DevSecOps and everything related to secure software development. It is becoming more and more, in addition, there are new requirements for safe writing of code.

So AST notes an increase in budgets for the development of secure software, certification for information security requirements, as well as the modernization of information systems, taking into account the shift in the focus of threats.

Differentiation of the information security solutions market

The market for information security solutions has differentiated greatly. If earlier Russian products in the field of information security were, rather, "spoilers" of world flagship solutions, now they have become completely independent developments, the functionality of which must be developed in accordance with their own roadmap.

The level of such decisions can be very different. From a situation where the decision of a domestic developer may not be as productive as a foreign analogue, but it already includes all the necessary functionality and can compete with foreign counterparts. To a situation where the domestic decision has not yet reached maturity and is in the category of "catching up," says Dmitry Romanchenko, head of the information security department at Rubytech.

Other trends

It is also worth noting a number of other trends in the domestic information security market, which experts mention. Murad Mustafayev, head of the information security service of Onlanta (part of the LANIT group), talks about the shift in the strategy of building his own SOC towards a service model for connecting to monitoring centers and processing information security events. According to him, a high level of protection for businesses is necessary "here and now," so there is not enough time and resources for the development of their own centers. The way out is support from a partner with all the necessary competencies, expertise and experience.

In addition, according to him, there is a shift in emphasis from point protection to complex.

Business should be sure that the necessary level of protection is provided at the level of all web applications, protection against spam and viruses, DDoS attacks, etc., is implemented, - notes Murad Mustafayev.

Many surveyed market participants record a trend towards employee training. We are talking about both training ordinary employees and training qualified personnel in the field of cybersecurity, which are lacking.

Training, training and re-training of employees. The most important thing that any information security director or business owners should understand is that people and only people confront threats to information security. Hardware or software is always secondary, "say Cross Technologies.

Gartner named 8 top trends in cybersecurity

On June 25, 2022, the analytical company Gartner published a study in which it reported 8 main trends in the field of information security for the coming years. According to experts, most executives of companies and non-profit organizations are fully aware of the need for additional cybersecurity measures amid a sharp surge in cyber attacks, including using ransomware viruses. This demand fundamentally changes the work of companies.

"'By 2023, government regulations requiring consumer privacy organizations will cover more than 5 billion citizens and more than 70% of global GDP. This is an unsurprising prediction, as a growing number of people and institutions conduct confidential business over the Internet - and they seek greater privacy while doing so. Governments are responding to this demand. According to Gartner, in 2021, almost 3 billion people in 50 countries of the world received the right to protect private consumer information, and this number will only continue to grow.

"" By 2025, 80% of enterprises will switch to a strategy of unifying access to web resources, cloud services and private applications using the SSE platform. At the heart of this strategy is the consolidation and optimization required by customers, who are increasingly irritated by the need to deal with multiple security vendors and other types of technology. In 2022, only 20% of enterprises have unified web access, cloud services and private access using the SSE (Security Service Edge) solution. According to Gartner, this figure will quadruple in the next three years.

"'60% of organizations will adopt the concept of" zero trust "as a starting point for security by 2025. More than half will not be able to realize the benefits. As Gartner notes, the zero trust concept is not a new security tool, but rather a comprehensive set of principles regarding cybersecurity and ensuring access to systems. For this reason, it's not just about vendors installing new security products. We are also talking about a "cultural shift and transparent communication" in organizations that accept zero trust - and most such organizations will not be able to fully take advantage of this concept due to the incorrect implementation of its practices, Gartner believes.

"" By 2025, 60% of organizations will consider the risk of cybersecurity violation as the main factor in concluding transactions and business agreements with third parties. {{quote 'As a result of consumer concern and regulatory interest, according to Gartner, organizations will begin to take cybersecurity risk into account as an important factor in doing business with third parties, ranging from simple monitoring of a supplier of critical technologies to complex due diligence in mergers and acquisitions, writes Gartner. }}

"'By 2025, 30% of nation states will pass legislation governing ransomware-related payments, fines and negotiation processes, up from less than 1% in 2021. When it comes to ransomware attacks ON and organizations making deals with cybercriminals to return their data, the situation resembles the wild west. But Gartner believes that governments will introduce more rules, recommendations and even direct bans when it comes to negotiations with cybercriminals using ransom software.

"'By 2025, attackers will successfully use technological environments to harm people. It's not just about taking control of the data. Ransomware attacks are now also seizing control of entire infrastructures. For example: Breaking into Colonial Pipeline. Gartner believes that the trend of extending such "armed" operating technologies (OTs) to utilities, factories, hospital admissions offices and other key physical facilities will not only lead to environmental damage, but also real loss of life.

"'By 2025, 70% of company executives will seek to build a culture of corporate sustainability to counter simultaneous threats from cybercrime, severe weather events, civil unrest and political instability. Boards of directors and CEOs of companies are increasingly aware that they are living in unstable times - from pandemic blockages to ransom software attacks and extreme weather disasters caused by climate change. Gartner believes that company management will increasingly establish "corporate sustainability as a strategic imperative" for its organizations.

"" By 2026, 50% of senior managers will have risk-related performance requirements in their employment contracts. Cybersecurity has become so important in the corporate world that the boards of directors of companies have begun to include security requirements in the employment contracts of CEOs and other top managers. "Gartner expects formal responsibility for cyber risk handling to move from head of security to senior business leaders," Gartner argues. ^[6]

Gartner names 5 top trends in data privacy protection for the next couple of years

At the end of May 2022, Gartner analysts published a study in which they listed, in their opinion, 5 main trends in the field of data privacy protection for the next couple of years. With these trends in mind, business can minimize the problems of protecting personal data and fulfilling regulatory requirements, experts say.

By the end of 2024, according to Gartner forecasts, 75% of the world's population will have their own personal data subject to modern privacy regulations. This regulatory evolution has been a major catalyst for the operationalization of privacy, "said Gartner Vice President Nader Henein.

Given the extension of privacy regulations to dozens of jurisdictions, up to 2024, many organizations will see the need to start implementing their privacy programs. In fact, according to Gartner forecasts, the average annual budget of large organizations for data privacy by 2024 will exceed $2.5 million. Gartner highlighted five data protection trends that contribute to privacy practices.

Data localization

Countries seek to establish control over data by localizing it. Such controls are either a direct requirement or a byproduct of many new privacy laws.

Companies are increasingly facing different regulatory conditions where different localization strategies are required in different regions. As a result, data localization planning will be one of the top priorities when developing and purchasing cloud services.

Privacy-Enhancing Computing Methods

Data processing in unreliable environments - such as the public cloud - and multi-party data sharing and analytics have become fundamental to most organizations.

The increasing complexity of analytics engines and architectures requires cloud service providers to implement privacy capabilities at the development level. By 2025, 60% of large organizations are projected by Gartner to use at least one Enhanced Privacy Computing (PEC) method in analytics, business intelligence and/or cloud computing.

AI regulation

A Gartner study found that 40% of organizations violated privacy with AI and that a quarter of these violations were malicious. Whether or not organizations process personal data, the risks to privacy and potential misuse of personal data are clear.

Much of the AI used in organizations today is embedded in large, comprehensive solutions, and oversight to assess the impact on privacy is virtually non-existent. These built-in AI capabilities are used to track employee behavior, assess consumer sentiment and create "smart" products that are trained on the go. Moreover, the data that enters these learning models today will have an impact on decisions made years later, "says Henein. Once the regulation of AI becomes more stringent, it will be almost impossible to get rid of the data that fell under the legislation. IT executives will be forced to uproot systems, resulting in big losses for their organizations and their reputations.

Centralized Privacy User Interface

Growing consumer demand for user rights and increased transparency expectations will lead to the need for a centralized privacy user interface (UX). Visionary organizations understand the benefit of combining all aspects of the privacy user interface - notifications, cookies, reconciliation management, and subject rights request (SRR) processing - into a single self-service portal. This approach provides convenience for key participants, customers and employees, as well as significant time and cost savings.

Remote control becomes "hybrid everything"

As interaction models become more hybrid in many organizations, blurring the line between work and personal life, the possibility and desire for tracking, monitoring and other actions to process personal data is growing, and the risk of privacy violations becomes paramount.

Given the privacy implications associated with a hybrid approach to interaction, productivity and satisfaction with work-life balance have also increased in a number of fields and professions.^[7]

Gartner named 7 main information security trends for 2022

On April 11, 2022, analysts Gartner published a study in which they talked about the main trends that, in their opinion, will prevail in the market information security in 2022. Experts believe that companies need to consider these trends when managing security risks in order to counter all new emerging threats.

Cybersecurity trends help explain the many challenges cybersecurity directors (CISOs) face in transitioning from tactical to strategic functions, where they rely on professional professionals and allocate funds for cybersecurity, the researchers said. At the heart of all seven trends is the urgent need to see cybersecurity as a business solution.

1. Attack surface expansion is a trend associated with expanding attack surfaces of enterprises. The risks associated with the use of cyberphysical systems and the Internet of Things, open code, cloud applications, complex digital supply chains and social networks have taken the attack surfaces of organizations beyond controlled assets.

2. Identification threat detection and response is a trend associated with identification threat detection and response, where sophisticated attackers attack the Identity and Access Management (IAM) infrastructure, and identity abuse is the main vector of attacks.

3. The risk of a digital supply chain attack is a trend associated with the risk of a digital supply chain, as cybercriminals have seen that attacks on the digital supply chain can provide significant returns. By 2025, Gartner 45% of organizations around the world are projected to face attacks on, supply chains software which is three times more than in 2021.

4. Vendor consolidation is a trend associated with the convergence of security technologies as businesses need to reduce complexity, minimize administrative overhead, and improve efficiency. By 2024, about 30% of businesses are projected by Gartner to use a cloud-based secure web gateway, cloud access security broker, zero-trust network access, and branch firewall as a service from the same provider.

