Information security market. Own instead of someone else's: how the Russian information security market is formed
The fall in oil prices, which entails the depreciation of the ruble, has a diverse impact on the industry information security. The general background is negative: prices for information security solutions are growing, while the market is declining in terms of currency. However, on closer examination, the situation is not so clear. Demand for foreign products is declining due to sanctions and the depreciation of the ruble, which allows some domestic producers to still feel comfortable. Not everyone's budgets for information security have also decreased: the fuel and energy complex and the public sector continue to invest in information protection.
22.12.2015
|
Demand for solutions in the field of information security is formed by two conflicting trends. On the one hand, the number and relevance of threats is growing, and the difficult economic situation only strengthens this trend. On the other hand, because of the crisis, customers are forced to cut budgets. For the business of some information security vendors, the first trend turned out to be decisive, while others, on the contrary, became victims of budget optimization. CNews presents to the attention of the annual domestic suppliers of information security tools. Revenue in rubles shows stable growth, in US dollars - a decrease of only 4%. In 2014, the total revenue of the 25 largest domestic providers of information security increased again. The turnover of CNews Security rating participants at the end of the year amounted to p 72 billion, which is 14.3% more than in 2013, when the total revenue was p 63 billion. The growth rate in ruble terms remained at the same level (in 2013, the dynamics amounted to 14.5%). It is striking that the situation in the information security segment is much better than in the IT market as a whole, which has been stagnating for the second year in a row (if you count in rubles): according to data, the revenue of hundreds of the largest IT companies in Russia in 2014 increased by only by 1.1%, and in 2013 no growth was recorded. Interest in protecting information remains, as the number of threats increases regardless of the economic situation within the country, this is a global trend. For example, in 2014, Kaspersky Lab specialists detected 12.1 thousand mobile banking Trojans, which is nine times more than in 2013. In addition, the crisis increases internal corporate information security risks: “The lack of stability and a guaranteed source of legal income due to company closures and massive layoffs lead to increased threats of internal fraud and data leakage,” says Anna Goldstein, director of business development at Informzashchita. |
||||
Losses of Russian business from fraud in 2015 |
||||
 |
 |
 |
||
Alexey Grishin
Andrey Golov
Igor Lyapunov
Alexey Malnev
Almost every person uses payment systems (Visa, MasterCard and others), and their popularity is growing rapidly. In September 2015, Alfa-Bank specialists discovered that the number of transactions for bank cards increased by 22% compared to 2014. The spread of cashless payment services leads to the fact that money literally goes online, and with it - attackers with the skills to gain unauthorized access to the confidential data of the cardholder. The emergence and spread of new threats from cybercriminals requires continuous improvement of information security solutions.
At the heart of functioning payment system there is a certain authentication algorithm. When a cardholder tries to pay for a purchase or withdraw cash, the acquiring bank (the organization that maintains the POS terminal or ATM) must make sure which bank issued the card, who the cardholder is, and whether there are enough funds in the account. A request is sent to the processing center of the payment system, which requests necessary information at the issuing bank, and then forwards the response to the acquirer, as a result of which payment or issuance of funds occurs.
To prevent unauthorized access to key information required for user authentication, it is stored and transmitted in encrypted form. As payment systems become more popular, the number of users and volumes of key information increase, and cryptographic means are required. increased power, capable of handling millions of requests per day from an increasing number of users.
Information security market in Russia. Tomorrow and the day after tomorrow
Mikhail Emelyannikov
Russian market information security (IS) is a very specific phenomenon. Due to significant overregulation (certification, licensing, import restrictions, mandatory certification, etc., etc.), it is not very similar to European or American, but it uses all the technological achievements of both Europe and America with might and main. Moreover, for many of its positions, there are no domestic solutions on the market and are not visible in the future, and the threats and trends are the same, since there are by and large no boundaries for IT. After all, the main source of information and the main transport for exchange is the Internet, and computers anywhere in the world get into botnets. So there are requirements that are vital for the security of information services, but are not implemented by Russian products. High-performance UTM solutions, firewalls with VPN support at gigabit speeds, effective signature-based and behavioral-level IDS/IPS, event correlation systems, and finally, corporate SOCs (IS control centers), without which it is almost impossible to deal with a huge number of logs from various protection systems - a non-exhaustive list of what to do in Russia for a variety of reasons, most likely, will not succeed. They need to be applied. |
What does the situation look like from this point of view?
The most striking example of information security regulation in Russia is the protection of personal data. In fact, for the first time the state clearly and directly said that it would dictate the rules for protecting information that is critical from a social point of view, without looking back at the possible costs of information owners.
On the way - a law on official secrets, as well as a clear and unambiguous definition of how to ensure the security of other categories of information limited access, of which our legislators have spawned about four dozen. First of all, we are talking about professional secrecy, including the secret of communication, medical and medical, lawyer and notary, banking and auditing, etc. etc. Declaring in federal laws on responsibility for the leakage of these categories of confidential information, it would be logical to define the rules, the violation of which entails this responsibility. There are clear enough hints that this will happen.
Consistently granting the Ministry of Communications and Mass Media the right to establish security requirements information systems and communication systems, and then the assignment to the Federal Service for Supervision of Communications and Mass Communications, which returned under its wing, of the function of supervision in the field of IT, which in principle was not in the country, suggests that another regulator with great opportunities and ambition.
By the way, the lack of regard for the costs of ensuring the protection of information should not be particularly embarrassing. When the Sarbanes-Oxley Act (SOX) was passed in the US, the cost of establishing effective IP control (SOX Rule 404) was estimated to be about $54,000 for a stock exchange player. As of today, this results in an average of $2 million per company, and no one is embarrassed by this figure. Yes, and the United States is not going to give up very tough measures of responsibility for non-compliance with SOX.
