1.3.1. Motivation

Russian and world practice regulation of information security (IS) of the recent past consisted of mandatory requirements national authorized bodies, drawn up in the form guidance documents RD. Therefore, for top management and owners of organizations, there was only one problem of compliance with them (compliance) and only one way to solve it - how to meet the proposed requirements at minimal cost. Authorized bodies had their own problem - both due to the impossibility of covering all possible types of activities and the conditions for their implementation, as well as significant differences in the goals of activities, to offer a universal set of requirements. To do this, the problem of information security was considered as a self-sufficient entity, invariant to activities, goals, conditions, and was also significantly reduced in content for the sake of universality.

Both approaches (of organizations and regulators) are inadequate to the existing reality and present it in a significantly distorted form. Thus, the main substantive restrictions on IS activities are associated with the traditional IS model, which implies the mandatory presence of an attacker who seeks to damage assets (information), and, accordingly, is focused on protecting information from the actions of such a subject (group of subjects). At the same time, incidents related, for example, to staff changes application software cannot be attributed to an attacker. Them possible reasons- Poorly developed management and weak technological base. The own inadequacy of the organization (management, core business processes) to the prevailing conditions in general is a very powerful source of problems, which is ignored due to the impossibility of linking it to an attacker.

The further evolution of IS models was associated with the strengthening of the role of the owner (owner) and came down to the fact that he himself chose (at his own peril and risk) from what was offered to him. standard set protective measures are those that he needs, i.e. those that, in his opinion, can provide an acceptable level of safety. This was a significant step forward, since it ensured that information security was linked to a specific object with specific conditions for its existence, partially resolving the contradictions associated with the self-sufficiency of the information security problem. However, it was not possible to offer a constructive mechanism for the owner, except for creating a catalog of objects with selected typical protective measures (protection profiles). The profiles themselves were created using the expert heuristic method. At the same time, what kind of risk the owner took on remained unknown and was determined in practice.

Further evolution came down to the thesis that information security can create (generate) damage for the purposes of activity and therefore the risks of information security (which remained self-sufficient) should be coordinated (linked) with the risks of the organization. It only remained to indicate how to link them, and integrate the information security management system (ISMS) into corporate management not as an isolated and independent system processes, but as an integral, strongly connected component of management. This failed. However, this approach advanced a number of IS assessment categories well, including IS risks.

Pragmatic IS models are also known, based on the assessment of the total cost of ownership (in relation to IS) and the "return" of investments in IS. Within the framework of this approach, a group of organizations similar in terms of goals and conditions of activity of organizations periodically evaluates the areas of IS implementation and forms a model consisting of the best practices for the group. Further, each of the organizations, in accordance with its lagging behind the best practices and its conditions (incidents that have occurred), determines the direction and volume of investments. The effectiveness of investments is assessed in the next period by reducing damage from incidents that ended up in the area of ​​investments made and therefore did not cause large damages.

However, this approach, with many of its merits, requires a wide exchange of sensitive information, and the conflict of interests of the participants in the exchange excludes the creation of any quality confidence building measures, so it is not widely used.

The IS model proposed in the standard of the Central Bank of the Russian Federation further advanced the problem both in terms of its integration (associated with the goals of the activity) and in terms of expanding the interpretation of the essence of the "intruder". An attacker is a person who is able to confront the owner and has his own goal, which he realizes, achieving control over the assets of the organization.

This approach significantly expands the types and sources of damage to the organization that fall into the scope of IS consideration, where their solution is most rational. However, it was largely a compromise approach and urgently requires further approximation of information security problems to the final result of the activity (produced product). We need a model that really helps the business, directly contributes to its performance and the necessary improvement through the creation and maintenance of a secure and trusted information sphere, including through the fight against an intruder. Only such a model can be perceived by business. Any other will be rejected by them.