5. Cybersecurity grid - The trend of security consolidation contributes to the integration of security architecture components. Cybersecurity architecture helps to create a common, integrated security framework and ensure the protection of all assets.

6. Solution Allocation - The scale, scope, and complexity of digital business make it necessary to distribute cybersecurity, accountability, and accountability solutions across organizational units.

7. Beyond awareness is a trend associated with the need to invest in comprehensive behavioural and safety culture programs rather than outdated compliance-focused security awareness campaigns as a way to protect against data breaches.

Gartner also highlights the following recommendations for CISO:

Decentralized cybersecurity is an advantage. Eliminating centralized cybersecurity and adopting a more decentralized organization and supporting technology stack increases the speed, responsiveness, and adaptability of the organization to new business initiatives. Centralized cybersecurity is a bottleneck that limits the progress of new initiatives and the careers of those who manage them, most often CISOs.

Cybersecurity requires exceptional accountability. The hardest thing about any CISO is getting thousands of employees in their organizations to follow cybersecurity hygiene. Authoritarian approaches and permanent virtual training programs are ineffective, as evidenced by record ransomware hacks in 2021 and continuing in 2022. CISOs must take over change management to create an extraordinary employee responsibility for final outcomes. Finding new ways to encourage accountability for cybersecurity and safety practices is key.

Attacking surfaces are just beginning to expand. The number, complexity, and challenges associated with managing multiple threat surfaces will only grow. CISO and their teams must anticipate this and ensure the security of their digital supply chains, especially in the core areas of DevOps processes. As the Identity Threat Detection and Response trend explains, getting IAM and PAM right is also very important.^[8]

6 trends in the cloud security market

Innovations in cloud solutions have allowed organizations to increase business flexibility and reduce costs, but they have also opened up new opportunities for cybercriminals to carry out attacks, IDC analysts say . According to them, 98% of organizations have suffered from at least one security breach in cloud computing solutions for 2021. GuidePoint Security in early January 2022 named 6 major trends in the cloud security market that will be traced throughout the year.

Growth of serverless solutions

More organizations are integrating serverless solutions, which means not only using FaaS services (function as a service) from cloud service providers, but also exploring a wide range of available serverless products. As new serverless technologies are presented on a quarterly basis, it is important for companies to understand the potential risks that may arise when using them.

For example, AWS Pinpoint is an AWS service that offers email, SMS messages and a marketing tool that is easy to set up and start integrating Lambda, API gateway, etc. With many options and integration features, it is important for cloud application developers and IT teams to understand what security configuration will look like and the potential risks associated with these tools.

DevSecOps

More organizations are starting to implement infrastructure as code (IaC) to create fully autonomous cloud environments. From a security perspective, ensuring security and control for the supply chain from code to production is an increasing challenge for organizations. GuidePoint Security researchers argue that tools in this area are beginning to evolve and new strategies are being implemented. For example, you can perform activities such as pre-testing configurations and architectures to see if the architecture and code meet the requirements and are protected enough to be put into production.

More multi-cloud technology

Multi-cloud strategies will remain relevant in 2022, and many businesses will choose the technologies most appropriate to their platforms, but will also build sustainable architectures using more than one cloud service provider. A similar model over time will be strengthened along with security practices and tools in several clouds. In addition, "multi-cloud" peripheral computing will continue to develop, in particular in factory workshops, as well as private data centers.

Cross-Functional Teams

The boundaries between an application developer and an infrastructure engineer have become very blurred. Developers create cloud architectures based on the services they are trying to use, or create a new infrastructure based on their code base. Cross-functional teams begin to work together to understand the role security plays in this new application development format.

SaaS safety

In 2021, a huge surge in hacking using SaaS platforms was recorded. In response, there has been an increase in SaaS security offerings and tools, in particular SaaS Security Posture Management (SSPM) tools.

They provide automated continuous monitoring of cloud applications such as Slack, Salesforce, and Microsoft 365 to minimize risky configurations, prevent configuration deviations, and help security and IT professionals ensure compliance.

Attribute-based access differentiation (ABAC)

In 2022, the ABAC access control model will be actively used. It defines an access control paradigm in which access rights are granted to users through the use of policies that combine attributes together. ABAC allows you to create more scalable and reusable policies.^[9]

2021

5 main forecasts for the information security market for 2022

In mid-December 2021, Kudelski Security analysts presented five main forecasts for the information security market for 2022.

Ransomware incidents will double, if not triple

Instead of working on their data recovery capabilities with backup in the event of a ransomware attack, companies, according to Kudelski Security, should focus on their cyber hygiene, securing computer systems and responding to attacks. Instead of focusing on symptoms, companies should focus on root causes.

Attacks on Enterprise Management Systems

Attacks by intruders on supply chains will gain momentum in the future. Cybercriminals will also target managed security vendors and law firms, allowing them to attack the hundreds of customers they serve at the same time, according to the information security company. As manufacturing supply chains become more automated and rely heavily on remote access, companies must focus on building a tiered cybersecurity strategy leading to effective threat countermeasures.

Medical ecosystems will become the main target of hackers

As the coronavirus pandemic COVID-19 has increased pressure on health care, potential attackers have discovered the high value of ransomware in attacks on busy systems. In health care health organizations, there has been a significant increase in attacks, from hospitals to medical offices and. banks blood In this case, attacks on real medical systems or devices are unlikely. Attackers, rather, target billing systems for hospitals, patients' medical histories and. ERP

According to Kudelski Security, to protect their vulnerable IT systems, healthcare organizations must purchase and deploy robust identity management solutions that, in particular, support multifactor authentication, are able to segment the network to reduce the likelihood of severe consequences after a potential hack.

Hybrid work will further reduce the security of organizations

As more companies adopt a hybrid approach to work, technical security will increase and personal security will decrease. The level of trust between employees working remotely and the employer, according to Kudelski Security, will gradually decrease. In particular, we are talking about a weaker interest of employees in internal security training programs, since when working from home, they lack ownership and personal responsibility for helping to ensure security in their organizations. Moreover, as Generation Z taps into the labor market, the increasingly common belief that governments should take primary responsibility for data protection and insufficient company loyalty will negatively impact pre-existing privacy issues.

IT Security Managers Will Solve Many New Challenges

IT Security Managers will be required to have all the necessary skills and qualifications in 2022. Areas that are generally controlled by information security directors - from security operations and identity management to risk management and regulatory and compliance issues - will be associated with a broader range of responsibilities.^[10]

9 key cyber threats for companies in 2022

At the end of October 2021, Check Point Software, which creates information security software, listed nine major cyber threats that organizations could face in 2022.

According to Maya Horowitz, vice president of research at Check Point Software, in 2021, cybercriminals made the most of the requirements of mass vaccination for coronavirus, COVID-19 elections and the transition to a hybrid mode of operation. So they were able to effectively attack supply chains  the networks of organizations and achieve maximum results. The expert believes that in 2022 the sophistication and scale of cyber attacks will reach new highs, and the number of cyber attacks on mobile devices and the spread viruses extortioners will seriously increase. cyber security Check Point Software specialists attributed to the main forecasts for 2022:

•  disinformation campaigns are returning: throughout 2021 , fake news about the COVID-19 pandemic and  later about vaccination spread on the network. In 2022, cybercriminals will continue to use such news to carry out phishing attacks and fraud;
• the number of cyber attacks on supply chains is increasing. Governments will begin to develop rules to protect networks and combat such attacks; and are likely to cooperate with private organizations and other countries to identify and combat such threats  internationally;
• "Cold Cyber War" is intensifying: improved infrastructure and technical capabilities will allow terrorist groups and political activists to promote their plans and ideas - and conduct sophisticated attacks on a wider audience. Cyberattacks will increasingly be used as proxy wars to destabilize activities around the world;
• data breaches are getting bigger and more expensive. Leaks of valuable information will occur more often  and on a larger scale, and organizations and governments will spend much more on recovery. According to experts, companies will pay even larger buyouts to hackers than before;
• cybercriminals will use cryptocurrency more. Security solutions will have to take this into account, change and reliably protect bitcoins and other altcoins;

• mobile devices remain the most desirable goals. Since electronic wallets and mobile payment services are increasingly used, cybercriminals will adapt their methods specifically for mobile devices;
• attackers will exploit microservice vulnerabilities. The microservice architecture is used by cloud service vendors (CSPs), so attackers will look for vulnerabilities in them to launch large-scale attacks on CSP;
• deepfakes become real weapons. The creation of fake video and audio is now quite developed - hypothetically, such fakes can already be used to manipulate opinions, stock prices or something else. Also, attackers will use deepfakes for social engineering attacks  - for example, to trick them into obtaining the necessary permission from a particular person or access confidential data;
• use of penetration tools will increase: in 2021, ransomware attacked every 61 organizations in the world every week. Attackers target companies that can afford to pay ransom -  and in 2022 their ransomware attacks will only become more sophisticated. Hackers will increasingly use penetration tools to set up real-time attacks  , as well as work in victims' networks.^[11]

Key trends in the Russian information security market in 2021

Many trends in 2021 in the field of information security are somehow associated with the coronavirus pandemic and its consequences for business. Companies strive for real, not "paper" security, develop security systems for "remote" and switch to external specialized services in the field of information security.

Request for real security and prevention of significant threats

Customers are changing their approach to information security. According to experts, the request for real security and the prevention of significant risks for business is now clearly visible.

According to Elena Zamyatina, Development Director of STC "Volcano," from a formal attitude in terms of compliance with regulatory requirements, companies are moving to a thorough study of strategies and plans for improving security systems based on a risk-cost-reliability assessment, including solving such problems as: creation of protection systems against targeted attacks and early detection of attacks, obtaining high-quality analytics and creation of tools for incident investigation, building effective control systems and response to information security incidents in order to minimize consequences and potential damage in case of successful attacks.

Positive Technologies in this vein predicts a change in the entire cybersecurity industry both in terms of services and applied technologies.