In our country, the clearly expressed unwillingness of regulators to shift the entry into force of requirements for the protection of personal data to a more distant perspective, despite the outbreak of the crisis and delays in the release of regulatory and methodological documents. This means that large commercial companies (banks, telecom operators, insurers, paid medicine, enterprises with large ERP and CRM systems) will have to invest a lot of money in 2009 in protecting personal data.
But 2009 costs will not be limited. Firstly, regulators will inevitably find shortcomings in the constructed protection systems, and they will have to “twist” them to a form acceptable to control and supervision authorities. Second, 2009 is only the beginning. Everyone will not be inspected in a year, and the work will continue, already on the basis of the experience of inspections of the first year of the full-fledged work of the law.
There is a feeling that the group of standards for information security of the Bank of Russia - STO BR IBBS - will work somehow differently, more rigidly. No wonder so much effort and time was invested in their creation. In fairness, it must be said that these standards are the most modern and developed of the existing IS standards in Russia; they quite fully cover most aspects of the activities to ensure the security of IP financial institutions. Mandating them would not hurt many of our banks, which invest in anything but information protection.
There is another emerging "movement". It is long overdue to formulate an answer that does not need interpretation to the question of the possibility (rather, impossibility) of using non-certified (primarily strong) foreign cryptography in Russia. To the question "is it possible?" at all events where it was raised, a vague answer followed, referring either to the Decree of the President of the Russian Federation No. 334, or to the procedure for the import and export of dual-use products, or to the mandatory certification of information security equipment (IPS) in various systems. The crisis and the need in its conditions to support Russian manufacturers of information security equipment and licensees conducting case studies is the most appropriate reason to finally close this issue. However, the dilemma "to use or not" has social side effects. This is the possibility of pressure on global vendors in order to transfer the production of their products “for us” to Russia, and the creation of additional jobs associated with such a transfer, and the influx of vendors' investments, and the possibility of controlling the assembly of GIS distribution kits by state regulators. It would be a sin not to use it.
By the way, strengthening the role of regulators in the information security market is not only a Russian trend. During the 10th annual international survey in this area, conducted in 2008 by Ernst & Young, respondents were asked the question: "What three factors have the greatest impact on the information security practice of your enterprise?". The most popular answer (54% of respondents) was “Regulatory requirements”, ahead of such important factors as meeting business requirements, risk management and all others (Fig. 1).
What three factors have the greatest impact on your enterprise's information security practices?
At the same time, according to the results of the same study, 23% of respondents fully agreed with the thesis that bringing the information security system in line with the requirements of regulators, and 57% agreed in general (Fig. 2).
Bringing the information security system in line with the requirements of regulators had a positive impact on its condition
Crisis: was there a boy?
The most important question today: will there be investment in IT during the crisis, or will everything freeze until the investment spring, which is unknown when it will come?
I think they will. But their targeting and forms will change somewhat. The number of large infrastructure projects (ERP-CRM-OSS/BSS from world leaders) will decrease almost to zero. They are definitely not the time.
But here's the bad luck - over the past couple of years, information technology has become a field of competitive battles in Russia (see the sidebar "Modern Weapons").
Modern weapons
Today, it is possible to kill a competitor or an ideological opponent without bloodshed, but no less cruelly than during the Middle Ages:
Incident at Surgutneftegaz where the attack combined: (1) blocking resources DDoS attacks from a distributed botnet, (2) defamatory spam, and (3) buying up declining stocks on the stock exchange.
The blocking of the Assist.ru website made it impossible to pay for services using "electronic money" (including plastic cards) of its customers, including those like Aeroflot.
The appearance of a fake GUM website with deliberately false information about the situation in the joint-stock company and the blocking of the operation of one of the largest online stores of home appliances for a week caused enormous damage to the companies.
The effects of the hacker wars during the events in Tallinn and the operation to force Georgia to peace are well known.
What to do with such "manifestations" information technologies? Leave it as it is and wait for attacks with unpredictable business consequences? Dangerous: there is a great temptation to take advantage of difficulties and finally resolve the issue with competitors not the most expensive, but enough effective way– by paralyzing their IT systems. Or invest money, but not in IT security in general, but in the protection of critical business processes? The last answer seems better to me. Unless, of course, there is something to protect.
Another aspect of the crisis. There is almost unanimous opinion that 2009 will be the year of human resources optimization in Russia. Actively discussed in the media and blogs, "bunnies" and "office plankton" will be on the street. But it's not just them. The American company Basex, which has been researching the problems of information overload for many years, published a sad report for 2008 and an equally sad forecast for the year 2009.
28% of work time in offices is spent reading unnecessary Email, communication via instant messengers and familiarization with non-core electronic publications. To this must be added the time required to concentrate on work problems after surfing and studying the "left" information.
Another 15% of working time is spent on searching for information on the Internet. Share of unsuccessful search queries accounts for 30 to 50% of their total number, and requests rated as successful by users are not always successful, because they contain outdated or inaccurate data.
Taking into account other factors (meetings, conferences, discussions with employees), only 25% of the working time remains to solve the main task - the actual creation of "productive content".
Is this not a field of activity for streamlining the work of a company during a crisis? Blocking illegal actions, keeping records of the budget of employees, streamlining document flow procedures, filtering spam - these are ways to reduce costs, following which involves both certain investments and the adoption of measures unpopular among the staff. Add to this the problem of insider information that has become the main trend of recent years in an organization, which will only become aggravated in a crisis: solving development problems at the expense of competitors, rather than our own research, is much easier and cheaper ... These are the obvious directions for designing information security systems in crisis conditions, and in non-crisis, by the way, too.