5.4. Information security adaptation

1. Business Information Security Philosophy

1.1.4. Definition of information security Gradual realization of the fact that the informational impact on a business process (on its management) can be more effective than material or financial impact, as well as a low resource threshold for such impacts

2. Existing management (management) models applicable to ensure business information security If an organization has an unlimited resource, then there are no management problems to ensure the information security of its business. If a

3. Assessment of business information security. The problem of measuring and evaluating business information security 3.1. Ways to assess information security Organizations whose business is largely dependent on the information sphere in order to achieve business goals

3.1. Methods for assessing information security Organizations whose business is largely dependent on the information sphere, in order to achieve business goals, must maintain an information security system (IS Maintenance System) at the required level. ISIS is a set

3.2. Information security assessment process 3.2.1. Main elements of the evaluation process The IS evaluation process includes the following elements of the evaluation: - the context of the evaluation, which determines the input data: the goals and purpose of the IS evaluation, the type of evaluation ( independent evaluation,

3.2.2. The context of the organization's information security assessment The context of the IS assessment includes the goals and purpose of the IS assessment, the type of assessment, the object and areas of the IS assessment, assessment constraints, roles and resources. The roles involved in the implementation of the assessment process include the organizer,

Ministry of Education and Science Russian Federation

federal state budgetary educational institution

higher professional education

"PERM NATIONAL RESEARCH

POLITECHNICAL UNIVERSITY"

Test

by discipline

INFORMATION SECURITY OF THE ENTERPRISE

Topic "Information security in business on the example of Alfa-Bank"

Completed by a student

FK-11B group:

Smyshlyaeva Maria Sergeevna

Checked by teacher:

Shaburov Andrey Sergeevich

Perm - 2013

Introduction

Conclusion

Bibliography

Introduction

The information resources of most companies are among the most valuable resources. For this reason, commercial, confidential information and personal data must be reliably protected from misuse, but at the same time easily accessible to entities involved in the processing of this information or using it in the process of performing assigned tasks. Use for this special means contributes to the sustainability of the company's business and its viability.

As practice shows, the issue of organizing business protection in modern conditions has become the most relevant. Online stores are "opened" and customers' credit cards are emptied, casinos and sweepstakes are blackmailed, corporate networks fall under external control, computers are "zombified" and included in botnets, and fraud using stolen personal data is becoming a disaster on a national scale.

Therefore, company leaders must be aware of the importance of information security, learn how to predict and manage trends in this area.

The purpose of this work is to identify the advantages and disadvantages of the business information security system using the example of Alfa-Bank.

Characteristics of the activities of Alfa-Bank OJSC

Alfa-Bank was founded in 1990. Alfa-Bank is a universal bank that carries out all major types of banking operations on the financial services market, including servicing private and corporate clients, investment banking business, trade finance and asset management.

The head office of Alfa-Bank is located in Moscow; in total, 444 branches and branches of the bank have been opened in the regions of Russia and abroad, including a subsidiary bank in the Netherlands and financial affiliated companies in the US, UK and Cyprus. Alfa-Bank employs about 17,000 employees.

Alfa-Bank is the largest Russian private bank in terms of size total assets, total capital and size of deposits. The bank has a large client base of both corporate clients and individuals. Alfa-Bank develops as universal bank in the main areas: corporate and investment business (including small and medium business(SMEs), trade and structured finance, leasing and factoring), retail business(including the system of bank branches, car loans and mortgages). Special attention turns to the development of banking products corporate business in the mass and SME segments, as well as the development of remote self-service channels and Internet acquiring. Alfa-Bank's strategic priorities are to maintain its status as the leading private bank in Russia, strengthen stability, increase profitability, and set industry standards for technology, efficiency, customer service and teamwork.

Alfa-Bank is one of the most active Russian banks in the global capital markets. Leading international rating agencies assign Alfa-Bank one of the most high ratings among Russian private banks. It has been ranked #1 in the Customer Experience Index four times in a row. Retail sector banking services after the financial crisis" conducted by Senteo together with PricewaterhouseCoopers. Also in 2012, Alfa-Bank was recognized the best internet bank according to the GlobalFinance magazine, was awarded for the best analytics by the National Association of Stock Market Participants (NAUFOR), became the best Russian private bank according to the trust index calculated by the research holding Romir.