At the end of spring of this year, we released a new generation of products ― the so-called metaproducts, which are fully focused on the idea of ​ ​ effective information security - when protection requires a minimum of expertise and effort from specialists, and attack detection occurs automatically with a measurable effect. One of them, maxpatrol O2, allows you to automatically "detect and stop" a hacker before the damage unacceptable to the company is done. The second meta-product will help IT and information security services configure the corporate infrastructure so that maxpatrol O2 can detect a hacker in automatic mode, the company says.

The very conceptual approach, based on the inadmissibility of the implementation of business-significant threats, ultimately potentially expands the market, qualitatively changing it: the priority choice will be in favor of those solutions and technologies that allow you to effectively solve such problems.

Aydar Guzairov, CEO of Innostage, adds that it is impossible to protect yourself from all threats, so the company sees the most pragmatic approach to information security in the ability to isolate the main threats among all.

Now we are talking about a kind of proactive approach. Not just monitoring attacks and hackers, but active prevention. To prevent threats, IT infrastructure, IT systems, and even business processes of the company are changing, not just security and monitoring tools. At the same time, regular cyber training and verification of the inadmissibility of risks are carried out to confirm cyber resistance. And it is in accordance with this approach that all services should be rebuilt: consulting, design, countering cyber threats, - said Aydar Guzairov.

Cybersecurity ecosystems

In 2021, domestic information security vendors revised their approach to the development and promotion of information security products, presenting ecosystems for. cyber security

In May 2021, at the same time, the ecosystem of information security products was presented by two of our partners - UserGate and Kaspersky. Ecosystems of security products and services, unlike individual solutions, allow you to build effective layered protection. Perhaps in the near future we will see new ecosystems created by other vendors specializing in information security, - says the Anton Lensky deputy director of the Department of Technical Service ("RASSE" GC). "I-Teco"

Ekaterina Afanasyeva, head of the financial department of Cross Technologies, adds that the trend towards "security ecosystems" was clearly manifested precisely in the era of COVID-19 - in conditions of uncertainty for business and the population, the mass transfer of employees to "remote," and therefore, the loss of control over corporate infrastructure, when new security threats appeared.

Solving the problems of a often indefinite circle is necessary quickly, effectively and with the help of trusted persons with proven experience and reputation - a "ecosystem" is born in which almost the entire range of security tasks is solved by one partner, - notes the expert "Cross Technologies."

Development of remote access protection systems

In 2020, the transition to "remote" had to be carried out in an emergency mode. In 2021, the remote mode of operation remained, and there is a systematic re-organization of both business processes and security processes.

Due to the fact that many continue to work from home, the phrase "perimeter protection" is becoming less and less relevant. The tasks of data protection come to the fore when they are transmitted via open communication channels (VPN), multifactor authentication when using personal gadgets for work, decentralization of infrastructure in the context of the territorial distribution of employees' jobs, "says Mikhail Ivanov, General Director of S-Terra CSP.

Andrei Zaikin, director of Information Security at CROC, adds that the blurred boundaries between personal and professional life increase the risk of confidential information falling into the wrong hands. Home offices are less secure than centralized offices, which tend to have perimeter protections.

Many employees use their personal devices for two-factor authentication. In addition, those who work remotely often connect from working devices to public Wi-Fi networks and use tools for joint remote work, which often cannot provide proper protection against cyber threats. As a result, risks increase.

Consequently, one of the trends in cybersecurity is that organizations should focus on employee security issues regardless of where they work. The implementation of the Zero Trust Network Access model helps to solve the problem. According to this model, users, their computers, as well as applications are verified for authenticity every time they request access to the company's resources, says Andrey Zaikin.

More cloud services and cloud security threats

One of the pressing topics of cybersecurity is the vulnerability of public clouds. The rapid and widespread adoption of remote work during a pandemic has dramatically increased the need for cloud services and infrastructure, but misconfigured cloud platform configurations, as well as user indiscretion (open server and network ports, the use of weak passwords to cloud accounts, the rejection of data encryption, data masking during development) entail consequences for the security of organizations. There is a risk of data leakage and unauthorized access, account hacking.

In addition to data breaches, migrating a company's infrastructure to public clouds poses challenges to compliance with various regulatory requirements (both Russian and international), as well as an increase in the number of potential entry points for attackers. However, with a competent choice of a cloud platform, the use of additional means of protection against DDoS attacks, data leaks, WAF, etc., and consultations for secure migration to the cloud without downtime, the above risks can be reduced to almost zero, says Andrey Zaikin.

The demand for information security services

With the growing level of maturity in information security, priorities are gradually changing in the business environment. The management and owners of many organizations are beginning to consider the processes of creating and improving corporate information security systems as one of the priority tasks.

When solving this problem, in the conditions of an acute personnel shortage of experienced information security specialists, an increase in interest in using external specialized services in the field of cybersecurity is indicated. In general, services under the "security as a service" model are becoming more and more in demand, as they become more flexible and adaptive to the requirements of different customers, - said Elena Zamyatina, Development Director of the Vulkan Research and Development Center.

Nikita Semenov, head of the information security department at Talmer, adds that service providers of information security solutions (MSSP) become those who can afford to develop information security solutions and ensure the necessary level of security for end customers.

Many people know that often in Russia they remember information security after an incident and only large corporations can afford proactive protection. MSSPs allow you to resolve this issue by sharing protective equipment, "he explains.

Ramil Khantimirov, CEO and co-founder of StormWall, is confident that more and more information security solutions will be provided in the form of cloud services. This method of providing information security functions allows not only to make them more accessible, but also increases the ability to protect customers from very powerful cyber attacks, which are now being implemented by attackers using large-scale botnets based on poorly protected gadgets and Internet of Things devices. And with the development of 5G communications, the power of attacks produced by botnets will increase significantly, the expert predicts.

Increased attack intensity and success

In 2021, experts expect an active increase in the intensity of attacks. According to Mikhail Levitin, R&D Director of Qrator Labs, attack speeds of several TB/s have already become available to order, which means that this year all online services will inevitably face exhausting massive attacks.

Previously, attacks with an intensity of more than 1 TB/s could last several hours, were well prepared, while they cost tens of thousands of dollars and were pointed at a specific victim, "says Mikhail Levitin. - In 2020, the popularity of special services for organizing DDoS attacks - the so-called "booters" - has grown. With their help, you can organize an attack on any IP installed as a target at a speed of several TB/s for only a couple of hundred dollars. The duration of such an attack can be several minutes, and if it does not work, then the customer can not spend money on continuing the attack.

The median duration of a DDoS attack is now about 5 minutes, since in case of failure, attackers do not spend time continuing the attack, and the customer - money to pay for it. This trend appeared in 2020 and will continue its development over the next few years.

In addition to the increase in the intensity of attacks, experts record a much larger number of successful attacks than before. This can be explained by the fact that solutions for protecting telecom operators from DDoS attacks were not ready for an increased number of attacks.

Obviously, re-equipment is underway: operator solutions are actively being replaced by cloud ones. Carrier solutions lag significantly behind the growth rate of attacks, since it is unprofitable for telecom operators to update equipment every year: such an annual upgrade entails large capital expenditures, while in the absence of attacks in "peacetime" these resources will be idle. Therefore, in the regions where operator solutions prevailed, the number of attacks that reached the target increased significantly, - said the R&D director of Qrator Labs.

A new approach to information security personnel training

Another trend that experts are talking about is associated with a new approach to training specialists in the field of cybersecurity, the demand for which has recently grown.

Training a good specialist is a rather time-consuming and lengthy process, "says Aydar Guzairov, CEO of Innostage. - Now colossal efforts are aimed at reducing the time of personnel training and maintaining experts at a high level. We live in a large-scale cybercriminal business, so it is critical that specialists have "combat" practice, train against real attacking traffic, learn to protect real objects with critical infrastructure. In this sense, cyber training and cyber polygons with digital twins are showing themselves well. I think this format in the coming years will become the main one in the process of training information security specialists.

Import substitution

Import substitution should also be among the most noticeable trends. According to Mikhail Ivanov, General Director of S-Terra CSP, the transition to Russian-made hardware platforms included in the THORP register is in full swing.

We are also actively working in this direction, already offering VPN gateways to Russian companies on Russian hardware platforms, which, I note, allow users to provide the previous level of encryption performance (from 5 Mbps to 40 Gbps) and even slightly reduce the cost of crypto locks, - he notes.

Fyodor Dbar, Commercial Director of Security Code, talks about the imminent emergence of requirements for the mandatory localization of critical information infrastructure facilities.

They have not yet been officially published, but by the end of this year they may appear in the legal field, the expert clarifies.

The processes of import substitution and other factors spur. As Ekaterina Afanasyeva, head of the financial department of Cross Technologies, notes, the cost of foreign software has grown by at least 20% due to new taxation, the exchange rate is growing, logistics and customs payments increase the cost of foreign hardware, delivery times from abroad are becoming less and less predictable in the era of a pandemic - against this background, domestic decisions really look more attractive and reliable.

Other trends

Dmitry Luchko, Head of System Integration at Digital Design Group of Companies, notes that many companies mature in terms of information security issues are faced with problems of building the information security management process, interacting with related business units and assessing information security risks. In this regard, the growth of the SOAR and SGRC cash register systems in the Russian and world markets is expected.

Also, the Digital Design expert predicts the inevitable integration of secure development processes DevSecOps when creating information and technological systems and improving the regulatory framework in this area.

Many companies demonstrate by their example that DevSecOps practices accelerate the time-to-market of digital products by early detection and correction of information security problems, he clarifies.

Alexandra Savelyeva, coordinator of AV Soft projects, refers to trends in the increase in the number of SOC centers and MDR solutions, both within organizations and their use as a service. They help control complex incidents and allow you to focus on core activities.

Vladimir Lavrov, head of information security at Softline, notes the increase in his own capacities (resources, tools, internal integrators) in the field of information security among large customers.