Products and services
In recent years (and without the crisis), the Russian market has changed a lot. The main trend is the transition from offering products and solutions to offering services. By itself, an intrusion detection system is not needed. We need to protect business processes that are vulnerable to external intrusions into the network. The provider of such a service must clearly understand which processes are vulnerable, what are the attacker's capabilities and how to implement threats, and finally, which specific events are dangerous, why and for which processes. According to PricewaterhouseCoopers' annual information security study published in 2008 (The Global State of Information Security 2007), faith that installing a good security program solves security problems is all but lost. The growing awareness of specialists about the real (and sad) state of security (and this is a consequence of the increase in the number of information security tools) leads to the inevitable thought that the piece of hardware or the program itself does not solve problems. These tools must be properly configured, configured, and the personnel must adequately perceive the information coming from the protection tools and immediately respond to dangerous incidents. At the same time, representatives of only 22% of the companies surveyed said that they had not experienced security incidents.From incident to dividend?
Obviously, there is another rather significant difference between the Russian market and the Western market (where, in fact, PwC specialists conducted the study). In our country, the number of those who know about the incidents would be orders of magnitude lower if medium and small businesses, small organizations (SMB and SOHO sectors) participated in the survey.
On the one hand, in Russia the saturation of IPS buyers is close to the limit. It is buyers, since a significant part of domestic enterprises and organizations do not do anything in terms of information (or, if you like, computer) security and are not going to do it. Best case scenario - free antivirus, administered somehow and according to mood, and a firewall (preferably also free or got with server software), configured "like God for the Soul ...". Even the access control tools built into the OS and applications are not used, identification is good if there is a password, while the policy password protection missing completely. And this is not only almost the entire SMB sector (not to mention SOHO). Many fairly large companies do nothing and do not plan to do anything. Why? The answer is simple. There were no serious incidents, and if there were, no one knew about them.
What incidents become known to management and sometimes come out? Large-scale leaks of databases with social consequences (telcos, banks), and only when they become a commercial product. But even in this case, it was not necessary to hear about the identification and exemplary punishment of the perpetrators. Blocking the resources of e-commerce operators with large clientele and serious counterparties. Theft confidential information published later in the media. Information attacks on the largest market participants in order to gain control over them. Defacing websites of the most famous companies. All. My fantasy has run out.
And if some information is stolen from the server or workstation from the Pupkinsky metal plant, which even did not establish a trade secret regime, no one will ever know about it. And no one will break his website (if it exists, of course). Who needs it? But when the raiders “hit” the plant, the management and owners will be surprised for a long time: where did the “enemies” get all the materials of the board of directors and the board, lists of assets, internal prices for products and the security alarm scheme? From there. From LAN. But security is a delicate thing. When nothing happens, it is very difficult to convince the manager to give money for her. But when something happens, building a protection system is already useless. The circle is closed.
Vicious circle of segmentation
Let's get back to the buyers. So, almost everything that could be bought was bought. Put into operation. Let's turn again to the PrizewaterhouseCoopers Global Information Security Report (Figure 3) and see that in 2007 the vast majority of respondents had basic protections in place. At the same time, the purchase of certain products in 2008 was considered a priority by 14% to 33% of companies (depending on the product). There is reason to believe that approximately the same picture is typical for Russian companies that are mature in terms of information security. From this we can conclude: the grocery market is waiting for difficult times.
Technology: Do you have...
At the same time, there is still an uncovered SMB and SOHO segment. But in order for protection means to appear for it, it is necessary that they be ready to buy, otherwise the developer will not invest in creation. At the same time, the cost of such funds (both the solution as a whole and the specific cost for one installation is workstation, server, etc.) should be relatively low, no more than two or three tens of dollars per license (installation point). This means that their creation is possible only with a very large volume of sales (a classic example is antivirus). However, in fact, there is no demand. And no one will form it, except for manufacturers and sellers. And they don't see the market. Well, and so on, in another vicious circle.
You can stay in the segment of large enterprises, but they need either something fundamentally new, which they cannot do without, solving business problems (and not protecting IP in general), or something fundamentally better than what they had before.
New purchases can provoke …. fundamentally new threats, as well as a technological breakthrough, or at least a leap. Perhaps both. But as long as this is not the case, it will be difficult to sell products, especially during a crisis.
But services are another matter. Something needs to be done with the huge amount of hardware and software accumulated in the systems (the money has been spent, the efficiency of use is close to zero). It is necessary to establish security procedures (incident management, monitoring, etc.), understand what the messages of the information security system say, and manage incidents without increasing the total cost of ownership. This means that it is necessary to find specialists who are able to use the security mechanisms of certain products to the maximum, process heterogeneous information from various information security subsystems and teach the owner's staff to understand this. It can be even simpler - to give "it" to such specialists for outsourcing.
Services related to business processes will be in demand - risk management, maintaining business continuity and disaster recovery, role-based management of rights and powers, and preventing leaks of confidential information. And, of course, ensuring compliance with the requirements of Russian and international regulators. What is needed is not an access control tool, but a control technology that matches the business process. What is needed is not a system for detecting / preventing attacks, but a methodology for preventing external influences on the process of electronic sales or protecting databases from unauthorized modification. And it will often turn out that no new products are required for this.
How many real opportunities text editor in which this article is written, we use? 2-3%, no more. A new editor is not needed. We must learn to use what we have. Approximately the same with the SZI. Even the most common of these, antivirus software, can do much more than detect malicious content. They are able to block sending and receiving files of certain types and sizes, reduce the risk of viruses entering the Internet by restricting a number of user and website actions, etc. And it may turn out that content analysis tools are not needed to reduce the risk of confidential information leaks, you just need to study the capabilities of the product you are using. But this is already - from the category of services.
