On one hand, the necessary legal foundation for the development of the industry is being created. On the other hand, there are still many myths and misconceptions in this field.
Dastan Omuraliev, the head of TSARKA Kyrgyzstan, shared common misconceptions and provided recommendations for protecting businesses, as well as discussed the myths that exist in the field of cybersecurity in Kyrgyzstan.
Myth #1: A security budget should only be allocated after an incident
One of the main problems is that many organizations start allocating funds for cybersecurity only after an incident occurs. In calm situations, such expenses are perceived as excessive.Conclusion: without a constant budget, it is impossible to create reliable infrastructure protection, train personnel, and organize an incident response system.
Myth #2: A strong password provides complete security
Dastan Omuraliev claims that a strong password is just a minimal level of protection. Studies show that two-factor authentication (2FA) reduces the risk of hacking by up to 99.9%. However, not all methods of two-factor protection are equally reliable.For example, SMS codes can be easily intercepted. Last year, the possibility of intercepting an SMS message using available tools was demonstrated in Kazakhstan.
Even simple measures, if implemented correctly, can significantly reduce risks for users and companies.
Myth #3: Small businesses are not interesting to hackers
Many believe that cyberattacks threaten only large organizations and banks. In reality, any company possessing confidential or personal data can become a target for attacks.According to global data, more than half of all cyberattacks are aimed at small and medium-sized businesses.
Dastan Omuraliev noted that in Kyrgyzstan, there is already liability for the leakage of citizens' personal data, and compliance with data protection laws will be strictly monitored.
Myth #4: Antivirus software solves all problems
Antivirus is just one part of a protection system, but not its complete solution. It cannot prevent all types of threats. There is also a belief that all attacks come from outside.It is important not only to install software solutions but also to develop internal processes, train employees, and control access to information.
Myth #5: One system administrator can solve all problems
In some organizations, the functions of IT and cybersecurity are performed by one specialist. He is often considered a universal protector. However, even an experienced administrator cannot ensure an adequate level of security without specialized knowledge and support from management.Dastan Omuraliev emphasized that employers face a shortage of qualified personnel, as out of 80 students entering specialized faculties, only 6-7 graduate.
This necessitates retraining new employees, which takes time. Therefore, government and private structures are working with universities to update educational programs.
Myth #6: Hackers operate alone
In reality, this is an organized group. It can have hundreds of participants who may not even meet each other. Such a structure includes hackers, PR specialists, negotiators, financiers, and others.Dastan Omuraliev noted that companies are increasingly creating or connecting to security operation centers (SOC) to effectively counter threats.
To ensure the functioning of the SOC around the clock, at least six analysts are required, and their training takes a lot of time. This is a significant investment, but without it, it is impossible to create reliable protection.
