Leave a request

State Has No Right to Save on Information System Security

Date of publication: 6 February 2017

Roman Marchenko, Attorney at Law, Senior Partner
Source: Business

The scandal with the US Democratic Party’s hacked correspondence, which inter alia predetermined the outcomes of the presidential election campaign, has once again exposed to the whole world the capabilities and danger of cybercrime.

Cyber attack against the headquarters of presidential candidate of the most powerful state shows that such a scenario is easy to occur in any other country. Many of the states understand the degree of cybercrime threat. For example, the German intelligence services increased their efforts on repulsing of hackers attacks prior to Bundestag elections. Ukraine should also be prepared for the attacks of cybercriminals, especially in the view of our officials’ recent reports concerning the hacked websites of the Ministry of Finance and Treasury Service.

As cybercrime has no borders and hackers’ attacks are usually conducted from abroad, our state officials must establish a strong partnership with the states that already possess a successful experience in protecting their data systems and fighting against hackers.

The second obligatory factor is that the Ukrainian security officers should learn how to independently and effectively counteract cybercrime. Unfortunately, since the Convention on Cybercrime has been ratified by Ukraine in 2005 our country paid too little attention and, what is more important, allocated insufficient funds for the maintenance of special services intended to fight against hackers.

It should also be noted that cybercriminals have evolved for the past decade. From now on the hacking itself does not represent the ultimate goal, as for example when committing simple embezzlement of bank processing system.

Sometimes hackers get access to the information aimed at anti-PR: further the customers of such attacks successfully forge and disseminate this data in the net, taking it at face value. It is extremely difficult to deny the fraudulent correspondence, as one will need to make public his real personal and confidential information.

This is the exact reason why hackers’ service became very popular among the organizers of dirty PR-campaigns aimed at the defamation of character and discreditation of both certain citizens and firms, and political parties and even countries.

Therewith, rigorous sanctions and relevant articles of the Criminal Code are not enough for overcoming cybercrime, although they are mandatory and should be immediately implemented. As in XXI century the information became the main value and stolen data feels much more painful than the assets’ loss.

The main thing is that the state should stop saving on special services development, which are intended to counteract cyberattacks. This entails both the improvement of logistic support and the employment of high-profile experts capable of standing up to any criminal talent.

In addition the government should not make savings on the security of data systems of different authorities, which may present the interest for hackers — here we can mention multiple attempts to hack the website of the Central Election Commission.

Business representatives should also think about cybersecurity. They will need much more sophisticated systems than classic antivirus programs and Firewall. For instance, the simplest method is to cut data volume stored on computers, in order to minimize loses in case of cyberattack.

Unfortunately, in digital millennium it is quite difficult to do without causing the damages to business- and technological processes. Therefore, each entrepreneur should choose on his own choose the defense methods against the potential hackers’ attacks.

For example, some “Ilyashev and Partners” clients in order to minimize data leaks use two unrelated groups of computers: internal without the excess to Internet and external connected to the global network.

All important data is generated and stored exclusively on internal computers. Hard discs, obligatorily examined by IT-service, should be used in order to transfer files from (to) external devices and outside the firm premises. Such system creates great inconveniences, but provides additional guarantees for information protection against industrial espionage and other dangers.

The only conclusion is: nowadays neither business, nor states can afford saving on the protection of data storage systems, as this leads to real disasters – from simple secrets’ leak to unexpected candidates for presidential positions.