Mergers and acquisitions
Given the systemic delay of the Russian market compared to the Western one (everything is repeated with a lag, according to my observations, of about 2 years), the stage of mergers and acquisitions, which has been characteristic of Europe and America in recent years, is not far off. Now there are a lot of niche companies on the market focused on one solution, albeit a good one, for which it will not be easy to survive in difficult times. In addition to the difficulties with sales in general mentioned above, the need to cut the marketing budget, sometimes to almost zero, will also affect. In addition, serious customers want to have complex integrated solutions that are difficult for a small company to offer. Let's add grandiose problems with lending to small and medium-sized businesses (no matter what officials say about their support) and tougher competition among the largest market players in the face of reduced orders and deliveries.
The fittest will survive. It is difficult for mice to run in a herd of elephants. They will trample.
Until recently, the Ministry of Economic Development of the Russian Federation gave encouraging forecasts of positive changes in the state of the Russian economy in 2016, but the realities of the coming year indicate otherwise. Experts predict a long period of low oil prices, and already at the Gaidar Forum, Dmitry Medvedev urged to prepare for negative developments if prices continue to fall. Ahead is a 10% reduction in the state budget for unprotected items. Thus, there are no grounds to count on the general revival of the market yet.
It is quite obvious that in such a situation, the trend towards reducing the IT budgets of Russian companies is likely to continue this year. However, they still have unresolved IT tasks, which are not always acceptable to postpone. And besides, there are new ones, due to the need to protect and improve overall business efficiency, reduce capital and operating costs. Among the most important in the general list of tasks are still issues of ensuring the information security of companies and organizations, as well as meeting regulatory requirements in this area.
What information security tasks were the main ones for the information security industry of the country last year, which ones will customers have to solve in the first place in the coming year, what growth points can be expected in this regard in various segments of the Russian information security market? We intend to discuss all this in this review with the participation of experts.
The main changes in the field of information security in 2015
Economics and IB.“The current political and economic conditions, on the one hand, have led to the stagnation of the information security market, and on the other hand, help to improve it. As a result, consumers get the benefits, since increasing competition among suppliers promises them information security products with improved functionality and at lower prices, ”says Aladdin R.D., Deputy General Director. Alexey Sabanov described the current situation in the cybersecurity area.
The crisis, in his opinion, contributes to the fact that the most high-tech and promising solutions will remain on the information security market, for the development of which scientific and production groundwork was created in time. Among these, he singles out support for the legal significance electronic documents, including in the M2M segment, the creation of trusted platforms and solutions based on them, integrated security management.
At the same time, according to Grigory Vasiliev, product manager of the Research Institute SOKB, "... in a difficult economic situation, as always, users pay more attention not to purchasing new products, but to increasing the efficiency of using previously implemented ones, as well as external information security services." At the same time, he notes a noticeable shift in the information security market towards services, which, in his opinion, is due both to general technological trends in IT and information security, and the tactical desire of customers to reduce costs by postponing the purchase of software and hardware until better times.
Some other experts speak in the same vein. Stating that the need of Russian users for information security services did not decrease last year, Alexei Grishin, director of the Information Security Center at Jet Infosystems, notes, in particular, the growing interest of the banking business in services to provide information security on the web, to protect Internet banking and RBS, to counter DDoS attacks, organize firewalls at the application level and combat transactional fraud.
Ivan Melekhin, technical director of Informzashchita, also speaks about a sharp increase in demand for information security services and services for maintaining information security systems, while increasing the variety of demanded information security services, which, in his opinion, is due to an increase in the level of maturity of Russian customers.
Among the services that are in growing demand, Andrey Perkunov, head of the information security department at Step Logic, notes the consulting information security services aimed at practical solution of data protection issues, identification and elimination of incidents: penetration tests, incident investigation, ensuring the successful completion of checks with regulators, bringing IT and information security infrastructure in line with regulatory requirements.
With regard to such a topic as security outsourcing, the prospects of which were discussed a lot earlier, according to CEO Andrey Golov, this trend has not yet gained the expected popularity: “In my opinion, this approach is not for our country. Due to the specifics of Russian business, no one is ready to outsource its security. To do this, either one must be extremely imprudent, or the size of the business must be completely insignificant for its owner.
Import substitution. The course towards import substitution makes Russian customers abandon foreign products in favor of domestic ones, which, according to Mr. Vasiliev, became a serious shake-up for Russian information security vendors: “It turned out that not everyone is ready to completely replace foreign counterparts, and some foreign products simply do not have Russian alternatives. Nevertheless, this is a useful shock that forces us to actively develop domestic solutions, bring them to mind and to mass industrial application.
“Against the background of tightening regulation on the model of “tightening the screws”, it seems paradoxical to reduce the purchase of certified software. On the one hand, in the context of the import substitution course, a number of domestic producers are demonstrating their unwillingness to reduce prices in order to increase sales volumes, and on the other hand, due to the late [calendar] formation of budgets, some procurement tenders seem to be late. Nevertheless, I will suggest that the information security market will be replenished with new aggressive players capable of dumping, and in the next year or two, prices on it may become market ones,” Mr. Sabanov comments on the impact of import substitution on the Russian information security market.
For his part, Roman Kobtsev, business development director at Perspective Monitoring, notes the increased activity of Russian information security developers last year: “Domestic manufacturers first of all tried to fill the capacious segment of information security monitoring tools traditionally held by international leaders.”
In addition, according to Vyacheslav Medvedev, a leading analyst at Doctor Web's development department, import substitution has prompted many Russian companies that previously used foreign software to switch their infrastructures to domestic counterparts. At the same time, the expert believes, the tendency to create such domestic software that could replace imported software that surpasses domestic software in functionality or has no analogues at all has not been developed.
