Business representatives discuss Ukraine’s cybersecurity strategy developed by NSDC

A public debate on Ukraine’s cybersecurity strategy, the development of which was completed by the National Cyber ​​Security Coordination Center under the National Security and Defense Council (NSDC) of Ukraine, took place with participation of business representatives.

“The increasing digitization puts Ukraine before the need to face a large number of challenges and threats in cyberspace. Not only large companies, but also small and medium-sized businesses, as well as ordinary users, are often victims of hackers. Today the question is not whether your organization will be attacked, but how to reliably ensure a high level of cybersecurity for your business ”, secretary of the Center for Business Cybersecurity of the Chamber of Commerce and of Ukrainian Industry (UCCI), secretary of Electronic Communications Committee Anatoliy Klikich said at a meeting of the Electronic Communications Committee at UCCI.

He recalled that according to the NSDC in 2020, around 1 million cases of cyber threats were recorded in Ukraine, including network attacks, attempted network scans, attempted WEB attacks, phishing, DDoS attacks. and the distribution of malware. In this regard, to help companies, at the initiative of the committee, a partnership and cooperation protocol was signed between the staff of the NSDC and the UCCI. As a result, UCCI has become the main center of attraction for various initiatives and activities in the area of ​​corporate cyber protection, Klikich said.

According to Volodymyr Koliadenko, head of the UCCI electronic communications committee, chairman of the Anti-Crisis Center for Cyber ​​Protection of Enterprises, Vice Chairman of the Kyiv Chamber of Commerce and Industry, “the adoption of a cybersecurity strategy is a step towards the creation of a reliable cybersecurity ecosystem in the country, since it is he who determines the main tasks, the parameters of threats, as well as the criteria for testing the effectiveness of this system . “

He also said that thanks to the Kyiv Chamber of Commerce and Industry and its capabilities, a wide discussion and study of the main provisions of the strategy was held and dozens of comments and proposals regarding its content were made. submitted.

According to a member of the UCCI electronic communications committee, director of the British insurance agency Oakeshott Yuriy Hryshan, the cybersecurity strategy developed by the NSDC working group is undoubtedly a good quality systemic document that will improve the effective interaction between all governments. agencies and the private sector to prevent large-scale hacker attacks and their serious consequences.

“Based on the experience of the United States, Canada, Japan, European countries, we suggest, when resolving issues of ensuring cybersecurity at the national level, to provide for the possibility of participation of international insurance brokers in this process, namely the transfer of part of the risk through them to global insurance companies specializing in cyber insurance, ”he said.

According to Hryshan, this should be expected for critical information infrastructures, mainly public management systems, life support facilities, electricity, transport, nuclear and chemical industries and the banking sector.

He said that, according to last year’s McAfee Corp survey, respondents were from the United States (300), Canada (200), United Kingdom (200), France (200) , Germany (200), Australia (200) and Japan (200), global losses from cybercrime are currently over $ 1 trillion and have increased by more than 50% In two years. Production stoppages are a common consequence for two-thirds of those surveyed. The average cost of their longest downtime in 2019 was $ 762,231. About 33% of those surveyed said that computer security incidents causing system downtime cost them between $ 100,000 and $ 500,000.

According to Hryshan, unlike preventative approaches which include preventive measures, the inclusion of late response tools – the transfer of part of the risk to insurance by international brokers, will compensate for losses from cyber attacks. There are enough examples showing that even the implementation of preventive measures does not guarantee against cyber attacks. So, despite the fact that penetration testing specialists tested the reliability of the computer networks of the world’s largest aluminum producer Norsk Hydro, hackers managed to shut down production at the plant for several weeks in March 2019. , and it was only through the cyber insurance policy that the company covered losses of over $ 60 million.

Hryshan also said that, according to the committee’s work plans, last year, with a company that owns the Deep Web analytics system, a number of private and public companies agreed to pass the compromise tests. It turned out that most companies engaged in serious business of storing and transmitting information had a lot of compromised emails. Production stoppages, damage to brand reputation, reduced efficiency, damage throughout the supply chain, large amounts of data recovery, etc. are the main threats to businesses in cyber attacks.

As reported, the NSDC National Cybersecurity Coordination Center Working Group approved Ukraine’s draft cybersecurity strategy for 2021-2025.