This text is an automatic translation from Русский. It was generated by AI and may contain inaccuracies.
Read original →Luka Safonov: Russian Cybersecurity Has Come of Age
Cybersecurity expert Luka Safonov on the state of Russian information security, the impact of sanctions on the industry, North Korean hackers, and the prospects for exporting domestic solutions. Analysis of cyber threats and import substitution.
Geopolitics and Cyber Threats: Economy in the Crosshairs
– What's the real state of cybersecurity in Russian companies — especially in the public sector? Can we speak of unified standards, or is the situation chaotic from agency to agency?
– It's gotten much better, both as a result of external pressures and regulators' actions. You could say Russian information security has come of age.
– What priority measures — both at the state level and within companies — could prevent a repeat of the 'Aeroflot case'? What matters more: processes, regulations, import independence, or personnel?
– Even without considering the 'Aeroflot case,' all these measures are important and interconnected.
– North Korean hackers stole $1.5 billion from the Bybit crypto exchange. Is this a real threat or an exaggerated narrative from Western media? How significant is their activity in economic cyber warfare?
– If the attribution is correct and Lazarus (North Korea) is behind the attack, then they've been conducting economic attacks for over 10 years and even generate part of their GDP from the proceeds of these attacks. This isn't the first such attack — it's more like state-sponsored cybercrime. No politics, just money.
– How do you assess the theory that the wave of attacks is orchestrated by entities from Ukraine, Belarus, or even Western intelligence services operating 'under false flags'? How difficult is it today to attribute attacks to specific countries?
– Currently, most attacks and even disruptions are claimed by various hacktivist groups, often leaving the real actors in the shadows. Generally, attribution is quite difficult because coordinated international groups are often operating against Russian resources.
– From a cyber risk perspective — which sectors are most vulnerable? Could an attack hypothetically 'zero out' bank deposits or cut power to a major region?
– Such risks exist, but they're more often realized outside Russia (pipeline shutdown in the US, dam hack in Norway).
Cybersecurity in Russia's Economy: Realities and Challenges
– How have sanctions and international isolation affected cybersecurity in Russia? What have companies faced — equipment shortages, talent drain, lack of certified solutions?
– Local growth in products and expertise, reduced risks from using foreign software and hardware.
– Is the sovereign internet protection from external threats or a mechanism for internal control? Can Roskomnadzor and GRChTs infrastructure actually protect against attacks on the scale of 'Rostelecom'?