We observe this through strengthening internal integrators, building our own information security services within companies, high demand for personnel, building a certain independence and self-sufficiency of companies, he notes.

Dmitry Shamonin, technical director of Smart-Soft, names the following key trends:
1. Application of AI in information security systems.
2. Accelerate migration to clouds.
3. Emergence of new niche highly specialized solutions.

Gartner names 10 top cybersecurity trends in 2021

At the end of May 2021, the online publication CRN presented a list of major trends in cybersecurity related to the emergence of new threats, technologies and business models in 2021.

1. Multifactor authentication vulnerability

Hackers learned to bypass Microsoft's authentication procedure: attackers took advantage of system flaws in the Windows authentication architecture, which allowed them to move horizontally inside the network, as well as between the network and the cloud, creating false credentials, posing as legitimate users, and bypassing multifactorial authentication.

2. Cyberinsurance

Cyber ​ ​ insurance contributions increased by 29% in 2020, as in the new conditions, companies of all sizes require protection against network intrusions, data theft and ransomware viruses. The transition to remote work at the beginning of the pandemic, combined with increasing phishing attacks, made companies more vulnerable.

3. Advanced Threat Detection and Response (XDR)

XDR provides cross-layer threat detection and response by combining security information and event management. XDR collects and then correlates data at various levels of security, including endpoints, email, servers, cloud infrastructures, and the shared network.

4. Internal threats

Insider threats returned to the scene in the summer of 2019, when former employee Amazon Web Services Page Thompson gained access to customers' personal information. Ultimately, Capital One more than 1 million Canadian Social Security numbers, 140,000 Social Security numbers USA in and 80,000 related bank account numbers of Capital One customers were compromised.

5. Ransomware Virus Attacks

The victim profile of the ransomware has become more prestigious since 2020. The victims are no longer small companies, but well-funded technology firms that manage the data and web traffic of the richest companies. Since the beginning of 2020, ransomware viruses have disrupted five of the 50 largest IT solution providers in the world - Cognizant, CompuCom, Conduent, DXC Technology and Tyler Technologies.

6. Secure Access Border Services (SASE)

Secure Access Service Edge, or SASE, stands out for its relatively new security model, involving a combination of network and security services. SASE tools can identify sensitive data or malware, decrypt content, and continuously monitor sessions for risks and levels of trust.

7. Dedicated Target M&A Companies (SPACs)

For the first time in history, cybersecurity firms have moved to forgo an initial public offering in favor of a merger or takeover by a shell company that is already public. With the SPAC, the target company can go public quickly and without a fair share of the volatility associated with a traditional IPO. Thus, investors can join high-yield investments with limited risk.

8. Supply chain attacks

The attack on SolarWinds' Orion network monitoring platform sent shockwaves around the world, with hackers hacking into nine elite US government agencies and roughly 100 prominent private sector companies with the infected Orion update. SolarWinds does not know exactly when or how hackers first gained access to its environment, but initial access most likely occurred through a vulnerability in a third-party application or device.

9. Unicorn Companies

In 2021, funding for cybersecurity startups rose sharply: in the first four months alone, the cost of 14 startups was estimated at more than $1 billion. According to PitchBook, only five cybersecurity companies managed to achieve this status throughout 2020, and only eight companies in 2019.

10. Zero Trust Model

The "zero trust" model for security reflects four principles: no user should be trusted by default because they can be compromised; VPNs and firewalls cannot do this alone as they simply guard the perimeter; identification and authentication of the device should take place throughout the network, and not just around the perimeter; microsegmentation helps minimize damage from hackers by creating internal walls and locks.^[12]

Key trends in information security and cyber risk management - Gartner

At the end of March 2021, the analytical company Gartner presented a list of the main trends in the field of information security and cyber risk management, which will help company leaders quickly rethink the development of events and the structure of their organization.

Trend# 1. Cybersecurity network

A cybersecurity network is a modern approach to security that involves deploying controls where they are most needed. Instead of running all security tools in isolation, the cybersecurity network allows tools to interact with each other. This approach is especially relevant for distributed IT assets, which are now often outside the traditional perimeters of the enterprise.

Trend# 2. Security comes first

The new approach to security puts identification at the forefront of system design and requires a significant revision of traditional parameters in the design of peripheral networks. The SolarWinds attack showed that companies need not only authentication systems, but also effective monitoring of these systems to identify appropriate attacks.

Trend# 3. Remote Security Support

According to a Gartner survey, 64% of employees can now work from home, and at least 30-40% intend to continue working in this mode even after a pandemic. For many organizations, this transition requires a complete change of security tools suitable for a modern remote workspace. Security managers should also review data protection, disaster recovery, and backup policies.

Trend# 4. Cyberspace Board of Directors

In a Gartner survey, directors ranked cybersecurity as the second largest source of risk to the enterprise after compliance. Large businesses are starting to set up special cybersecurity committees at the board level. Gartner predicts that by 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member.

Trend# 5. Consolidating Security Vendors

A Gartner survey found that 78% of information security directors use 16 or more tools in their cybersecurity portfolio; 12% have 46 or more. A large number of such products increase complexity, integration costs, and staffing needs. In a recent Gartner survey, 80% of IT organizations said they planned to bring suppliers together over the next three years.

Trend# 6. Privacy-enhancing computing

Computing methods are emerging that increase user privacy and protect data while it is being used. This ensures secure data processing, sharing, cross-border transmission, and analytics even in unreliable environments. Especially relevant are these innovations in fraud analysis, intelligence, data sharing, financial services, pharmaceuticals and healthcare.

Trend# 7. Hacking and attack simulation

Hacking and attack modeling (BAS) tools are emerging that provide a continuous assessment of the company's protection. The inclusion of BAS in regular assessments helps cybersecurity teams identify security gaps more effectively and prioritize security initiatives more effectively.

Trend# 8. Machine Identity Management

Machine identity management is aimed at controlling the identity of machine processes interacting with other objects, such as devices, applications, cloud services, or gateways, which in modern conditions becomes an urgent need.^[13]

Varonis names cyber security trends in 2021

On January 11, 2021, Varonis announced cybersecurity trends in 2021.

Experts predicted five main trends that will determine the development Russian INFORMATION SECURITY of the market in the coming 2021. According to the company's specialists, the key changes in the industry will be due to the transition to hybrid graphics, combining remote office work, limited business budgets, as well as an increase in the activity of cybercriminals in the face IT of changes in the company's -landshaft.

1. Rethinking approaches to information security in a hybrid work format

The information perimeters of companies will become even more blurred: now they need to include all the devices on which employees work. The widespread transition to remote work will cause the perimeters of organizations to change. The factor of geographical distribution of jobs is increasing: including due to the fact that companies in remote work began to hire employees from other regions more often. Decentralizing infrastructure, moving resources to the cloud, and leveraging employee collaboration tools also lead to the need to significantly change the information security paradigm.

For the information security director, this means the need to protect not only the infrastructure deployed at the company's sites and in the clouds, but also the information systems at the disposal of employees at their home. To do this, it is important to clearly understand which data is stored on personal devices, and what risks arise from this.

{{quote "Remote work is very different both in terms of building business processes and in terms of data protection. When an employee is not in the office, no one reliably knows under what conditions he is now working, who else sees the information on his screen. You can't even say for sure who actually works with the company's data: the employee himself or the attacker who intercepted the account data. This creates additional risks and the need to introduce protection tools, "says Daniel Gutman, head of Varonis in Russia. }}

2. Increase in the share of information security in the IT budgets of Russian business

The difficult economic situation leads to two consequences. On the one hand, it spurs the growth of cybercriminals. On the other hand, it limits the growth of business IT budgets. Investments in information security are traditionally estimated as a percentage of companies' IT budgets. In a situation where companies' technology budgets are not growing on average (and many companies are shrinking), a temporary redistribution of budgets in favor of security tools is likely - primarily by reducing the cost of developing IT infrastructures.

In addition, in many companies there will be a redistribution of information security budgets. The emergence of fresh threats leads to the need to build new security models, assess risks, investigate incidents, so part of the budgets will be redistributed in favor of consulting services.

3. Using Behavioral Analysis to Protect Data

Among information security experts, there is already an understanding that there can be no single solution that protects the company from all threats. A reliable security system has a modular structure and consists of a set of integrated solutions. Perimeter and Firewall Protection, Web Application Security (WAF), and Data Breach Prevention (DLP) tools become mandatory for any large company.

In addition, analysts predict system sales growth in the Managed security services (MSS), SOC and SIEM categories. According to Varonis experts, the role of behavioral analysis tools will grow in all these solutions. This trend is due to the need to recognize atypical behavior and abnormal activity of accounts in remote work conditions.

4. Development of automation tools

Increased activity of attackers and limited resources lead to a growing need for technologies that allow automating the work of information security departments. For example, such tools include tools for automated classification of data by their privacy level.

Serious development in 2021 will also receive correlation tools that allow you to correctly find the relationship between events and pay attention to the information security department only to really dangerous events. Such systems will help, on the one hand, to save employees from having to check a huge number of notifications, and on the other, not to miss really important alerts that indicate potential attacks.

5. Information security specialists will develop analytical skills

The requirements for cybersecurity specialists are changing significantly. Information security directors and their subordinates do not have enough technical data, and more and more analytics skills are required. To build and develop a viable cybersecurity system, you need to constantly analyze business processes and understand their bottlenecks.

Successful CISO should not only know the theoretical base, but also understand the composition of the data in the organization, their storage locations, the level of confidentiality and specific risks for each data category. Employees of information security departments require a combined set of technical and analytical skills, which in turn will change the educational programs for training cybersecurity specialists.

2020

Gartner gave recommendations on information security: top 10 tasks for the company

In mid-September 2020, Gartner presented recommendations for information security and risk management executives at companies.

