Business representatives discuss Ukraine's Cybersecurity Strategy developed by NSDC
A public discussion of the Cybersecurity Strategy of Ukraine, the development of which was completed by the National Cybersecurity Coordination Center under the National Security and Defense Council (NSDC) of Ukraine, was held with the participation of business representatives.
"The growing digitalization puts Ukraine in front of the need to confront a large number of challenges and threats in cyberspace. Not only powerful corporations, but also small and medium-sized businesses, as well as ordinary users, often fall victim to hackers. Today, the question is not whether your organization will be attacked, but about how to reliably ensure a high level of cybersecurity for your business," Secretary of the Center for Cybersecurity of Business at the Ukrainian Chamber of Commerce and Industry (UCCI), Secretary of the Committee on Electronic Communications Anatoliy Klikich said during a meeting of the Committee on Electronic Communications at the UCCI.
He recalled that according to the NSDC in 2020, about 1 million cases of cyber threats were recorded in Ukraine, including network attacks, network scanning attempts, attempts at WEB attacks, phishing, DDoS attacks, and the distribution of malicious software. In this regard, to help business, on the initiative of the committee, a memorandum of partnership and cooperation was signed between the staff of the NSDC and the UCCI. As a result, the UCCI has become the main center of attraction for various initiatives and activities in the field of business cyber protection, Klikich said.
According to Head of the Committee on Electronic Communications at the UCCI, Chairman of the Anti-Crisis Center for Cybernetic Protection of Business, Vice-President of the Kyiv Chamber of Commerce and Industry Volodymyr Koliadenko, "the adoption of a cybersecurity strategy is an important step towards creating a reliable cybersecurity ecosystem in the country, since it is it that determines the main tasks, parameters of threats, as well as criteria for testing the effectiveness of this system."
He also said that thanks to the Kyiv Chamber of Commerce and Industry and its capabilities, a broad discussion and study of the main provisions of the strategy was organized and dozens of comments and proposals regarding its content were submitted.
According to a member of the Committee on Electronic Communications at the UCCI, Director of Oakeshott British Insurance Agency Yuriy Hryshan, the cybersecurity strategy developed by the NSDC working group is undoubtedly a systemic good-quality document that will improve the efficiency of interaction between all government agencies and the private sector to prevent large-scale hacker attacks and their serious consequences.
"Based on the experience of the United States, Canada, Japan, European countries, we propose, when solving problems of ensuring cybersecurity on a national scale, to provide for the possibility of participation of international insurance brokers in this process, namely the transfer of a part of the risks through them to global insurance companies that specialize in cyber insurance," he said.
According to Hryshan, this should be provided for critical information infrastructure facilities, primarily public management systems, life support facilities, electricity, transport, nuclear and chemical industries, and the banking sector.
He said that according to last year's McAfee Corp survey that surveyed respondents were from the United States (300), Canada (200), the U.K. (200), France (200), Germany (200), Australia (200) and Japan (200), global losses from cybercrime are currently more than $1 trillion and have increased by more than 50% in two years. Production downtime is a common consequence for two-thirds of respondents. The average cost of their longest downtime in 2019 was $762,231. About 33% of respondents said that IT security incidents leading to system downtime cost them between $100,000 and $500,000.
According to Hryshan, in contrast to preventive approaches that provide for preventive measures, the inclusion of late response tools – the transfer of part of the risks to the insurance by international brokers, will compensate for the losses from the cyber attacks. There are enough examples showing that even the implementation of preventive measures does not guarantee against cyber attacks. So, despite the fact that penetration testing specialists tested the reliability of the computer networks of the world's largest aluminum producer Norsk Hydro, hackers managed to stop production at the plant for several weeks in March 2019, and only thanks to the cyber insurance policy, the company covered the losses of more than $60 million.
Hryshan also said that in pursuance of the committee's work plans, last year, together with a company that has the Deep Web scanning system, a number of private and public companies agreed to pass the compromise tests. As it turned out, most companies that are engaged in serious business, storage and transmission of information had many compromised emails. Production downtime, damage to brand reputation, reduced efficiency, damage throughout the supply chain, large amounts of data recovery, etc are key threats hitting businesses in cyber attacks.
As reported, the working group under the National Cybersecurity Coordination Center of the NSDC approved the draft Cybersecurity Strategy of Ukraine for 2021-2025.