Today the Bank has a network of federal scale, including 83 points of sale. Alfa Bank has one of the largest networks among commercial banks, consisting of 55 offices and covering 23 cities. As a result of the expansion of the network, the Bank has additional opportunities to increase its client base, expand the range and quality of banking products, implement interregional programs, complex service backbone clients from among the largest enterprises.

Analysis of the theoretical basis of the issue of business information security

Relevanceand the importance of the problem of ensuring information security is due to the following factors:

· Modern levels and the pace of development of information security tools lags far behind the levels and pace of development of information technology.

· High growth rates of the park of personal computers used in various spheres of human activity. According to research by Gartner Dataquest, there are currently over a billion personal computers in the world.

information security business bank

· A sharp expansion of the circle of users with direct access to computing resources and data arrays;

At present, the importance of information stored in banks has increased significantly, concentrated important and often secret information about the financial and economic activity many people, companies, organizations and even entire states. The Bank stores and processes valuable information affecting the interests of a large number of people. The bank stores important information about its customers, which expands the circle of potential intruders interested in stealing or damaging such information.

Over 90% of all crimes are related to the use of automated information processing systems of the bank. Therefore, when creating and modernizing ASOIB, banks need to pay close attention to ensuring its security.

The main attention should be paid to the computer security of banks, i. the security of automated information processing systems of the bank, as the most relevant, complex and urgent problem in the field of banking information security.

The rapid development of information technology has opened up new business opportunities, but also led to the emergence of new threats. Modern software products due to competition, they go on sale with errors and shortcomings. Developers, including various functions in their products, do not have time to perform high-quality debugging of the created software systems. Errors and flaws left in these systems lead to accidental and deliberate violations of information security. For example, the causes of most accidental loss of information are failures in the operation of software and hardware, and most attacks on computer systems are based on errors and flaws found in software. So, for example, in the first six months after the release of the Microsoft Windows server operating system, 14 vulnerabilities were discovered, 6 of which are critical. Although over time, Microsoft develops service packs that address the identified flaws, users are already suffering from information security breaches due to the remaining errors. Until these many other problems are solved, the insufficient level of information security will be a serious brake on the development of information technologies.

Under information securitythe security of information and supporting infrastructure from accidental or intentional impacts of a natural or artificial nature that can cause unacceptable damage to the subjects of information relations, including owners and users of information and supporting infrastructure, is understood.

In the modern business world, there is a process of migration of material assets towards information ones. As an organization develops, its information system becomes more complex, the main task of which is to ensure maximum business efficiency in a constantly changing competitive market.

Considering information as a commodity, we can say that ensuring information security in general can lead to significant cost savings, while the damage caused to it leads to material costs. For example, the disclosure of the manufacturing technology of the original product will lead to the appearance of a similar product, but from a different manufacturer, and as a result of information security violations, the owner of the technology, and perhaps the author, will lose part of the market, etc. On the other hand, information is the subject of control, and its change can lead to catastrophic consequences in the control object.

According to GOST R 50922-2006, ensuring information security is an activity aimed at preventing information leakage, unauthorized and unintentional impacts on protected information. Information security is relevant for both enterprises and government agencies. For the purpose of comprehensive protection of information resources, work is being carried out to build and develop information security systems.

There are many reasons that can seriously affect the operation of local and global networks, lead to the loss of valuable information. Among them are the following:

Unauthorized access from the outside, copying or changing information accidental or intentional actions leading to:

distortion or destruction of data;

familiarization of unauthorized persons with information constituting a banking, financial or state secret.

Incorrect operation of the software, leading to loss or corruption of data due to:

errors in application or network software;

computer virus infection.

Technical equipment failures caused by:

power outage;

failure of disk systems and data archiving systems;

disruption of servers, workstations, network cards, modems.

Errors of service personnel.

