The FINANCIAL — Cyber crime including cyber espionage is on the rise in Georgia as a result of the increased computerization rate of Georgian society.
The FINANCIAL — Cyber crime including cyber espionage is on the rise in Georgia as a result of the increased computerization rate of Georgian society. Georgian society on the whole, including state organizations and private businesses, tends to be moving toward an electronic format without clear knowledge of all the risks involved, Georgian digital security experts say. The country’s information protection indicator is very low and cyber crime does not encounter any particular obstacles in Georgia, experts agree.
Recently, representatives of the Constitutional Security Department of Georgia were arrested for a cyber attack on political figures. According to the experts, this was a huge mistake on the part of the state.
“The country has to use its potential for protecting informational security properly and not to its detriment,” said Lasha Pataria, Founder and Director of Caucasus Academy of Security Experts as well as Information Security Studies and Analysis Center. “Georgia has not learned its lesson from when the country experienced the first cyber war in the world. The fact that the Constitutional Security Department was monitoring the lives of political figures by spying and listening in on them is a crime and shows a clear lack of competence on their part. This is more than just a single crime. It shows that Special Service has had significant oversights. They could have used the potential of these young people in much more constructive ways.”
The new government claims that they will only make records of private phone conversations if they relate to state security. “The policy of mass-recording phone conversations will soon be abolished,” said Irakli Gharibashvili, Minister of Internal Affairs. “I don’t yet know if mobile operators are guilty in this as well, but everything will be carefully controlled from now on. No one will have the possibility to break the law or the country’s constitution in this regard.”
“Nowadays corporate espionage is at the highest level of development. “Globally this is a result of the fact that it is very effective, cheap and widely available. The local situation is even more critical, which is due to a lack of sector regulations, the insufficient readiness of relevant organizations to react to certain cases, and lots of insider cases,” Pataria said.
The occurrence of cyber attacks on private enterprises is common as well. The banking sector seems to be the most protected in terms of informational security but the overall situation is very poor, experts say.
“Both the state as well as business is still far from having good systems of protection. In general awareness of cyber crime and how to protect against it is very low. But still the system is most developed in the banking sector,” said Irakli Lomidze, Head of the Division of Informational Politics and Security at the Data Exchange Agency.
Experts advise the use of legalized systems and programmes aimed at protecting information, but as anonymous network admin says, this is not enough. “Companies need more control. I advise everyone to update any programme they might already have, as new versions have stronger protection systems. This concerns both organizations and individuals. At the same time, in general computer systems are automatically checked just once a day, which is not often enough.”
Pataraia claims that administrative procedures are essential for protecting informational leakage as well.
“There is no one mechanism that protects any kind of company. As well as technical resources companies should use administrative mechanisms in terms of the optimization of their management as well as trainings for their staff. Trainings starting with basic safety for all employees, and ending with people who have special access and privileges, are essential for each company. Cyber espionage has no borders and therefore the range of dangers is colossal.”
In terms of State Sponsored Cyber Espionage the main target categories are big databases including registries accounting for the population, strategic resources, financial institutions including budget information and treasury transactions. The methods of intelligence are different and for example Open Source Intelligence doesn’t need any special technologies and is as effective as other methods. ERP (Enterprise Resource Planning) systems are one of the main targets for corporate espionage as these systems integrate internal and external management information across an entire organization, embracing finance/accounting, manufacturing, sales and service, customer relationship management etc.
Companies involved in financial activities are the main targets of cyber attacks. There are lots of ways to steal a sum from another’s account. To do this a cyber criminal must know the credit card number of the victim and their personal information. Theft of this sort of information can be carried out in different ways. The most common ways are Phishing and attacks with Trojan viruses.
“The victims of cyber crime are most often famous commercial companies which keep a database of their users’ information. Computer criminals steal this data and then sell it on the black market,” said Irakli Gvenetadze, Chairman of the Data Exchange Agency.
Cyber criminals can mislead consumers and carry out attacks via social networks. The most widespread methods are by creating false profiles of acquaintances and being added as a friend so as to get access to additional info, as well as sharing falsely ‘urgent’ information to mislead users and infect them with viruses.
Georgia recently improved the legislation with a new security law which makes it obligatory for the whole Critical Infrastructure to ensure cyber security. Critical infrastructure is a unity including assets that are essential for the functioning of society and the economy. These facilities include electricity, gas and oil production, transport and distribution, telecommunication, water supply, agriculture, heating, public health, transportation systems, financial services and security services. This is of accelerating importance for the development of security systems.
“Protecting cyber security is obligatory but how it will be punished is not yet determined,” Pataraia noted. “It is good that the legislation is improving but it is not corresponding to the reality at present.”
The legislation is gradually getting upgraded, prosecutors as well as judges are being trained. But there are no good lawyers who can protect citizens’ interests. Therefore they have less of a chance of having adequate sentencing.
In spite of the poor situation companies confirm that they spend a great deal of money on informational security. “Billions of dollars are being spent on cyber security worldwide. Georgia is no exception. Local banks spend millions of dollars on cyber defence,” claimed George Chirakadze, President of UGT Holding. “Georgia is currently not succeeding in upholding cyber security, despite the fact that many private and public companies are showing significant interest in it. The reason for this is that cyber security requires huge investments, qualified specialists and even then you are not one hundred percent secured. Since 2008 Georgian organizations have increased their investments in cyber security, but there is no uniform policy.”
“Cyber security is essential for integrating with NATO. Cyber security issues are classed on a military level. Georgia is aspiring to join the EU and NATO and one of its main requirement is the adequate protection of information. Therefore informational infrastructure should be organized as it is necessary for NATO countries. So how security issues will be set in Georgia is one of the main criteria for NATO integration,” Pataraia said.
“Nowadays cyber danger means military danger,” he added. “Recently the USA stated that they will respond to massive cyber attracts with military activity. This proves just how important cyber security is considered on a global level.”
Discussion about this post