Aleksey Sabanov also draws attention to the following costs of the import substitution policy: “Despite the fact that a significant part of government databases still remain insufficiently protected, sales in the data protection segment have decreased.” He explains this by the reluctance of customers to spend money on protecting what they will soon need to transfer to other platforms.
IS as a mirror of IT. The cybersecurity market depends on the market of infotelecommunication technologies, our experts are sure: everything that happens in ICT is reflected in the cybersecurity market.
Thus, the development of the Internet services market has caused, according to Mr. Medvedev, an increase in business interest in protecting websites. Formed, as he believes, over the past year, the 3D printing market requires the creation of 3D models and systems for controlling their quality in terms of information security.
In the future, Mr. Golov believes, the direction of protecting mobile solutions and clouds will actively develop: “The need to protect tablets, smartphones and similar devices will grow. But for Russia, the emergence of a need for such solutions is, rather, not tomorrow, but the day after tomorrow. We, as developers, are convinced that such a product should be made as massive as possible - the better this is done, the more money the producer earns.
Opposing him, Mr. Vasilyev notes: “There are already Russian funds cryptographic protection for various [mobile] platforms, domestic MDM systems for managing information security policies on mobile devices ah, solutions that provide office tools for safe work. These are all mature products tested in real projects individually and in combination. Serious efforts are being made today for the emergence of a trusted mobile OS and a domestic mobile hardware platform. Thus, the Tizen mobile OS was successfully certified by the FSTEC, and Yota Devices announced the transfer of YotaPhone2 production to Russia.”
The opinion of Sergey Khalyapin, Chief Engineer of the Citrix Representative Office in Russia and the CIS countries, regarding the development of information security technologies for mobile access in our country also does not coincide with the reasoning of Mr. Head. In his opinion, technologies for protecting mobile devices and mobile applications developed actively last year, which is clearly associated with the deep penetration of mobile devices into the corporate environment, the use of personal devices for work purposes and the storage of corporate documents on them. “The ability for employees to work mobile and remotely with corporate information draws the attention of customers to solutions to protect the relevant data transmission channels,” he says.
The IT industry, as noted by Andrey Perkunov, is now significantly influenced by software-defined networking, virtualization and cloud solutions. “In the next three to five years, a significant transformation of IT should be expected, to which information security solutions and technologies will have to be adapted. Already, leading information security solution providers are revising their product portfolios in order to improve the integration of information security products with virtual environments, service orchestration platforms and cloud systems,” he says.
Special attention, according to Mr. Grishin, deserves the trends associated with the industrial and energy complex actively using automated process control systems and characterized by “mothballed” demand, which is formed under the influence of the expected change in the status normative documents for this area from advisory to mandatory (presumably, according to his estimates, this will happen in 2016). “Practically all Russian industrial enterprises are actively studying this issue and are potentially ready to initiate relevant projects if these standards are approved as mandatory,” he said.
“There is a transition to real, and not “paper” information security, - states Mr. Melekhin. - Customers are increasingly analyzing the security of their ICT infrastructures and data. Increasingly, the topic of providing information security in technological processes is being proposed for discussion. These issues are relevant to a number of sectors of the economy, and there are already solutions that help prevent the threats associated with process automation.”
Impact of the threat landscape. Experts draw attention to the transformation of cybercrime into a high-tech criminal business built according to modern economic schemes. Cybercriminals promptly respond to all changes taking place in the ICT sphere, an example here is the rapid response of cybercriminals to the shift to the Internet of retail sales, banking and other types of business.
Here are the data provided by Mr. Grishin: “According to the expert estimates of our company, in the credit and financial industry, the volume of losses from fraudulent activities in 2015 compared to 2014 increased by an average of 26.8%, in the telecommunications sector - by 6.8%, in retail - up to 16% depending on the segment. Therefore, projects for the development of both Internet services and loyalty programs should be accompanied by the introduction of tools and measures to protect payment transactions and user accounts, as well as to prevent external and internal fraud. We can confidently expect an increase in the number of such projects in 2016.”
Since about last fall, Mr. Golov notes the growing attention in Russia to targeted attacks: “They have always existed, but today the number of professionals who know how to implement these attacks has increased, and in such a way that the damage from them has become noticeable.”
The desire to reduce the damage from targeted attacks stimulates the demand for means of consolidating information security data, monitoring and centralized management of information security. As a result, there is a growing demand for Security Control Center (SOC) services. “Specialists began to think about what, in principle, happens to corporate information security, how to measure its level, detect and correlate information security events,” Mr. Golov notes.
Alexey Grishin notes a sharp increase in cross-channel fraud, attacks on clients of organizations using social engineering. In the field of classical corporate information security, the focus, in his opinion, has shifted towards the modernization of infrastructure information security and the use of highly intelligent security tools. The main focus is on what and how can be done with the data coming from the existing information security tools - IdM, DLP, SOC, etc. - that is, on building processes around these systems that, with small (relatively) investments will bring a new intellectual quality to information security.
Significantly increased, according to Mr. Grishin, the relevance of specialized products that appeared on the Russian market a couple of years ago analytical systems(both domestic and foreign), allowing for certain logs in IT systems (such as ERP, CRM, etc.) to detect cases of fraud, deceit, theft in retail chains.
Some of the Russian information security vendors see new opportunities for themselves in the segment of Anti-APT class solutions (protection against targeted attacks). Among such companies, as Sergey Zemkov, the managing director of Kaspersky Lab in Russia, the countries of Transcaucasia and Central Asia, the one which he represents also concerns.
According to Mr. Medvedev's observations, an important trend of the past year was the growing interest of attackers in systems based on the Linux operating system, in solutions for managing technological automated control systems - everything that was previously either not protected at all, or was protected very weakly. The number of hacks of such systems last year was small, but, according to his forecasts, it will grow, including as smart devices connect to the Internet.