Of course, there is no one-size-fits-all solution, but many organizations have developed and implemented technical and administrative measures to minimize the risk of data loss or unauthorized access.

To date, there is a large arsenal of methods for ensuring information security, which is also used in Alfa-Bank:

· means of identification and authentication of users (the so-called complex 3A);

· means of encrypting information stored on computers and transmitted over networks;

· firewalls;

· virtual private networks;

· content filtering tools;

· tools for checking the integrity of the contents of disks;

· means of anti-virus protection;

· network vulnerability detection systems and network attack analyzers.

"Complex 3A" includes authentication (or identification), authorization and administration. Identificationand authorization are key elements of information security. When you try to access any program, the identification function gives an answer to the question: "Who are you?" and "Where are you?", whether you are an authorized user of the program. The authorization function is responsible for what resources a particular user has access to. The administration function is to provide the user with certain identification features within a given network and determine the scope of actions allowed for him. In Alfa-Bank, when opening programs, the password and login of each employee are requested, and when performing any operations, in some cases, authorization of the head or his deputy in the department is required.

Firewallis a system or combination of systems that forms a protective barrier between two or more networks that prevents unauthorized data packets from entering or leaving the network. Basic operating principle of firewalls. checking each data packet for matching the incoming and outgoing IP_address to the allowed address base. Thus, firewalls significantly expand the possibilities of segmenting information networks and controlling the circulation of data.

Speaking of cryptography and firewalls, we should mention secure virtual private networks (Virtual Private Network - VPN). Their use allows solving the problems of data confidentiality and integrity during their transmission over open communication channels.

An effective means of protecting against the loss of confidential information. Content filtering inbound and outbound Email. Validating email messages and their attachments based on the rules set by the organization also helps to protect companies from legal liability and protect their employees from spam. Content filtering tools allow you to scan files of all common formats, including compressed and graphic. At the same time, the network bandwidth remains practically unchanged.

Modern antiviraltechnologies allow detecting almost all already known virus programs by comparing the code of a suspicious file with samples stored in the anti-virus database. In addition, behavior modeling technologies have been developed to detect newly created virus programs. Detected objects can be disinfected, isolated (quarantined), or deleted. Virus protection can be installed on workstations, file and mail servers, firewalls running under virtually any of the common operating systems(Windows, Unix - and Linux_systems, Novell) on different types of processors. Spam filters significantly reduce unproductive labor costs associated with parsing spam, reduce traffic and server load, improve the psychological background in the team and reduce the risk of company employees being involved in fraudulent transactions. In addition, spam filters reduce the risk of being infected with new viruses, since messages containing viruses (even those not yet included in the anti-virus databases) often show signs of spam and are filtered out. True, the positive effect of spam filtering can be crossed out if the filter, along with junk, removes or marks as spam and useful messages, business or personal.

There are several most typical types and methods information threats:

Declassification and theft of trade secrets. While previously secrets were kept in secret places, in massive safes, under reliable physical and (later) electronic protection, today many employees have access to office databases, often containing very sensitive information, for example, the same customer data.

Distribution of compromising materials. That is, the deliberate or accidental use by employees in electronic correspondence of such information that casts a shadow on the reputation of the bank.

Infringement on intellectual property. It is important not to forget that any intellectual product produced in banks, as in any organization, belongs to it and cannot be used by employees (including generators and authors of intellectual values) except in the interests of the organization. Meanwhile, in Russia, conflicts often arise on this issue between organizations and employees who claim the intellectual product they have created and use it for personal interests, to the detriment of the organization. This often happens due to the vague legal situation at the enterprise, when the labor contract does not contain clearly defined norms and rules that outline the rights and obligations of employees.

Distribution (often unintentional) of inside information that is not secret, but may be useful to competitors (other banks).

Visits to the websites of competing banks. Now more and more companies are using programs on their open sites (in particular, designed for CRM), which allow you to recognize visitors and track their routes in detail, record the time and duration of viewing site pages by them. Competitor websites have been and remain a valuable source for analysis and forecasting.

