Cybersecurity of the financial sector of Kazakhstan. Today and tomorrow
When it comes to cybersecurity in the financial sector, the main trends include the continued expansion of infrastructure, increased attention to information security, and the development of technologies in various sectors of the economy. Kazakhstan's role as a major player in Central Asia in the field of information technology also plays an important role. FinTech & Retail CA spoke with Evgeny Pitolin , an independent expert in cybersecurity, IT, and marketing, and co-chairman of the QAZTECH Information Security Committee , about this .
First of all, I invite all readers of FinTech&Retail CA to the PLUS-Forum Digital Kazakhstan, which will be held in Almaty on October 30-31, 2024!
This event will bring together leading experts and professionals in the field of digital technologies and cybersecurity, providing a unique opportunity to discuss current issues and solutions for the banking and payment sectors. Join the participants of this unique platform to be at the center of discussions on current digital security topics!
Cybersecurity of credit institutions
Much has been done in the field of cybersecurity in Kazakhstan to date, including by the state, including the corresponding development of legislation. One example is the rule according to which the right to a domain name can be suspended for the absence of an SSL certificate. Due to this requirement, most domains in Kazakhstan have a security certificate, which significantly increases protection against phishing and other threats.
In addition, the KZ domain zone has implemented the DNSSEC system. DNSSEC (Domain Name System Security Extensions) is a set of extensions to the DNS protocol that adds a layer of protection when transmitting domain name data. The main function of DNSSEC is to prevent attacks such as DNS spoofing and other data manipulations. Each DNS record is signed using cryptographic algorithms, which allows clients to verify its authenticity. When requesting information, the client can verify the digital signature, which confirms the integrity and source of the data.
The implementation of DNSSEC in the KZ domain zone enhances the security of Internet resources and protects users from potential threats. This increases trust in resources and makes the Internet in Kazakhstan more secure and reliable.
If we compare Kazakhstan with other countries, it is here that there are several strong local players in the IT infrastructure sector, such as hosting and clouds. This is important because a strong local player has enough resources to invest in security.
Community creation
Also, one of the key tasks in ensuring cybersecurity in the financial sector is not only practical security of "us is", but also the education of the mass user and work with the community. This is really very important and not everyone succeeds. As a positive example, I can cite TSARKA (Cyberattack Development Analysis Center, TSARKA). This is a team of highly qualified professionals led by their founder, Olzhas Satiev, who have been protecting the state, society and business of Central Asia for more than a decade. For them, the task of creating and working with the community turned out to be within their power.
First, it happened in the online environment, when a community was created in Telegram – TSARKA-chat. This is the largest community in Central Asia, in which all information security specialists participate – from an ordinary AB administrator to the MCRIAP (Ministry of Digital Development and Aerospace Industry). Among them are representatives of all branches of government, big business, practitioners, public figures, businessmen, in general, everyone who is at least a little interested in knowing everything about cybersecurity.
Cybersecurity Legislation
Another extremely important issue is that cybersecurity legislation must move towards increasing accountability.
For example, the recent proposal by Ekaterina Smyshlyaeva, a member of the Majilis of the Parliament of the Republic of Kazakhstan, on the need for further work on cybercrime issues is an important and timely step. Given the increase in cybercrime observed in Kazakhstan, it is important that legislation adapts to new realities.
The MP quite rightly emphasizes that cybercrime has already gone beyond simple fraud and includes more complex aspects, such as hacking information systems. This highlights the need for a comprehensive approach to combating crime in the digital space. A sustainable approach to the formation of legislation in the field of cybersecurity will create a safer digital environment and increase public trust in government institutions.
It is also necessary to implement a system of mandatory notification of data leaks, introduce personal liability and fines for companies that formally treat cybersecurity.
The rules of the game are becoming stricter, which is good for cybersecurity. This contributes to the development of the industry, ensuring the protection of citizens, protecting businesses in the IT sphere. And, of course, this will lead to greater systematization of the market and the formation of demand for some services, expert services, which did not exist before.
Cybersecurity is becoming an integral part of education
Recently, an important initiative in Kazakhstan has been parent-teacher meetings dedicated to cyber threats, in the context of an increase in the number of online threats to children. Such events were held in all schools. In addition, and I often say this: children's safety on the Internet is a common task that requires joint efforts of parents, educational institutions and society as a whole.
It is important to understand that parents cannot bear all the responsibility for not doing enough to combat cyber threats. Technology and the online environment are constantly changing, and they cannot always be aware of all the old and emerging risks.
Creating a safe online environment is only possible through joint initiatives, training and information for all participants in the process.
It is important to work together to raise awareness and develop effective strategies to protect children in the digital world.
Opening of the National Center for Artificial Intelligence
In 2025, the National Center for Artificial Intelligence will open in Astana. The use of AI in the development of the state, economy, and digitalization is certainly a huge step. There are clearly not enough specialists yet, which is natural, since the industry itself began to develop within the country relatively recently.
It would be nice if the AI function could help clean up the reference documents and finally issue only correctly written versions in all operating systems. This would help avoid errors when integrating systems. Another important area concerns citizens and their needs. Perhaps the state will be closer to people through predictive capabilities. But, of course, it is important to observe cybersecurity and moral and ethical issues here.
I would like to see advantages in the area of automation of work, as well as freeing up the working time of civil servants for some more interesting and important tasks.
AI can streamline routine processes such as application processing and document management, allowing civil servants to focus on more complex issues. With this free time, civil servants can focus more on engaging with citizens and developing new services. AI can also help make informed decisions by processing large amounts of data and reducing the likelihood of human error. However, to successfully implement these opportunities, it is important to consider the ethical, safe, and accessible aspects of technology for all citizens.
For example, in the area of providing or improving the quality of any services. It is in this vein that it is important for AI to work for us. But how this will be implemented in practice, time will tell.