ASTANA – Cybercrime happens routinely. Kazakhstan passed a law on information privacy two years ago and continues to expand efforts to support cybersecurity, but it seems like ordinary residents don’t realise the threat.
“As for me, our citizens don’t care about information security at all. A good example – home networks. Approximately only 1 percent of their owners think about their protection. Most Internet users, for example Megaline users (Megaline is the major Kazakhstan Internet network) don’t care about cybersecurity in their homes,” said RRC Director Sergey Shin, who actively participates in all activities against cybercrimes.
Internet Association of Kazakhstan President Shavkat Sabirov agreed.
“Kaspersky Laboratory specifies that a mobile phone in Almaty contains some six viruses, which is a lot for one device. As of today, our society is not protected against the up-to-date threats of cyberspace. I consider that many countries where access to the Internet isn’t a problem face the same challenges. It is necessary to explain the danger to all Internet users in Kazakhstan now more than ever. Our people interact with each other in social media and don’t care about fraud and blackmail threats,” he said.
Shin noted the situation is much better with legal bodies, because those which can afford the technology work on information protection. Many legal entities which faced information theft or were attacked make an extra effort because of the negative experience and financial losses. The exception is financial organisations, which have to protect information under legislation and are controlled by special state bodies. State bodies are particularly protected, especially after the public speech by Kazakh President Nursultan Nazarbayev approximately two years ago when he noted the society has collected information for years and now must protect it.
“The Ministry of Internal Affairs and Ministry of Defence don’t fight against cybercrimes in the state in general, because they have other aims, but a special department of the National Security Committee does. Also, there is a special state body which develops and implements special rules and standards for legal bodies to protect information. Unfortunately, I can’t say its name,” said Shin.
He added training experts in cybersecurity is in the initial stage. There is currently not a system in place to develop individuals and those with expertise often migrate from one company to another one.
“Many universities of Kazakhstan already have an Expert in Informational Security specialty. Unfortunately, many people in Kazakhstan don’t know what a network firewall is and what it is made for. I don’t discuss about other devices designed for information protection. I would like to emphasise that many companies try to spend as little money as possible, buying very cheap equipment which isn’t able to protect their information in the proper way. But I would like to state that our government understands that it is necessary to pay enough attention and it spends money for information security. The state is working in this field. Maybe it doesn’t work so fast, but it does work,” said Shin.
Sabirov considers educating cybersecurity experts to be a tricky situation, because they must constantly improve their training and the best of them use any opportunity to learn something new.
Shin does not view any specific nation as a model for Kazakhstan in the field of cybersecurity.
“Every state is unique and it develops in one’s way. Of course, it is necessary to analyse situations in other states and get the best practices of other countries. It is extremely important to train our own experts and analysts. As for me, the basics of information protection and cybercrimes subjects should be implemented by all educational institutions including secondary schools. If we do this, we will have a competent generation and really good experts in this field in 10-15 years,” Shin added.
“The EAEU (Eurasian Economic Union) has its own cybersecurity system. But unfortunately, this security system is limited by its perimeter defence. That is, only borders are protected. But as you know, information is often stolen internally. I consider that information security requires a package approach, taking into account a host of factors including control, monitoring and administration,” he said.
Sabirov added there is no state in the world that can currently feel secure against cybercriminals.