Abuse of office communications for personal purposes (listening to, watching music and other content not related to work, downloading an office computer) does not pose a direct threat to information security, but creates additional stress on the corporate network, reduces efficiency, and interferes with the work of colleagues.

And, finally, external threats - unauthorized intrusions, etc.

The rules adopted by the bank must comply with both national and internationally recognized standards for the protection of state and commercial secrets, personal and private information.

Organizational protection of information in Alfa-Bank

Alfa Bank OJSC has implemented a security policy based on a selective access control method. Such management in Alfa Bank OJSC is characterized by a set of allowed access relations specified by the administrator. The access matrix is ​​filled in directly by the system administrator of the company. The application of a selective information security policy complies with the requirements of the management and requirements for information security and access control, accountability, and also has an acceptable cost of its organization. The implementation of the information security policy is fully entrusted to the system administrator of Alfa Bank OJSC.

Along with the existing security policy, Alfa Bank OJSC uses specialized security hardware and software.

The security hardware is Cisco 1605. The router is equipped with two Ethernet interfaces (one with TP and AUI interfaces, the other with TP only) for local network and one expansion slot for installing one of the modules for Cisco 1600 series routers. In addition to this software The Cisco IOSFirewallFeatureSet makes the Cisco 1605-R the ideal flexible router/security solution for the small office. Depending on the installed module, the router can support connection both via ISDN and via dial-up line or leased line from 1200 bps to 2 Mbps, FrameRelay, SMDS, x.25.

To protect information, the owner of the LAN must secure the "perimeter" of the network, for example, by establishing control at the junction of the internal network with the external network. Cisco IOS provides high flexibility and security as standard means such as: Extended access lists (ACLs), blocking systems (dynamic ACLs), and routing authorizations. In addition, the Cisco IOS FirewallFeatureSet available for the 1600 and 2500 series routers provides comprehensive security features including:

contextual access control (CBAC)

java lock

logbook

attack detection and prevention

immediate notification

In addition, the router supports virtual overlay networks, tunnels, a priority management system, a resource reservation system, and various routing control methods.

The KasperskyOpenSpaceSecurity solution is used as a software protection tool. KasperskyOpenSpaceSecurity fully meets the modern requirements for corporate network protection systems:

solution for protection of all types of network nodes;

protection against all types of computer threats;

effective technical support;

"proactive" technologies combined with traditional signature-based protection;

innovative technologies and a new anti-virus engine that improves performance;

ready-to-use protection system;

centralized management;

full protection of users outside the network;

compatibility with third-party solutions;

efficient use of network resources.

The developed system should provide full control, automated accounting and analysis of the protection of personal information, reduce the time of customer service, receive information about information security codes and personal data.

To form a requirement for the system being developed, it is necessary to form requirements for the organization of the database, information compatibility for the system being developed.

The database design should be based on the views of the end users of a particular organization - the conceptual requirements for the system.

AT this case, IS contains data about the employees of the company. One of the technologies that significantly illustrates the operation of an information system is the development of a workflow scheme for documents.

The functions of the developed system can be achieved through the use of computer technology and software. Considering that the search for information, information and accounting documents in the activities of bank specialists is about 30% of the working time, the introduction of an automated accounting system will significantly free up qualified specialists, can lead to savings in the payroll fund, reducing the staff, however, it can also lead to the introduction of to the staff of the department of the operator's staff unit, whose duties will include entering information about ongoing business processes: personal data accounting documents and access codes.

It should be noted that the introduction of the developed system will reduce, and ideally, completely eliminate errors in accounting for personal information and security codes. Thus, the introduction of a manager's workstation will lead to significant economic effect, reducing the staff by 1/3, saving the wage fund, increasing labor productivity.

Alfa-Bank, like any other bank, has developed an Information Security Policy that defines a system of views on the problem of ensuring information security and is a systematic statement of the goals and objectives of protection, as one or more rules, procedures, practices and guidelines in the field of information security.