1. Remote Workforce Protection

Several months have passed since the beginning of the pandemic, and it is time to assess the business requirements of the company and the capabilities of employees working remotely. Analysts recommend that information security specialists assess the distribution of access levels and the feasibility of the protection measures used.

2. Risk Management

Analysts recommend not spraying forces, but focusing on those problems that can really threaten business. Instead of mass non-hierarchical assessment, you should use threat analytics, assess the activity of attackers and the criticality of internal assets.

3. Applying XDR Solutions

XDR is a unified advanced incident detection and response platform that collects and correlates data from multiple security systems. Platform-level integration occurs during the deployment phase rather than being added later. This allows you to more effectively detect threats and respond to incidents. For example, XDR tools can "understand" that attempts to inject malware through email, endpoint, and network are, in fact, one complex attack.

4. Moving from Local Protection to Cloud Protection

Cloud applications are extremely dynamic and need automated security. Secure Access Service Edge (SASE) technology allows enterprises to better protect mobile employees and cloud applications by routing traffic through cloud security solutions than in the "classic" version of inbound processing in their own data center.

5. Easily manage cloud access

Cloud access is usually controlled by CASB through a built-in proxy server, which allows active blocking if necessary. CASB solutions are also quite flexible and guarantee the accuracy of traffic monitoring and access security.

6. DMARC - message identification, reporting and mapping by domain name

DMARC is a technical specification designed to weed out spam and phishing emails that uses sender email domain identification. Analysts remind that DMARC is not a comprehensive solution for email protection and should only be an element of a holistic approach to security. However, it could offer an additional layer of verification and help avoid many cyber attacks.

7. Password-free authentication

Employees often use the same passwords for their work computer and for personal email, which can cause serious problems. Analysts remind that password-free authentication is much more secure and can be implemented in various ways.

8. Data Classification and Protection

A universal approach to security creates areas with uneven levels of protection for various kinds of data, thereby increasing the risk to the organization. Gartner analysts recommend classifying data by significance before configuring security technologies.

9. Personnel Competency Assessment

There are no ideal candidates, but analysts recommend allocating five to six mandatory competencies for each project before appointing a manager. At the same time, competencies can be evaluated in various ways, including using cyber ranking and cyber simulation.

10. Automate security risk assessment

This is one way to help the security team understand the risks associated with new projects, or risks at the level of individual programs. Analysts note that the stage of risk assessment, as a rule, is either skipped at all or carried out in a limited way. Automation will help optimize this process.^[14]

Microsoft: The COVID-19 pandemic has changed the future of the information security market in 5 areas

At the end of August 2020, Microsoft published the results of a study on the impact of the COVID-19 pandemic on the information security market. Among other things, Microsoft was interested in how the heads of cybersecurity departments intend to plan budgets, staffing and investments. According to the results of a global survey, Microsoft has identified five priority areas for market development.

"'Digital Empathy

During the pandemic, companies acknowledged that collaboration applications do increase productivity and should be a priority when creating a healthy remote work environment. Microsoft called the phenomenon "digital empathy." However, to create it, it was necessary to expand security policies so that employees could use as many applications as possible to work remotely from home computers. The inclusion of multifactor authentication has become the basis for further development and a priority area of ​ ​ investment during a pandemic for 41% of managers.

"'Zero Trust

Zero Trust has become a business priority as executives have struggled during the pandemic to cope with the influx of new, potentially unsecured devices connecting to corporate networks. More than half (51%) of executives have accelerated the rollout of the Zero Trust and believe it will become an industry standard over time. Overall, plans to roll out new Zero Trust capabilities were reported by 94% of companies in the Microsoft survey.

"'New Anti-Fraud Tools

According to Microsoft, 54% of security executives reported an increase in the number of phishing attacks since the beginning of the pandemic. The deployed network of cloud tools and datasets allowed them to fight them. Microsoft said it monitors more than eight trillion threat reports daily using a variety of products, services and channels. At the same time, the company combines automated tools and analytical abilities of employees to protect end users.

"'Cyber resilience is the foundation of business operations

In a pandemic and the ongoing work of most employees at home, enterprises must take care of the cybersecurity problem in order to regularly assess their risks and the ability to implement new plans. Cloud technologies could make it easier to assess cybersecurity risks and create emergency plans, according to Microsoft. More than half of cloud and hybrid companies in a Microsoft survey reported that they developed a cyber resilience strategy for most risk scenarios, while among predominantly local organizations this share was only 40%. Meanwhile, 19% of companies relying mostly on local technology said they did not plan to support the documented cyber resilience plan.

"'Cloud is the key to security

A Microsoft study found that successful phishing attacks were reported significantly more often by organizations that used local (36%) than cloud resources. At the same time, nearly 40% of businesses said they prioritised investing in cloud security to reduce the risk of hacking. Data and information security (28%) and phishing protection (26%) follow. In general, according to Microsoft, the COVID-19 pandemic has shown that enterprises need an integrated security system that covers endpoints in the cloud.^[15]

Trends and prospects of the Russian information security market

In the summer of 2020, TAdviser spoke with representatives of Russian information security companies and learned what trends prevail in this market and how they will affect its development in the near future.

In 2020, the most important event in the information security market can be called the massive transition of a huge number of companies to a remote mode of operation. Most organizations had to rebuild on the go, change their approach to ensuring information security, use new technical means to recognize their friend or foe, including using artificial intelligence, says Andrey Shpakov, head of the technical consulting department at S-Terra CSP.

With the massive transition to a remote format of work, the load on IT and information security units has significantly increased. In general, everyone recognized and felt the difficulties of working in a "blurred contour" and the importance of employees' high cyber literacy to prevent incidents. At the same time, a number of companies began to consider the possibility of remaining partially remote even after the abolition of all restrictions.

In the future, this can change the structure of key information security risks and significantly affect the development of information security, and the criticality of projects. In the future, 2-3 years of information security and IT will increasingly go into the clouds so that such sharp transitions to "remote" are not so painful for business, - believes Alexey Gorelkin, CEO of Phishman.

According to Dmitry Pudov, Deputy General Director for Technology and Development of the Angara Group of Companies, the most important phenomena of recent times are increased regulation, the rapid growth of Russian manufacturers, and the growing popularity of the service model in information security.

I am quite optimistic about the prospects of the Russian information security market. Moreover, the current situation may even be a catalyst for growth. What happened made many organizations pay attention to the existing gaps in this area, to the issues of readiness for safe "digital" interaction with customers and partners, he says.

Cross Technologies notes the increased level of maturity of companies and notes that many organizations have come to the processes of cybersecurity monitoring centers and are gradually beginning to implement SOAR systems with optimization of response scenarios within business processes.

Today's trends are SOAR (automation), zero trust networks, behavioral analytics testify to this regular requests from customers to our company. The first place is taken by the issues of automation of processes of the management incident, in terms of response and investigation of information security incidents with the introduction of decision-making assistance systems based on machine learning algorithms, - say Cross Technologies.

Director of the Technology Development Department of Aladdin R.D Denis Sukhovey believes that there has been a radical reassessment of values ​ ​ in the information security market. If earlier information security issues were assigned, if not the last, then far from the first place, now the tasks of ensuring the protection of information have turned out to be paramount. If earlier they talked about protection measures only when incidents occurred, now each organization is trying with all its might to avoid these incidents by conducting a proactive style of doing business, the expert says.

The digital vector of economic and business development, as well as the experience of emergency consolidation of resources in force majeure circumstances in 2020, are catalysts for the development of a range of information security solutions, said Murad Mustafayev, head of the information security service of Onlanta (part of the Lanit group). Since information security is in step with the development of almost any technology, a serious increase in investments in information security in general is obvious.

Sergey Voinov, CEO of EveryTag, believes that with the growth of threats in the future, more and more organizations from SMEs and large businesses will invest in new information security technologies that can not only reduce the likelihood of data leaks, but are also guaranteed to identify attackers. Also, according to him, the business will invest more in training employees in the rules of information hygiene - now only 42% of companies are engaged in this.

According to Dmitry Elfimov, head of the Information Security Directorate of Kaluga Astral, in the near future the information security market will continue to grow following the widespread informatization of both government agencies and business. More and more threats and vulnerabilities and new means of combating them will appear. The active introduction of artificial intelligence in decisions on information protection will begin, it will take over part of the functions of information security specialists, will make operational, situational decisions.

Oleg Gubka, Development Director of Avanpost, believes that serious negative consequences for the information security market in a pandemic are still invisible. At the same time, according to him, if April was a month of adaptation to new realities with low market activity, then in May the number of requests from customers and partners increased significantly.

I would like to hope that such high activity will continue until the end of the year and it will not be subject to the usual seasonal fluctuations. This will help you better cope with external negative factors affecting the Russian economy as a whole, says Oleg Gubka.

Lev Matveev, chairman of the board of directors of SearchInform, calls the spring-summer months of 2020 stressful for everyone. At the same time, in his opinion, they allow you to check the strength of market representatives.

Whoever rolls up his sleeves and works has a technically strong product - protected by his own product from all adversity. And who rather had good sales and administrative resources, he asks for help from the state. In part, the outcome of the current crisis will affect the market in 2021-2022: it may turn out that a number of vendors will have nothing to offer customers. But there will be no less demand. The more business processes go into "digital," the more information you need to protect: after all, it's one thing when you read news for a PC, quite another thing when you draw up a transaction in electronic document management. The digitalization process does not stop, so the upper bar of the information security market will continue to grow. In addition, the recent massive transition to remote work exposed many corporate security problems, increased protection requirements, "says Lev Matveev.

Maxim Filippov, Business Development Director of Positive Technologies in Russia, believes that restrictions in work related to the pandemic, as well as the deteriorating market conditions, have an impact on the market as a whole. He notes that companies may face freezing projects as a result of blocking budgets, with extended equipment delivery times, including plant downtime, as well as an increase in the number of information security incidents, since it is during such periods that the activity of attackers increases.

