The modern information space is characterized by unlimited growth in the number of computer devices and digitalization of all areas of human activity. Moving to a new technological structure and the onset of the information era entail a change in the information security market. In 2022 the number of hacker attacks on companies of different lines of business and systematic user data breaches have reached their peak. According to InfoWatch expert and analytical center, the number of leaks in Russia for the first half of 2022 amounted to 305 (+ 45.9% compared to First half of 2021). According to TASS, since the beginning of 2023, Roskomnadzor recorded 27 leaks that led to the publication on the network of 165 million records of Russians.
Let’s look at the main reasons that contribute to today’s change of the state of the information security (IS) market in Russia.
- Acute cybersecurity staffing shortage. Deficiency of highly qualified specialists hinders effective development not only of IT technologies in the field of information security, but also of companies. It causes such issues like reducing the quality of sensitive corporate data protection, increasing the level of threat to the company’s reputation in the event of an information leak, which may impair its market position.
- Features when preparing a new IT product. As a rule, the first step is its development, the second is the search for vulnerabilities. However, specialists in the field of information security believe that this approach is erroneous. It is important to start applying information security measures directly to initial stage of product development to enable detecting various kinds of attempts to access data instantly and to prevent information leakage.
- Development of artificial intelligence (AI) technologies. This factor also affects information security. Use of AI algorithms can increase significantly speed and effectiveness of attacks on computer systems and networks. Machine learning can be used to create more complex and intelligent malicious programs that are harder to detect and stop. Also use of AI technologies can help attackers create more convincing phishing schemes and other forms of social engineering, which can trick users forcing them to reveal confidential information. AI technologies can be used for automatic collection and analysis of huge amounts of data, including confidential information, personal and bank users data, etc. This may be confirmed by the recent situation at Samsung. Korean edition of the Economist shared news that the corporation’s employees misused ChatGPT, resulting in a leak of confidential data.
- Remote work schedule. In connection with the introduction of quarantine back in 2020 many companies have switched to a remote work schedule, which presumably will be relevant for a long time to come. Employees use their own equipment for work, that results in a danger to the whole business, since working devices (laptops, computers) left the perimeter of the organization and employees more often can use pirated services. As a result it becomes easier to infect a personal computer, even without malicious intent. And that results in leak of corporate data.
- Rapid and mass withdrawal from the market of foreign manufacturers of data protection tools in 2022. Abrupt changes have affected performance and efficiency of information protection systems. For domestic companies this departure led to the need for revision of strategies for corporate data protection and implementation of new software.
A review of the above factors suggests that a rather difficult situation has developed in the Russian information security market. Analysts in 2022 predicted a sharp decline in the volume of the information security market. However the country demonstrates success in mastering innovation. According to expert assessment of Positive Technologies, information security market in Russia for this year shows growth of 10-20%. An important event in 2022 was the release of the Presidential Decree No. 250 “On additional measures to ensure information security in RF”. The state is interested in increasing attention to cybercrime, which gives impetus to the development of information security and allows comprehensive approach to the problem.
By Nikolay Shcherbatenko, IT specialist, programming faculty expert at Synergy University