The policy takes into account state of the art and immediate prospects for the development of information technologies in the Bank, goals, objectives and legal framework their operation, modes of operation, and also contains an analysis of security threats to objects and subjects of information relations of the Bank.

Basic provisions and requirements this document apply to all structural divisions of the Bank, including additional offices. Key Issues The Policy also applies to other organizations and institutions interacting with the Bank as suppliers and consumers of the Bank's information resources in one capacity or another.

The legislative basis of this Policy is the Constitution of the Russian Federation, the Civil and Criminal Codes, laws, decrees, resolutions, etc. regulations the current legislation of the Russian Federation, documents of the State Technical Commission under the President of the Russian Federation, the Federal Agency for Government Communications and Information under the President of the Russian Federation.

The policy is the methodological basis for:

· formation and implementation of a unified policy in the field of information security in the Bank;

· acceptance management decisions and the development of practical measures to implement the information security policy and the development of a set of coordinated measures aimed at identifying, reflecting and eliminating the consequences of implementation various kinds information security threats;

· coordinating the activities of the Bank's structural subdivisions when carrying out work on the creation, development and operation of information technologies in compliance with the requirements for ensuring information security;

· development of proposals for improving the legal, regulatory, technical and organizational support security of information in the Bank.

A systematic approach to building an information security system in the Bank involves taking into account all interrelated, interacting and time-varying elements, conditions and factors that are significant for understanding and solving the problem of ensuring the security of the Bank's information.

Ensuring Information Security- a process carried out by the Bank's Management, information security units and employees at all levels. This is not only and not so much a procedure or policy that is implemented in a certain period of time or a set of remedies, but a process that must constantly go on at all levels within the Bank and every employee of the Bank must take part in this process. Information security activities are an integral part of the Bank's day-to-day activities. And its effectiveness depends on the participation of the Bank's management in ensuring information security.

In addition, most of the physical and technical means of protection for the effective performance of their functions require constant organizational (administrative) support (timely change and ensuring the correct storage and use of names, passwords, encryption keys, redefinition of powers, etc.). Interruptions in the operation of protection tools can be used by attackers to analyze the methods and means of protection used, to introduce special software and hardware "bookmarks" and other means of overcoming protection.

Personal responsibilityassumes the assignment of responsibility for ensuring the security of information and the system for its processing to each employee within the limits of his authority. In accordance with this principle, the distribution of rights and obligations of employees is built in such a way that in the event of any violation, the circle of perpetrators is clearly known or minimized.

Alfa-Bank constantly monitors the activities of any user, each security tool and in relation to any object of protection should be carried out on the basis of the use of operational control and registration tools and should cover both unauthorized and authorized actions of users.

The bank has developed the following organizational and administrative documents:

· Regulations on trade secrets. This Regulation governs the organization, the procedure for working with information constituting a commercial secret of the Bank, the duties and responsibilities of employees admitted to this information, the procedure for transferring materials containing information constituting a commercial secret of the Bank to state (commercial) institutions and organizations;

· List of information constituting official and commercial secrets. The list defines information classified as confidential, the level and timing of restrictions on access to protected information;

· Orders and directives to establish the information security regime:

· admission of employees to work with restricted information;

· appointment of administrators and persons responsible for working with restricted information in the corporate information system;

· Instructions and functional responsibilities employees:

· on the organization of the security access regime;

· on the organization of office work;

· administration of information resources of the corporate information system;

· other regulatory documents.

Conclusion

Today, the issue of organizing information security is of concern to organizations of any level - from large corporations to entrepreneurs without forming a legal entity. Competition in modern market relations is far from perfect and is often conducted in less than legal ways. Industrial espionage flourishes. But cases of inadvertent dissemination of information relating to the trade secret of the organization are not uncommon. As a rule, the negligence of employees, their lack of understanding of the situation, in other words, the "human factor" plays a role here.

Alfa-Bank ensures the protection of the following information:

trade secret

banking secrecy

bank documents (reports of the Security Department, the annual estimate of the bank, information about the income of bank employees, etc.)