If the remote operation mode is delayed, then it is possible to predict likely changes in the landscape of the Russian information security market, including through the acquisitions and bankruptcies of those of its players who will not be able to carefully and thoughtfully plan their cash flow, optimize costs, that is, generally prepare for "slip" this year. Negative trends associated with these events, we will feel sharply not only in the second half of 2020, but also in the next 2021. And, perhaps, the next 2021 year is no less alarming than the second half of the current year, the expert adds.

Andrei Yankin, director of the Information Security Center of Jet Infosystems, predicts that in the next couple of years we will observe a redistribution of the market rather than its dramatic fall.

The general decline in demand associated with the economic crisis will be offset by an increase in demand from companies developing online services and working in the field of e-commerce, the spread of remote work. It is also possible to predict the deferred demand for protection systems associated with the growth of cybercrime, which inevitably occurs during periods of economic decline, - notes Andrei Yankin.

Gartner named 7 trends in information security

In late April 2020 consulting , the company Gartner released a research report on 2020 trends in safety and risk management.

1. The concept of data security management is used to assess the priority of investments.

Companies understand that data security is not just a technological problem. Effective data protection requires the Data Security Governance Framework, which evaluates the context for creating and using data. This approach can also be used to assess future investments in security technologies.

2. Assessment of the organization's readiness to accept risk is directly related to business results.

Security and risk managers say one of the biggest challenges is their inability to communicate effectively with business project leaders. As a result, management cannot reasonably assess the level of risk in the implementation of certain projects or misses opportunities due to risk reassessment. Assessment of the organization's readiness to take risks is an effective tool that can help the company achieve its stated goals and directly affects the final indicators.

3. Interest in implementing or improving security centers (SOCs) with a focus on threat detection and response.

The growing sophistication of cyberattacks and the complication of tools to combat them have led to companies having to engage outsourcing companies to monitor cybersecurity or set up their own security centers. Gartner predicts that by 2022, 50% of all SOCs will be upgraded with integrated incident response, cyber intelligence data utilization, and threat detection.

4. Rise of hardware, biometric and password-free authentication.

Passwords are an easy target for hackers using social engineering, phishing, stolen credentials. However, hardware and biometric authentication methods are becoming more and more accessible and accurate, which, together with the advent of password-free standards, contributes to the growing popularity of this method.

5. Premium packages and training services from security vendors.

The demand for cybersecurity specialists is growing due to the constant complication of cyberattacks and security measures. According to Gartner forecasts, up to 1.5 million cybersecurity specialists will be missing worldwide by 2020. The lack of specialists of the necessary qualifications prompted security vendors to offer premium packages that combine the supply of software with services for implementation, configuration and operation. In doing so, they help customers benefit from their use faster.

6. Organizations are investing in cloud security technologies, which is becoming the main computing platform.

Almost the entire IT sector is switching to cloud computing. Organizations now need to invest in professionals, processes, and tools to manage this rapidly changing environment, such as cloud security brokers and cloud security health management.

7. Traditional security markets adopt CARTA's strategic approach.

The Adaptive Continuous Risk and Trust Assessment (CARTA) system developed by Gartner is a strategic approach to security that denies the presence of ideal protection and offers in return an adaptive technique with a constant reassessment of security needs and measures. According to Gartner analysts, traditional LAN security and email protection systems have already begun to adopt CARTA principles.^[16]

2019

Trends in the Russian information security market

Automation of processes in information security

Automation of processes is designed to save organizations from a shortage of personnel and routine tasks facing employees of information security departments.

According to Alexander Borisov, an expert in the field of cybersecurity ICL Group, interest in BAS systems is increasing. BAS systems can automate some tasks from the field of infrastructure penetration testing. This facilitates the security analysis process for companies using such tools.

The need to provide information security when introducing new technologies

The need to provide information security when introducing new technologies such as clouds, big data, mobile technologies, robotization, etc., is another trend.

According to Andrei Tymoshenko, information security manager at Accenture Russia, in some companies the introduction of this kind of technology is hampered by information security requirements, in others, on the contrary, it is an additional incentive for the development of information security competencies and the introduction of modern protection tools. One way or another, the business, understanding the advantages that new technologies give, begins to motivate its employees to solve information security issues proactively.

SOC Services

Integrators are responsive and responsive to market changes. For example, with the release of No. 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation," customers have a need for information security management centers, the Security Operations Center (SOC).

This wave was picked up by integrators who offer the services of their own SOCs according to the outsourcing model, - notes Nikolai Zabusov, Director of the Information and Network Security Department of Step Logic.

Digital economy, as an accelerator for the development of the information security market

The transition to the digital economy implies the introduction of not only business solutions, but also SMT. Universal digitalization, the transition to the Internet of things, to wireless information transmission systems ― all this also requires the construction of comprehensive information protection systems, notes Dmitry Livshits, General Director of Digital Design.

Vladimir Balanin, head of the Information Security Department of the I-Teco Group of Companies, adds that within the framework of the Digital Economy national program, changes are being prepared to existing legislation, the adoption of new regulatory legal acts and national technical standards in the field of information security. The changes will affect the functioning of the Russian segment of the Internet, the processing of personal data on social networks, the Internet of things, the exchange of information about computer incidents, threats to the security of information and much more.

Of course, these changes will become accelerators of further market development, information systems and services will be created immediately taking into account information security aspects, he says.

New regulatory requirements

The information security market traditionally remains one of the most attractive in the field of technology. According to Yakov Grodzensky, head of information security at SysSoft, the need to invest in information protection is caused not only by the diversity and increasing complexity of threats, but also by new requirements from regulators: issues of protecting critical information infrastructure, new requirements of the Central Bank of the Russian Federation to protect information of banking organizations. In addition, the requirements of regulators and information protection tools are being tightened.

Practical safety

Regulators undoubtedly act as drivers of the information security market: companies are trying to comply with the requirements of the law. But the picture is gradually changing: it is good and necessary to comply with the letter of the law, but real problems are manifesting themselves more and more often.

If the company has, say, certificates according to international standards ISO 2701 and PCI DSS and all other certificates, but it has contracted a ransomware virus, all assets instantly become affected and simply having certificates will not help. There will be two options: either restore all of the backups (if any), or pay money to the attackers, "says Vasily Stepanenko, director of the DataLine cyber defense center.

Thus, in his opinion, the trend is shifting towards practical safety.

It is not enough to buy a firewall, it must be configured and then administered, and this is a constant process. FSTEC has no setup requirements, the CEO of the company probably does too. In this case, attackers are the driving force for the company to make these settings. Responsibility for this work may already lie with the Chief Information Security Officer (CISO). This is the person responsible for information security. Here you can draw an analogy with a doctor. If the doctor in the office has the whole wall in the certificates, but his patients die, then there is no trust in such a specialist. CISO may have many diplomas and merits on paper, but it is important what happens to its company in practice, the DataLine expert concludes.

Import substitution

Over the years, the import substitution trend has not weakened in the information security market.

Andrei Tymoshenko, information security manager at Accenture Russia, believes that import substitution on the one hand pushes Russian manufacturers to create and develop their own information security solutions, on the other, it provides additional opportunities for manufacturers of information security solutions from countries such as China or Israel.

According to Oleg Shaburov, head of the information security department of Softline, every year the maturity of Russian solutions is growing and in some product areas Russian origin is only a pleasant bonus: the choice of customers is made on the basis of functionality.

Alexander Bondarenko, General Director of R-Vision, adds that large business is increasingly replacing the existing information security technologies with domestic counterparts, and when implementing new projects, more and more attention is paid to choosing a manufacturer in the context of possible sanctions and political risks.

Dmitry Elfimov, head of DITiZI of Kaluga Astral, recalls that at the end of 2018 the next directive "On the predominant use of domestic software" was issued, according to which now state corporations are obliged to gradually replace system and applied software with analogues of domestic manufacturers. At the same time, the share of domestic software in the total volume of purchases is measured as a percentage of specific monetary amounts (from 50% and more). The total cost includes not only the cost of hardware, but also services: selection of solutions, their implementation, technical support.

Thus, domestic decisions begin to occupy a denser niche and the monetary amounts taken into account when calculating the share in the framework of import substitution are significantly increasing. After the final transition of the public sector (2021), it is possible to predict interest in import substitution and other categories of customers (for example, commercial organizations directly working with the public sector), he notes.

Nikolai Zabusov, director of the information and network security department at Step Logic, believes that one of the most striking events in 2019 was the withdrawal from the Russian market of the American company Splunk, which produces solutions for analyzing big data, including for cybersecurity tasks. This, in his opinion, shows how vulnerable the infrastructure, completely built on the basis of foreign products, can be.

In this regard, systemic investments are needed in the production of high-quality Russian SMTs. I would like to hope that in 2019 a number of domestic means of protection will "ripen," created not only under the closure of formal legislative requirements, but also with competitive functionality, - notes."

The growth of the role of the state in the information security market

A number of experts pay attention to the growing role of the state in the information security market.

If earlier we talked about state structures and companies with state participation, as a segment that forms a noticeable share of demand and spurs the development of the market, now there are more and more insourcing structures that, in my opinion, limit this development, - notes Sergey Sherstobitov, CEO of Angara Technologies Group.

Increasing competition within the market

The market is actively moving - this is also manifested in the fact that there is an intense competition in the already established segments both for current customers and for customers of those companies (mainly foreign) that are gradually losing their positions in the Russian market. Competition between segments within the market is also increasingly developing.

New technologies, products and services are actively claiming funding that was previously allocated to more traditional security solutions, creating additional pressure on established players. However, it is too early to talk about any global changes in the structure of the information security market, - believes Alexander Bondarenko, General Director of R-Vision.

Change in the composition of active consumers of information security technologies

If earlier the financial sector was definitely the champion in information security financing, then in recent years there has been a steady increase in interest and, most importantly, funding for information security projects in other industries. Alexander Bondarenko, among such industries ranks industry, the public sector, power, oil and gas. The financial sector, in his words, on the contrary, has somewhat "slowed down."