Although the Internet of Things has not yet become relevant for Russia, our experts consider it necessary to prepare for its challenges right now, working out scenarios for protecting its infrastructure. Vyacheslav Medvedev states that the market for wearable and embedded electronics, "smart" devices, equipment and complexes is being formed right before our eyes and already requires protection, as attackers have assessed its potential.
“Modern society is on the verge of a transition to a state that was previously considered science fiction,” he says. “Very soon, we will be surrounded by devices that control our every action at any given time, and not all of them will be created and used for the benefit of those whom they control.”
Since it is the person who is the weak link in any information security system, according to Mr. Zemkov, services for training specialists and programs to increase personnel awareness in information security issues offered to customers by the company he represents turned out to be important and in demand, according to Mr. Zemkov.
Forecasts for 2016
Vyacheslav Medvedev notes with regret that, according to his observations, many specialists in our country consider the task of protecting against intruders and malware resolved long ago. This, however, is not confirmed in practice: systems antivirus protection, for example, in the vast majority of Russian companies they leave much to be desired and do not protect against modern threats. As a rule, this is a consequence of the fact that the heads of companies do not pay due attention to the organization of protection in this area. “IB risks are assessed by Russian business as negligible. This is largely due to the "silence mode" in relation to information security incidents in our country, which gives the impression that the number of incidents is small, and the amount of monetary losses from them is small. Meanwhile, the expertise accumulated by our company in the field of analysis of such incidents indicates the opposite,” he says.
Influence of the political and economic situation. According to Mr. Melekhin, the uncertainty of the economic situation this year does not allow one to correctly make any forecasts of changes in the state of the country's information security market. Nevertheless, our experts spoke about some of the most obvious, in their opinion, trends in the field of information security.
Customers in the context of sequestering budgets and downsizing, warns Mr. Sabanov, will be more demanding on the functionality and cost of purchased (alas, in ever smaller volumes) information security products, and especially to the executors of information security projects. “They will demand a single supplier of products and services across the entire spectrum of the information security tasks they have formulated, with increased responsibility of the integrator for life cycle IB systems. This will lead to increased competition among integrators, to the stratification of service providers and the next redistribution of the information security market. At the same time, in addition to the largest integrators, the developers who foresaw the specific directions of its development will also benefit,” he believes.
According to Mr. Golov, information security budgets will be formed only on the basis of the situational response of customers, and the current economic situation is worse than it was in the 2008 crisis, since the current crisis is political and economic in nature. “A lot of negative factors have accumulated. Economic ties have collapsed, sanctions have been introduced, stock prices are falling, the national currency is falling. Since the state does not have clear stress scenarios, it is difficult to make forecasts,” he agrees, expressing, however, confidence that the areas related to the country's defense capability will develop and the state defense order will grow.
Since saving on information security is fraught with great risks, it is possible to ignore the information security challenges facing companies and organizations only up to a certain limit. Ivan Melekhin believes that stability or even growth can show those directions that will optimize costs, increase the profitability of the core business, and protect critical assets. “We can expect an increase in the demand for a cloud-based IT and information security model, which allows you to receive only the resources necessary to provide information security, and at the right time,” he suggests.
If we evaluate the information security market in terms not tied to the ruble exchange rate (for example, by the total number of projects or man-days), then, according to Mr. Grishin, the Russian information security market will grow in 2016, and the outsourcing segment will even times. He expects an increase in cybersecurity budgets in the fuel and energy complex: here, as a rule, cybersecurity projects are associated with the transfer of previously created cybersecurity subsystems to Russian products or with the creation of high-tech subsystems from scratch.
Import substitution and information security. The negative impact on the cybersecurity budgets of a significant depreciation of the ruble (since the prices for imported solutions are calculated in foreign currency) plays into the hands of domestic suppliers, and the topic of import substitution in 2016, according to our experts, will be especially relevant.
According to Mr. Vasiliev, Russian customers' distrust of foreign vendors in connection with the ongoing political processes, as well as a decrease in their activity in our country, both for political and economic reasons, is in favor of import substitution. “For Russian information security developers and service providers,” he says, “there are unique, almost “hothouse” conditions that need to be used.”
The cycle of appearance of new domestic information security products today has been significantly reduced, Mr. Grishin states, as customers began to buy and implement promising solutions and invest in their development, forcing developers to supplement their solutions and products with the necessary properties and bring them to the level required by customers. At the same time, customers and integrators assume the risks associated with the implementation of immature solutions.
Regulation and information security. Regulation, according to some experts, remains one of the most important drivers of the Russian information security market.
“The community of specialists and users, - says Mr. Kobtsev, - is still waiting for a law regulating the information security of critical information infrastructures, since specialists need an understanding of the development processes of both the GosSOPKA system and industrial automated control systems protection systems. It is possible that the standard for the safe development of information security tools expected this year, which is being promoted by the FSTEC of Russia, will have some impact on the market. Of course, it will not become a locomotive, but at least it will bring a fresh stream to the discussions and, perhaps, in a few years it will be transformed into some more binding document ... "
Great prospects, according to Mr. Vasiliev, are opening up for Russian vendors in connection with the requirements of regulators to collect and clarify personal data on the territory of the country.
Technological and marketing locomotives of information security. The dynamics of spending on information security, according to Mr. Grishin, in the coming year will vary significantly in different sectors of the economy. Banks, for example, are cutting their cybersecurity budgets - a margin of safety accumulated thanks to investments made earlier allows them to do so. But those areas of information security that are most critical at the moment are invested. The priority, in his opinion, is the provision of information security on the web.
