Hackers may be associated around the world with Russia above any other country, thanks to news reports that often describe cybercriminals as Russian, and to accusations this year that Russian hackers were behind attacks on the U.S. Democratic National Committee. But the problem is very much a global one, international experts agreed at the Skolkovo CyberDay conference on Thursday, with corporate leaks, malware targeting Android mobile devices, company complacency and a lack of qualified cybersecurity experts among the main problems identified by speakers.

The second annual Skolkovo Cyberday conference identified current cybercrime trends and possible solutions. Photo: Sk.ru.

“According to Interpol, 85 percent of crimes linked to high technology can be traced to Russian-speaking people, though it’s important to note that they’re not necessarily Russian nationals – people often confuse these two things, but it could be people in the Baltics, in the U.S., in Indonesia – wherever,” said Ilya Sachkov, head of Group-IB, a Russian company specializing in cybercrime investigation and prevention.

Cyberattacks have no borders, however, and cost businesses $400 billion a year, according to the British insurance company Lloyd’s. Russia lost 200 billion rubles ($3.2 million) last year through cybercrime, said Igor Bogachev, head of Skolkovo’s IT cluster, opening the conference on Thursday.

Cyberattacks were rarely out of the headlines in 2016, not least in the run-up to the conference. On December 2, Russia’s central bank revealed that hackers had stolen 2 billion rubles ($31 million) from its accounts in 2016, and that the bank had managed to protect a further 3 billion rubles from attempted attacks. The same day, the Federal Security Service (FSB) said it was aware of a plot to destabilize Russia’s banking systems using false information. Three days later, President Vladimir Putin signed an updated doctrine on information security.

This is only a sign of things to come, the experts said, citing the growth of cyberattacks and ongoing struggle to keep up with hackers.

The threat from within

Information leaks are growing every year, even judging only by those that are publically reported, said Natalya Kasperskaya, the head of InfoWatch, a major group of companies working on information security software and technology.  

“If previously, the main source of leaks was paper – people printed something at work and then threw it away to be found by someone, or took it home – now the main channel of leaks around the world is cloud technology,” she said.

“People are guided by what is convenient for them, and this completely overrules security considerations,” said Kasperskaya, a leading figure on Russia’s cybersecurity scene.

Of 740 leaks reported in global media in the first half of this year, 66 percent were internal ones caused by employees, she said.

Natalya Kasperskaya, head of InfoWatch, talking during the Skolkovo Cyberday plenary session. Next to her is Stanislav Kuznetsov, deputy chairman of Russia's biggest lender Sberbank. Photo: Sk.ru.

Kasperskaya identified the ongoing issue of BYOD (bring your own device, i.e. staff accessing corporate networks and information via their own mobile devices and corporate smartphones) as the main challenge to be tackled in 2017.

“As smartphones have many channels of transmitting data – many more than a computer, such as WiFi, Bluetooth and mobile data and so on – it is very difficult, if not impossible to control these leaks using the usual measures. BYOD is a threat to corporate security,” she said.

Telephones can also be stolen, or hacked remotely with far less difficulty than hacking a corporate site, added Kasperskaya.

Devices running the Android operating system are currently at particularly high risk of being hacked, said Sachkov, due to criminal groups developing Trojan malware targeting it.

“Using Android devices is a huge risk,” he said. 

"Cybersecurity itself is a very sensitive topic, and in the current geopolitical situation, particularly so. Those of you who have tried to reach out to potential Western clients or partners will probably have experienced an attitude that is sometimes more emotional than rational, even when a good product is involved, but I’m convinced that this level of paranoia will decline."

Security breaches caused by human error are a problem everywhere, including in the U.K., said Marcus Scott, chief operating officer of TheCityUK, which lobbies on behalf of U.K.-based financial services.

“This [information security] is about people, not just systems,” he told the conference.

“We can’t possibly build a system which can avoid anybody responding to a singly phishing email, and that sometimes is all it takes,” he said, adding that in this respect, it is important to encourage “cyber hygiene” among staff.

Outwitting the criminals

Internal practices like BYOD may leave companies exposed, but even the most cautious corporations can fall victim to determined hackers. The number of attacks continues to increase, and keeping up with the hackers has always been a challenge, not to mention getting ahead of them.

As Russia’s biggest bank, state-owned Sberbank fights a constant battle against cybercriminals: “Only the laziest of hackers haven’t had a pop at us,” says Stanislav Kuznetsov, Sberbank’s deputy chairman. He said that the bank manages to stop 95 percent of the attacks before any money is stolen, and that most of the time, clients don’t even know that their accounts were targeted.