Information in the bank is protected by such threats as:

· natural

· Artificial threats (unintentional (unintentional, accidental) threats caused by errors in the design of the information system and its elements, errors in the actions of personnel, etc.; intentional (deliberate) threats associated with selfish, ideological or other aspirations of people (intruders).

Sources of threats in relation to the information system itself can be both external and internal.

Bibliography

1. Decree of the President of the Russian Federation "On measures to ensure the information security of the Russian Federation when using information and telecommunication networks of international information exchange" dated March 17, 2008 No. 351;

Galatenko, V.A. Fundamentals of information security. Internet University of Information Technology. INTUIT. ru, 2008;

Galatenko, V.A. Information security standards. Internet University of Information Technology. INTUIT. ru, 2005;

2019

SMB cybersecurity priorities

SMB segment companies are drawn to the clouds, to the service model of service consumption according to the MSSP (Managed Security Service Provider) model. This helps them significantly reduce the operational costs in the field of information security.

The service model of IS consumption is becoming more and more in demand by small and medium-sized businesses, since these companies cannot afford a large staff of security specialists.

According to Vladimir Balanin, Head of the Department of Information Security of I-Teco Group, the SMB segment is becoming the main consumer of the services of service providers that provide services immediately with integrated information security services: there are no costs for administration, monitoring and maintenance of their own infrastructure, and risks regulatory requirements are borne by the service provider itself.

At the same time for Russian market now characterized by a very limited supply of information security for SMBs. As Andrey Yankin, Director of the Center for Information Security at Jet Infosystems, notes, almost all maintenance services aimed at large customers. Typical and inexpensive, but not primitive information security services for SMB, according to him, practically do not exist, although in a number of other countries this market is well developed.

At the same time, with the development of the segment of managed information security services and the prospect of developing the cyber risk insurance market, this category of customers will have at their disposal measures adequate to modern threats.

In the meantime, SMB companies are implementing basic IT security, rarely rising to the level of business processes.

According to Dmitry Pudov, Deputy General Director of Angara Technologies Group for Technology and Development, representatives of SMEs, with their budgets, have almost no access to high-tech or complex solutions. This is not solely due to the cost of solutions, but rather the reason for the OPEX they carry.

The main solutions purchased by customers in the SMB segment are antiviruses and software firewalls, says Yakov Grodzensky, head of information security at System Software. In addition, companies in this segment are actively becoming interested in information security auditing and pentesting, because such organizations do not always keep a separate information security specialist on staff, not to mention pentesters.

Vyacheslav Medvedev, a leading analyst at Doctor Web, adds that surveys of medium-sized businesses have shown that such companies do not have funds for security solutions other than basic ones.

Cybersecurity priorities of large business

It is always important for shareholders, owners and top management to have an objective picture of information security and technological processes inside the organization, so the overall level of information security maturity in companies is growing every year. However, some large organizations still lack the elementary order in the business processes that ensure the operation of information systems, which can lead to chaos in information security. Therefore, the main priority for large companies- in solving these problems, says Nikolay Zabusov, director of the department of information and network security "Step Logic".

In addition, big business is focusing on compliance with the requirements of regulators and internal standards, trying to create a more or less evenly protected infrastructure. Industry standards in the field of information security have been developed and "implemented" in many corporations.

Large commercial companies essentially faced a choice: follow the path of digital transformation, or work without changing the business paradigm. But in the second case, they will sooner or later be forced to give up their positions in the market to competitors who have shown greater flexibility.

From the point of view of practical security, the vector is increasingly shifting from preventing attacks to detecting and responding to them, says Andrey Zaikin, Head of Information Security at Croc. This leads to the fact that relatively young classes of solutions are becoming more and more popular and in demand: EDR, IRP. Automated systems responses have different sets of scripts, scripts and allow you to block attempts to spread threats.

cybersecurity services

SMB companies that understand the criticality of information security for their business follow the path of using service models.