Certain activity is noted, according to Mr. Kobtsev's observations, in the traditionally "Russian" segments of the information security market, which is associated with the transition of players from the development of individual products to the creation of complex customer infrastructures. Domestic manufacturers, the expert expects, in 2016 will continue to intensively increase the functionality of their network security tools in the direction of NGFW and full-fledged information security products for protecting endpoints, linked (later) with expert (often cloud) support. "Some Russian developers already in 2015, they practically completed this process, others have just started it. But in any case, the coming year will be indicative in the competitive struggle in this area, because the market shares released as a result of import substitution and other market events (mergers, acquisitions, changes in the development strategy of some vendors) are quickly filled,” he believes.
Another interesting trend, according to Mr. Kobtsev, will be an increase in the number of Russian information security companies trying to enter international markets, which is largely due to the stagnation of the Russian market: “I think that the strategies for such an exit and the results will be different for everyone. But it will be interesting to watch it anyway."
When the economy is in a fever, the demand for most types of goods and services falls, but one of the few exceptions has been and remains the security measures to protect your savings and your business. Now information protection has been added here, the importance of which is increasing every year, as well as the risks of loss. Information security (IS) tools in Russia have traditionally developed faster than other IT areas, and all kinds of import substitution measures can become an additional bonus for them.
If we put the desire of business customers to “optimize costs” on one side of the scale, and “minimize the risks of losses” on the other, then, according to most experts, now the second bowl outweighs. So, the commercial director of Axxtel company Vladimir Solovyov states that the information security market is on the rise, and the crisis contributes to this. “We observed such trends in 2008, and we observe them now. We managed to finish 2015 with growth compared to 2014, and with significant growth in the direction of cybersecurity,” Soloviev explains.
Three main reasons for updating information security tools, which the crisis either did not interfere with or contributed to, were identified Artem Nevmirukha, Head of Information Security in the Siberian Federal District of Softline.
First, we are talking about the increased requirements of regulators and commercial risks that may occur if they are not met. Secondly, the aggravation of the competitive situation in all business sectors, which can lead to an increase in the number of crimes, including in the field of IT. Thirdly, - now this problem has become much worse - a drop in the income of the population and an increase in the number of unemployed, including highly qualified specialists in the field of IT. The second and third problems are closely interrelated: if an employee is constantly, for several months in a row, at risk of being laid off, regardless of qualifications, experience, merit, etc., this does not add loyalty to the employer. And for competitors, it turns out to be much easier and cheaper to negotiate with a “fired man without five minutes” than to crack the protection themselves.
“These trends lead not only to an increase in the number of crimes in the field of IT, but also to the complication and increase in the “quality” of the attacks themselves while reducing the cost of such “custom” work, sums up Artem Nevmirukha. - Today on the Internet there are many proposals for carrying out various kinds of attacks for reasonable money. Try to enter the phrase “Order a DDOS attack” in a search engine, and you will understand how vulnerable your IT resources can be. How easy it is to put, for example, your website if you don't take steps to protect it. In addition to attacks on informational resources explicitly, one can also note the increase in the number of fraudulent actions within the company's information systems, especially such incidents have become widespread in the banking sector, telecom operators, retail and airlines.
The situation in the Russian economy is rather complicated, and there is no reason to believe that it can change for the better in 2016, says Sergey Zemkov, managing director of Kaspersky Lab in Russia, the countries of the Caucasus and Central Asia. At the same time, he states that information security solutions have always been in demand on the market. “Traditionally, solutions that help companies either save money or make money are in demand. Sales of integrated solutions in the field of protection against external and internal threats, solutions to combat targeted attacks continue to grow quite well, sales are actively developing various services for security (protection against DDoS attacks, investigation of computer incidents, and others), as well as the provision of similar services from the clouds of various telecom service providers. At the same time, it is the products of Russian companies that are increasingly being considered as a solution.”
According to Maria Voronova, a leading expert on information security at InfoWatch, the directions for protecting organizations from external and internal threats of information security can become the locomotives of the information security market in a crisis. The protection segment is also developing automated systems process control (APCS). They are threatened by specialized viruses and targeted attacks.
Vladimir Solovyov notes: “Solutions that provide maximum benefit at minimum cost are in the greatest demand. Among these, I would highlight the control of employees' working time, protection against leaks of confidential information and trade secrets, and protection of mobile devices. Trends over the past year, in my opinion, have not changed significantly, however, they have begun to be more interested in the protection of mobile devices.”
Nevertheless, economic and political events in a crisis have a much greater impact on the information security market than technical innovations. For example, after mandatory authorization was introduced when accessing public Wi-Fi, the number of requests on how to correctly and safely implement this process without violating the law, according to Vladimir Solovyov, has increased significantly.
But the main "turning point" for the "security guards" was the law on the non-use of foreign software in state structures in the presence of a Russian counterpart. Own software in Russia is better developed than its own "hard", and security, as already mentioned, is a traditionally strong direction among domestic developers. If there is a domestic analogue of a foreign product anywhere, then most likely here. In addition, the idea of a "government structure" as a small room with the first two "pentiums" - for the chief and for the secretary - where information is transferred exclusively on diskettes, has long ceased to be true. According to Sergei Zemkov, already now half of all orders for information security systems in Russia are made by the state. And in the future, as costs are reduced, this half will be more and more painted in Russian colors. The new law fits well into this direction, as well as the words of D. A. Medvedev about the possibility of extending its action not only to state structures, but also to state corporations, where the volume of consumed software products several times more.
According to Nikolai Sorokin, head of the SearchInform representative office in the Siberian Federal District, such a ban can undoubtedly benefit both business and the state, because today, according to the National Association for Innovation and Development innovative technologies, in the Russian software market 67% belongs to foreign companies, and in the hardware - 90%. “The situation for domestic developers is not the best, and the resolution, I hope, will be able to turn the tide. As a result, part of the 50-60 billion budget rubles that used to go to foreign developments will be able to receive domestic manufacturers, ”Sorokin hopes. Nevertheless, according to him, the transition to Russian developments should be gradual, because now domestic developers are not ready to “replace” everything.