Kuznetsov paraphrased FBI director James Comey’s statement that there are two types of companies: those who’ve been hacked, and those who don’t know they’ve been hacked.

One of the problems in fending off attacks is the cost. “Putting serious defenses in place against every possible kind of attack is insanely expensive,” said Kasperskaya. While giant banks and corporations might be able to afford it, smaller companies will struggle.

Ilya Sachkov, head of Group-IB cybercrime-busters. Photo: Sk.ru.

While Kasperskaya says blanket defenses are needed because it is impossible to know where an attack will come from, Sachkov of Group-IB disagrees. His company has developed advanced threat intelligence systems to analyse a company’s weak spots and predict what form an attack might take.

“If you’re involved in a certain kind of business in a certain area, there are certain criminal groups that will definitely take an interest in you. An attack is very likely,” he said.

Knowing which hackers might target them and which methods they use can help a company strengthen its defenses against them, he explained.

“Belarus [a land-locked country] has no use for submarines, and it’s very difficult to use tanks for protection from an enemy flying a plane,” said Sachkov, whose company investigates about 80 percent of high-profile cybercrimes in Russia and the CIS.

“When we are called in to investigate incidents, it’s often clear that a company was protected – just not from that enemy and not from that direction.”

Experts agree that far from receding, the threat from cybercriminals will only grow as more and more household and office items become connected to the Internet of Things (IoT), in which smart devices such as TVs, kettles and fridges are interconnected.

“When you are sitting watching TV, you should realise that actually, it’s all the other way around: the TV is watching you,” said Kuznetsov.

Kasperskaya concurred, saying that the threat posed by IoT is huge enough to warrant a conference of its own.

Call to arms

Experts agree that not enough is being done to develop an army of specialists equipped to deal with the growing threat from hackers.

Artyom Sychev, deputy head of security and data protection at Russia’s central bank, said as well as technical experts, there was a lack of analysts and legal specialists.

“No one is preparing these categories of specialists,” he said. 

"When you are sitting watching TV, you should realise that actually, it’s all the other way around: the TV is watching you."

TheCityUK’s Scott said this is also a problem in the U.K., and that at the speed with which hackers work, by the time university students studying cyber technology graduate, what they learned three years earlier is already out of date.

In the meantime, companies need to share as much information as possible about attacks carried out against them, said Scott. He also called for the creation of centres of excellence, like Israel’s unified military anti-hacking command.

Sberbank’s Kuznetsov said the profession seeing the biggest deficit right now is that of cybersecurity engineer.

“We need to prepare these people, and Skolkovo has a great opportunity in this regard,” he said.

He said tech companies offering reliable identification solutions would be in high demand, suggesting that they would be able to eliminate 90 percent of bank fraud.

One of the winners of the Skolkovo Cybersecurity Challenge (left) together with Skolkovo's Sergei Khodakov. Photo: Sk.ru.

Skolkovo’s IT cluster is home to about 50 companies working in information security, according to Sergei Khodakov, head of information security technologies within Skolkovo’s IT cluster, who organised the conference together with Cisco. About half of those resident startups were demonstrating cybersecurity solutions on the sidelines of the conference, while others took part in the Skolkovo Cybersecurity Challenge. Four companies were selected Thursday from 69 entrants as the winners of the competition held in partnership with the central bank. The four winners, working in areas ranging from ID technology to secure e-transactions, will receive 5 million rubles ($80,000) each to develop their products.

Going global

Sachkov, whose company Group-IB is also a Skolkovo resident and already operates on several foreign markets, including the U.S. and U.K., had some advice for Russian startups working in information security.

“Don’t judge yourselves by your competitors on the Russian market,” said Sachkov.

“For the U.S. market, the things happening in Russia are sometimes simply comical. Compete with the biggest players, and then you’ll become stronger. If you’re just aiming for import substitution [i.e. to create a domestic equivalent of technology that already exists abroad], that path will end about five years down the line,” he added.

Alexander Turkot, a managing partner at Maxfield Capital tech investment firm and former head of Skolkovo’s IT cluster, echoed Sachkov’s advice to focus on the global market.

“Cybersecurity itself is a very sensitive topic, and in the current geopolitical situation, particularly so. Those of you who have tried to reach out to potential Western clients or partners will probably have experienced an attitude that is sometimes more emotional than rational, even when a good product is involved, but I’m convinced that this level of paranoia will decline,” said Turkot.

“The domestic market is excellent but small; you should focus on the global market,” he said.

“The threat is global, so protection should be global too.”