Meet Denis Nesin, the Chief Information Officer at TECHIIA holding. He is an expert in IT and Information Security. He has been auditing, building, and evolving information technology and information security systems in companies from various sectors of the economy for over 16 years. At TECHIIA, he has initiated and implemented solutions that secured the IT systems of both the holding and its member companies.
- What cyberthreats have businesses faced in the last few years? How to resist them?
- In the past few years we have heard more and more about hacker attacks - they are among the top threats that can cause the biggest damage to the company's finances and reputation. The failure of business services or the leakage and compromise of sensitive information can lead to the temporary suspension of business activities or even company shutdown.
One of the most notorious examples is the NonPetya virus. Because of it, in 2017, Ukraine lost 0.5% of GDP, which is almost UAH 15 billion. Cybersecurity Ventures
As a business, we must build a secured IT infrastructure, effective processes of information technology and information security management. And not only with firewalls. It is crucial to teach employees resist social engineering methods.
But cyberspace is a territory for everyone. It is possible to resist, creating a common and safe cyberspace where all the whole world, society, and business can interact. Specific laws and specialists are needed at the state level. And educational work at the level of society.
- What measures should a company take to protect itself from cyber threats nowadays?
- The methods are individual for each company. For example, there are about 15 different projects in our TECHIIA ecosystem. When changing infrastructure, processes, and security systems, all business projects must not be affected and work non-stop. We succeed thanks to well-thought-out planning and rapid teamwork.
There are some standard steps. First of all, it is necessary to analyze the existing infrastructure, take into account the load in the future and design a map of business processes for today and for the nearest future. Such a map will make it possible to understand what data flows occur and what systems are used to process them. Next, you assess the risks of information security. The result will be a roadmap for implementing organizational and technological change.
It is highly important to regulate the management processes of information technology management and information security. And don't forget that business is about people. Therefore, be sure to constantly inform employees on how to protect themselves and the company from cyberattacks. Finally, it is necessary to regularly make network security tests (penetration tests) and application security testing (security code analysis).
- Do you believe that Ukrainian IT companies and other businesses take cybersecurity with due respect?
- Unfortunately, the management of most Ukrainian companies thinks about information security only after a painful hacker attack. The same applies to hiring a specialist who is responsible for cybersecurity. Step by step, companies are starting to apply international best practices in the field of cybersecurity and protection against cyberattacks.
But this applies not only to business. No matter how secure the company's IT infrastructure is, it needs to be integrated into a secure cyber environment. Ukraine ranks lowest in the overall cybersecurity rankings: 51st in the Comparitech rankings, 54th in the Global Cybersecurity Index.
After the NonPetya virus in 2017, the National Cyber Security Centre was established in Ukraine. It recently adopted a draft Cybersecurity Strategy of Ukraine for 2021-2025. Hopefully, following this strategy will bring maximum protection to the Ukrainian web from external threats.
Read the original article on the "Business" magazine