Other trends

Every year, certain trend solutions prevail on the Russian information security market. Some solutions have long been "classics" and do not need to be introduced (antiviruses, protection against DDoS attacks, protection against NSD). But some decisions are knocked out in the top or arouse new interest.

Dmitry Elfimov refers to such solutions, in particular, IDM systems:

This system helps not only to differentiate the access rights of different users, but also to build an integral comprehensive system with business processes, goals, tasks, etc. that are understandable to all users.

He also highlights SIEM solutions among the trends.

With the growth of companies, the volume of information that is stored, processed and transmitted both within the company and in the outside world is also growing. SIEM solutions allow you to create a unified security event management system in the company, Yelfimov notes.

Another trend, in his opinion, is associated with the cybersecurity of the ICS.

Today, a number of domestic manufacturers offer whole complexes of technologies and services aimed at protecting and supporting the life cycle of the infrastructure of industrial enterprises, the expert says.

Top 10 Internet of Things cybersecurity trends - Counterpoint Technology

In early February 2019, Counterpoint Technology Market Research provided ten information security forecasts for 2019.

1. Close cooperation between hackers

Hackers are divided into various groups: traditional and ideological, state-sponsored and freelance hackers. Analysts believe that these groups will soon begin to cooperate to take advantage of other people's products and services.

2. Cyber attacks as a service

Counterpoint Technology Market Research believes that hackers will increasingly use remote desktop protocols as a starting point for malware distribution in 2019. In addition, cybercriminals can create and sell software packages to run malware, allowing them to choose finished products and conduct attacks regardless of their own experience in this area.

3. Machine Learning as a Next Generation Weapon

Malware has already learned to bypass machine learning elements in deployed cyber protection systems. The next step, according to experts, will be the use of advanced machine learning tools to automate the choice of the target of hackers. Such tools will be able to learn software to find the least secure systems and their weak points.

4. Data theft is the new cash cow of hackers

The transition to digital technology and the Internet of Things has led to an increase in the amount of corporate and personal data stored in cloud systems. Data breaches are expected to increase significantly in 2019, especially from cloud servers.

5. Smart home devices and peripherals will become vulnerable to attack

Smart home devices that collect and store personal data are easy targets for a cyber attack, as they tend to be almost unprotected. And peripherals are equipped with extremely simple software to protect confidential data and work mainly on elementary operating systems.

6. Collaboration and expansion of partnerships between developers of cybersecurity solutions

Cooperation between software developers in the field of cybersecurity unites the achievements and power of companies. Together, they can present better solutions that can not only resist malware, but also learn and develop.

7. Multi-Factor Authentication and Intelligent Device Identification

Identification is a fundamental component of cybersecurity, including for the Internet of Things. The identification model by 2019 ceased to be user-oriented - now it is focused on the machine component. Analysts suggest that multifactorial authentication and intelligent identification will become the basis of IoT cybersecurity in 2019.

8. Machine Learning-Based Protection

Machine learning is already being used to monitor activity to detect malware. In addition, this technology not only processes and analyzes data much faster than traditional tools, but also provides prediction of threats and cyber attacks.

9. Cybersecurity solutions built into hardware

Hardware-level security implementation turned out to be one of the most interesting solutions of 2018, the study said. Such protection will help solve the problems of cloning and counterfeiting software, as well as provide secure authentication along with unique identification.

10. Growing demand for security personnel in the public and private sector

New laws requiring companies to protect sensitive user information have generated huge demand for skilled security personnel in both the public and private sectors.^[17]

2017-2018

Legislative trends

Trends in the Russian information security market are formed under the influence of legislation and the development of threats. Market participants remind of the tightening of fines for violation of the procedure for processing and protecting personal data, the adoption of a law on critical information infrastructure, the entry into force of GOST, which describes measures to protect information in financial institutions.

All these changes are motivators for investment in information security by companies, - said Yakov Grodzensky, head of information security at SysSoft

Dmitry Biryukov, head of the information security department of the Asteros group, adds that the state is conducting serious and constant legislative work: regulators continue to introduce additional requirements for the protection of information systems, for which large projects and new implementations are expected. We are talking, first of all, about the segments of critical information infrastructure, APCS, banking and telecommunications sectors, he notes.

According to Lev Matveev, chairman of the board of directors of SearchInform, the federal law on the security of critical information infrastructure is essentially a legal recognition of the problems and risks associated with cyber threats.

The law will seriously affect the industry, because we are talking about a new state strategy. Today, methodological recommendations are not fully defined and are in the process of being worked out. But all market participants are closely monitoring the process, "he explains.

Rustem Tursunbayev, head of the information security department of the Complink Group of Companies, adds that in connection with the new requirements of the state, some large customers are already forming their budget based on an updated legislative framework.

Shifting Emphasis Towards Riscorentated Security and Protection Against External Threats

One of the most notable and interesting trends is the shift in emphasis from regulatory safety to risk-based security and protection against external threats. Information security incidents have shown how vulnerable enterprises are to attacks from outside, and how much these attacks can affect business continuity and organization performance, as well as the overall availability of information systems and services.

This means that we will gradually move away from the traditional model of "privacy, integrity, accessibility" with a large traditional emphasis on privacy in the direction of accessibility or cyber resistance, i.e. the ability of the organization to withstand information security threats and quickly recover if implemented. This approach has long been actively developing in the West, and in Russia one of the active drivers of this term is the Central Bank of the Russian Federation, - notes Sergey Terekhov, director of the information security competence center of Technoserv.

Rethinking the role of information security for business

At the corporate level, there is a rethinking of information security as part of the overall corporate business strategy. Customers independently put forward a proposal to conduct a thorough audit of information security and draw up an organization development program.

Moreover, at the level of management of companies, an understanding is formed that information security is not a one-time project, but a continuous business process. In this regard, the growth of interest in GRC class solutions (Governance, Risk, Compliance) and the use of various BI tools looks quite logical, - said Alexey Grishin, director of the Information Security Center of Jet Infosystems.

Sergey Terekhov adds that information security is becoming more accessible and understandable for business and Chief information officers, which means that they are increasingly aware of the need for investments and want to see a return on them.

Involvement of senior management in information security issues

Another trend that market participants are talking about is the involvement of the top management of enterprises in information security issues.

Moreover, according to Nikolai Domukhovsky, director of the Department of System Integration of the UTSB, first of all, this involvement is realized through a stick, not a carrot: changes in the Criminal Code of the Russian Federation caused by the adoption of the law on the safety of CII, introduced criminal liability for non-compliance with information security requirements, if this entailed grave consequences.

Draft by-laws of the law on the safety of the CII of the Russian Federation contain specific tasks and functions of the management of the CII facility, which they must perform on an ongoing basis. I.e. the notorious "management involvement," which appears in the ISO 27000 series of standards in terms of CII facilities, has every chance of turning into a set of mandatory requirements, and not general recommendations, as is now the case in the mentioned series of standards, "he notes.

Personnel deficit

The digitalization of the economy determines the key trends in the development of the information security market. As noted by Sergey Sherstobitov, CEO of Angara Technologies Group, since the information security industry in Russia is growing at a rapid pace, one of the main trends is the personnel deficit.

We observe a gap between the need for high-class information security professionals and the number of specialists produced by universities and the level of their training, he notes.

Shift the focus of information security developers per person

The market has a noticeable trend towards the creation of technologies that prevent incidents by analyzing the user's behavior, identifying anomalies in his actions. There are more channels through which corporate information is transmitted, and it is increasingly difficult to control them. However, the most unpredictable source of threats in information security remains a person. The focus of interest of developers is shifting to it, says Lev Matveev, chairman of the board of directors of SearchInform.

We are no exception - this year we headed for the integration of profiling technologies into DLP. I must say that this experience is unique not only for Russia, but for the world, because there are no well-trodden roads here and we ourselves need to create both a theoretical and a practical basis for this. In the fall at our Road Show, we presented the first version of Profile Center and collected the first feedback from potential customers. I am sure this functionality will become a trend in the information security market, - he adds.

Maria Voronova, head of consulting at InfoWatch Group of Companies, also calls the analysis of the user's behavioral model a trend that will allow you to proactively detect potential information security threats.

Systems of the UEBA/UBA (User (and Entity) Behavioral Analytics) class solve both internal information security tasks of the organization related to employee behavior and external ones, for example, help to prevent a hacker attack by compromising the legitimate user account. Many DLP and SIEM vendors are now creating UEBA solutions based on their technologies, she notes.

Establishment of coordination bodies

The main source of threats is the malicious services industry, which is constantly increasing momentum and acquiring more and more features of a developed market with well-developed business models.

According to Alexey Grishin, director of the Information Security Center of Jet Infosystems, the state and a number of industries are responding to threats to the creation of coordination bodies that set information security standards and serve as platforms for the exchange of experience, for example, State system of detection, prevention and elimination of consequences of computer attacks and FinCERT of the Bank of Russia.

But this is just the beginning of history, and in the next few years we will have new coordination structures in various industries, "he says.

Import substitution

Import substitution is one of the key trends in the Russian IT market. However, its impact on the information security market is assessed by domestic experts in different ways. Some notice a significant increase in demand for Russian solutions, others note that Russian manufacturers initially prevailed, and the trend towards import substitution contributed only to a slight increase in their share.

Dmitry Gvozdev, CEO of Information Technologies of the Future, calls support for import substitution by the state - a key and dominant trend.

While the Russian Federation remains dependent on the Western element base, security software is a key element in preserving the security of digital infrastructure, so the state promises and provides active legislative and financial support to the information security segment, he says.

Read more about how the import substitution trend was reflected in the information security market and what prospects this process has in a separate article.