“If we talk about the economic effect, then the development of IT solutions, both software and hardware, takes quite a long time, so the course towards import substitution can lead to the growth of the domestic IT industry, but not now, but in the longer term,” Sergei Zemkov expresses his point of view. - Speaking exclusively about software, Russian companies already have quite strong positions here. We also have our own Operating Systems based on free software office packages, application and business software, enterprise management systems, information security software, and so on. And many of them not only can, but already compete with Western companies.”
According to Nikolai Sorokin's forecasts, the opportunity to significantly save should attract companies of any level, scale and status, including state corporations, especially in times of crisis. “According to the Association of Procurement Directors, the average customer savings from the purchase of Russian IT solutions is up to 81% of the cost of a foreign counterpart. Of course, no one expects a 100% replacement, a gradual decrease in the share of foreign presence in the Russian market is planned. Of course, not every domestic IT product can be used in business, and in particular in state corporations, but today there are plenty to choose from: in Russia there are about 200 manufacturers and 1000 programs that meet the necessary technical requirements,” Nikolay Sorokin believes.
Maria Voronova agrees with her colleagues that the transition to Russian software is a long and costly process. “The attitude of many companies to this issue can be compared with the skepticism that exists around the domestic auto industry,” says Maria. - Yes, for a number of industries there are already mature and high-quality "import substitutes" for software, but not for all. This must be understood and taken into account when implementing the law and by-laws. The fears of organizations that fall under the law are understandable. They will need funds and resources to switch to domestic platforms, rebuild existing organizational processes, and train employees to work with new systems and programs. Will state-owned companies diligently comply with this law or try to sabotage it and circumvent it by any means, depends on the way the law is implemented. I think that if the transition procedures are well thought out, a gradual transition will be ensured without “stress” and jumps. If at the same time the state provides the necessary support, there should not be any fundamental difficulties.”
System integrators are generally more reserved about the bill under consideration, recalling that there is no talk of a 100% ban: “There are a number of significant points that limit the possibility of participating in state tenders with foreign software offers. However, if the customer can justify why he needs to purchase software from a foreign developer, he will have such an opportunity. As usual, the situation here is twofold, - Vladimir Solovyov believes. - If this pushes domestic developers to create products that are competitive with world industry leaders, that's great. However, there is a risk that unscrupulous companies, hiding behind the law, will try to promote products that do not compare with foreign counterparts.
The Axxtel representative considers the extension of this law to state corporations correct, logical and quite probable - and yet not without pitfalls: “Many state-owned companies have already purchased significant amounts of foreign software, and new competitions will most likely win back as technical support. On the one hand, this is a circumvention of the law, on the other hand, it is necessary to look at economic expediency. If renewing technical support is much cheaper than switching to domestic software, then what is the advantage?
Aleksey Shovkun, director of GosComSoft and technical director of 2BGroup, believes that in its current form the law can become purely “nominal”: “In order to bypass it, it is enough to indicate that the domestic analogue does not suit some functionality. Thus, if there is domestic software in the registry, for example, database management systems (DBMS), government agencies continue to purchase Oracle Database Server, arguing that it has the functionality that is exactly what is needed. Accordingly, all market participants will have the opportunity to read this explanation, and if they consider that it is not sufficiently substantiated, then contact the Federal Antimonopoly Service. I think it will be like this: they look at the requirements of the customer, the domestic product really does not have this functionality, the imported one does, so the answer will be: "The conclusion is justified." On the extension of the law to state structures, he speaks as follows: “It will be logical, but also useless. In my opinion, the publicity of this or that purchase has a greater effect - if there is a fuss: “We bought Oracle/SAP/Microsoft licenses for 300 million rubles again”, then the probability that someone will understand this is quite strong. Therefore, I believe that publicizing this or that purchase is good for society.”
The main goals of the bill are to reduce the risks associated with information confrontation and provide domestic IT companies with the opportunity to develop. But which domestic companies will it help, national or local, and who, on the contrary, can it interfere with?
On the one hand, the advantages of "their" developers are obvious. According to Aleksey Shovkun, those who develop their own products will get an advantage: there are quite a few small regional companies that have done this, and there are also large Moscow companies that have competitive products. “I think those who worked on foreign platforms will suffer indirectly. These include both large and small companies. Therefore, in this category, I cannot say that it will become worse or better for someone from the point of view of a federal or regional company. As for our company, the current situation turned out to be beneficial for us, revenue increased by 24%, i.e., with budget cuts, customers began to pay more attention to regional players, and not to large federal companies,” Alexey Shovkun says.
On the other hand, it is easier for a large ship to survive the storm: “In my opinion, it is the large companies of the federal level that will benefit from this, it will be worse for small local developers who are focused strictly on Windows, for example,” says Nikolai Sorokin. - I am confident that software development good quality it is possible at the local level, but companies will still have to go on a federal scale. After all, sales volumes only in the region are small, this is not enough for the serious development of an IT company, and even more so for confident competition with the giants of the industry.”
But mostly experts adhere to a "neutral" point of view. “A register of domestic software has already been created, in which absolutely any Russian company engaged in software development can apply. If all the conditions for recognizing the development as “domestic” are met, the product enters the Register based on the results of consideration. In theory, there is no difference here for large and small companies, everyone gets pluses, ”Maria Voronova believes. Vladimir Solovyov also agrees with her: “I would not make any distinction between federal and regional companies. If these are software developers, then it does not matter where the office is located - in Moscow, Tomsk or Thailand. The main thing is that your products are competitive.”