Market Segmentation in Terms of Security Approaches

During this year, a number of trends were formed that played a decisive role in doing business in the field of information security. Market segmentation in terms of security approaches has become clear: a pool of companies has clearly formed that recognize the direct relationship between the viability of their business and information security.

As Maxim Filippov, Business Development Director of Positive Technologies in Russia, notes, these are companies that build their work with an emphasis on digital. They are investing in the latest protection technologies and are pushing other market players in many ways towards security.

Such companies still account for about 10% of the market, but gradually their number is growing, he adds.

SOC

Today, the existence of a preventive protection system that would be able to provide 100% protection is unfortunately almost impossible in most cases. Therefore, the task of detecting and competent response to attacks comes to the fore.

According to Andrei Zaikin, head of the CROC information security department, in this regard, SOC (Security Operation Center) initiatives are actively developing on the market. They include three components:

• Protection technologies, which today are many
• Employees who are responsible for information security
• Regulations and rules that allow you to build clear processes to prevent attacks, as well as respond to information security incidents if they occur

STC Vulkan also believes that trends related to the construction of the Security Operations Center (SOC) prevail in the Russian information security market. According to company representatives, this is caused by the acute relevance of the issue of prompt detection and response to information security incidents.

In 2017, many large companies began creating these centers. Taking into account the duration of the implementation of projects, they will continue during 2018, and, possibly, 2019, - said Alexander Kuznetsov, head of information security at the Vulkan Research and Development Center.

Protection against paper leaks

Attackers - especially unscrupulous employees of companies - began to understand that the digital information infrastructure in many organizations is already almost guaranteed to be protected from incidents by DLP-class systems. However, at the same time, the security of paper documents and their electronic copies "subsides."

In this regard, the number of leaks of documents of this format is also growing. At the moment, the information security market is just beginning to develop products that protect against paper leaks. These decisions are reactive: due to the fact that each employee in the company working with a document in the EDMS receives an individual copy of it, in the event of a "drain" of information, the system allows you to investigate the incident and find the culprit, "says Anton Samoilov, CEO of EveryTag.

But the application of such solutions is not limited only to identifying the source of the leak. According to Samoilov, security specialists can inform employees about the implementation of a solution that will keep records of all issued copies. Then the company's staff will simply have no desire to "leak" confidential information.

Growing interest in information security services

A number of experts note an increase in interest not just in solutions, but in information security services.

As Andrei Zaikin, head of the CROC information security department, notes, modern threats are becoming more and more complex and diverse, while there are very few universal specialists who know many different technologies and information security tools at a good level. It is impossible to embrace the immense and be a guru in everything. Therefore, to build an effective security system, companies need to keep a whole team of information security specialists on staff. Not everyone can afford it. It is often more profitable to obtain the competencies of professionals as a managed outsourced service.

For example, our company offers customers a secure infrastructure from the cloud (IaaS) that meets all the requirements of personal data protection legislation. The customer simply transfers his systems with personal data to our cloud or data center, and we take all the care of protecting personal data. Moreover, we close both the technical and organizational aspects of the issue, - says Andrei Zaikin.

Big Data Information Security

Another possible trend is related to the efficient processing of disparate and often unrelated data, followed by their analysis and risk assessment. Maxim Filippov, Business Development Director of Positive Technologies in Russia, calls such data Big Datainformation security.

Those who learn to accumulate this data, store, flexibly process and analyze (including retrospectively) will literally be the leaders in our market for the next few years, he said.

Consulting services and implementation of complex information security solutions

Viktor Serdyuk, CEO of DialogueNauka, cites as a trend the steady growth rates of areas related to the provision of consulting services and the implementation of complex solutions in the field of information security. This, he said, is facilitated by several factors, including the strengthening of regulatory requirements for organizations in terms of information protection issues. In addition, in 2017, a number of incidents were recorded related to successful attacks by attackers on Russian and foreign companies, which also increased attention to the need to implement measures to ensure information security.

Among the most popular consulting services are: penetration test, development of information security development strategies, assessment of compliance with the requirements of Russian and international requirements for information protection (PCI DSS, SWIFT CSCF, ISO 27001, STO BR IBBS, 382-P, FZ 152, etc.), APCS protection, as well as outsourcing functions for maintaining information security systems. From the point of view of complex solutions, for example, for our company, one of the growth drivers is successfully implemented projects related to the introduction of protection against targeted attacks and the creation of situation monitoring centers for information security (SOC), "he said.

2015

Changing Approaches to Information Security

In Russian companies, the understanding of the result that information protection systems can provide has changed. The total number of projects aimed not at business security, but at compliance or risk mitigation is beginning to decline. A few years ago, such projects accounted for a significant share of the information security market. They are replaced by projects that bring real financial benefits to business, says Yevgeny Akimov, director of business development at the Information Security Center of Jet Infosystems.

Andrei Stepanenko, an expert on information protection technologies at Security Code, agrees with him. He notes that the change in "benchmarks" was influenced not only by economic factors, but also by the speed at which the number of cyber threats is growing and what risks they can create for business.

"Under these conditions, the customer primarily evaluates the real, not" paper "capabilities of security tools in ensuring data security," he says.

Requirements from: "Such and such subsystem is needed" are shifting towards "Such and such subsystem should have the following functions" and almost any project has recently begun with "pilot" testing of solutions, adds Dmitry Ogorodnikov, director of the information security competence center of Technoserv.

For companies, the number one priority is to create a security system that can provide protection against real information security threats. Customers now pay more attention to the manageability, manufacturability, compatibility, and support of today's IT.

Most companies have recently moved from a purely technical approach, in which vulnerabilities are simply identified and solutions are chosen to neutralize them, to a risk-oriented approach.

"This is a more comprehensive approach, in which a risk assessment and an analysis of the economic effectiveness of the use of certain protective equipment are carried out. This is a more mature approach, but the movement in his direction is not very fast, since it is associated with a change in the mentality of information security specialists, "said Alexey Raevsky, CEO of Zecurion, to TAdviser.

According to him, customers are increasingly focusing on the capabilities of the security tool to integrate with other systems in their IT infrastructure. In particular, many today are interested in integration with SIEM systems (a class of products for managing information and security events).

Dmitry Ogorodnikov from Technoserv considers one of the main trends in transferring the functions of administering information protection tools from security units to IT units. This, he said, is due to the deep integration of security and information technologies in recent years.

Interface convenience, completeness and visibility of reporting, and other solution parameters are also beginning to prevail in product selection. This trend indicates that information security specialists are now developing products with an eye on new customer interests.

As for technology, the information security market continues to move towards complex solutions. Products for protecting virtual environments and related to the protection and management of mobile devices are increasingly interested in business, says Sergey Zemkov, Managing Director of Kaspersky Lab in Russia, Transcaucasia and Central Asia.

Now enterprises are looking towards solutions to protect critical objects and infrastructure (such as objects of the power sector, transport enterprises, etc.). Targeted attacks, which have been spreading more recently and may not be identified for a long time, are also forcing businesses to defend themselves.

"We see the growing interest of customers in information security services, such as services for investigating computer incidents, protection against DDoS attacks, etc.," says Zemkov.

Classic information security market ceases to exist

The fact that the classic information security market has practically disappeared, says Evgeny Akimov from Jet Infosystems. He argues that information security technologies have migrated towards IT designed to ensure business security.

"This

is the newest sector of the domestic economy to grow. According to our forecasts, the increase can be up to 30% annually over the next three years, "the expert says

.

In his opinion, the key factors that will ensure such dynamics will be:

• active automation of business security processes, interfacing information security systems with analytical systems and tools that allow conducting operational and multi-stage verification of counterparties, in-depth analysis of the actions of own employees, privileged users, etc.;

• development of online services and, as a result, comprehensive protection of web applications and services;

• high activity of organized criminal groups working in the field of IT;

• engineering and reengineering of safety processes around already built technical systems;

• growing influence of issues of protection against cyber threats in the field of national security.

What trends will prevail before 2018?

The state will remain the main player in the information security market, experts say. A change in approaches to the informatization of the public sector - one of the main customers, will begin to occur in line with foreign policy. It is possible that state regulation will tighten.

The factors that will influence the commercial sector are new economic and political realities. Due to stagnation in the economy, companies will optimize costs. The state will directly influence the import substitution processes. We should expect that there will be a gradual displacement of imported software and information protection tools by domestic counterparts. In the new conditions, they will be more in demand by both the state and commercial sectors.

"There remains

hope for import substitution, but we must understand that in a couple of years it is impossible to repeat what has been created for decades. Perhaps this will lead to the fact that companies will become worse protected, or will be forced to limit development in the use of IT in business due to the inability to adequately protect them, "said Aleksei Rayevsky, CEO of Zecurion.

Due to import substitution, difficulties await enterprises that will try to organize large-scale production of information protection tools in Russia. "In this case, the basis for hardware and software information protection tools can be an element base and platforms of Chinese origin," said Konstantin Ivanov, Deputy Head of the Information Protection Tools Development and Support Department of the ICL Group of Companies .

In times of crisis, customer demand for analytical systems, such as Big Data technologies in information security, will increase. Already deployed systems in enterprises acquire new qualities, in many cases predict the problem and prevent it before it occurred, Rayevsky adds.

Other experts agree with him. In a crisis, it is more profitable for customers to increase not the number of IT and information security systems, but to modernize the functionality of existing ones, including through the introduction of analytical tools.

Given the inability to finance information security in full, the commercial sector will be able to use a new model: transfer part of the processes and tasks of information security to outsourcing. "This practice is widely used in the world, but it is not yet characteristic of Russia," says Andrei Prozorov, head of the expert department of Solar (formerly Rostelecom-Solar).

In general, in the near future, customers will be dominated by the already outlined approach to information security, which can be formulated as "real security." Experts are confident that the role of "paper security" will significantly decrease until 2018. That is, the commercial and, most likely, the public sector will shift priorities from general and simple compliance requirements towards maximum information security efficiency.

Find out more in the 2017 Information System Security Overview

Notes