In the early 2010s, Kazakhstan reported receiving 85% of the internet attacks in Central Asia and nearly half of its web users were subject to online attacks. Nevertheless, during the past couple of years, the country has improved its Global Cybersecurity Index from the 100th place to the 40th.
One of the reasons why the country is vulnerable to cybercrime is the fragile telecommunications infrastructure. This led the government to prepare the Cyber Shield Program, which is planned to be completed before 2022. It proposes a modern system that would mitigate and prevent cyberattacks. This upcoming measure, added to other cybersecurity tools, has already allowed Kazakhstan to improve its resources.
Evidence of this is that during the past year the number of SSL certificates doubled, the number of infected resources decreased by 4 times, and the number of defacements fell from 638 to 13.
Kazakhstan still remains vulnerable to cyberattacks that affect businesses’ growth and national security. However, the evolving strategies in cyberintelligence and monitoring are showing a good promise for the country’s cybersecurity landscape.
What exactly makes Kazahkstan vulnerable to cyberattacks and what solutions have proven to be effective?
Rapid digitalization turned Kazakhstan a sudden target
The rapid development of Kazahkstan’s information technology infrastructure and the launch of the Digital Kazakhstan program allowed people to equip themselves better and faster in terms of digital tools. For example, the proportion of Kazakhstanis using payment cards started to grow exponentially.
Moreover, since all government services adopted the feature that allows the usage of digital signatures for identification, the time that takes to register a new business was reduced to only ten minutes.
Unfortunately, the consequence of such a rapid shift towards digitization was that foreign hacker groups started to see Kazakhstan as a tasty target. In other words, the efforts to modernize the country weren’t necessarily accompanied by education on cyber-hygiene and cyber defense.
Currently, there is a large epidemic of attacks on websites and more than 30,000 websites are hacked daily all over the world.
The most common attacks target WordPress CMS modules. Unfortunately, those are the most popular CMS used in Kazakhstan. When attackers find even the smallest vulnerability on one of its modules, it gives them access to more than 1000 web-resources. Hackers use these sites to infect end-users, steal their sensitive personal data, publish defaced websites with extremist or terrorist slogans, or just use them as part of their botnet to send spam or viruses.
Despite the changing threat landscape, only 3% of web resource owners in the world use security features.
More government control reduced cyberattacks
Back in 2013, the President of Kazakhstan announced the “Cyber-shield” program. The first step of this comprehensive strategy was to develop cybersecurity solutions to improve regulatory documents and the law. To accomplish that, the state requested a monitoring system for the entire .kz domain zone – more than 150,000 domains. The result of this was a decrease in the response time of computer incidents from 30 days to 1.
This year, the Kazakhstani Ministry of Digital Development, Innovations and Aerospace industry began to work out issues with infected web-sites to a quarter. In addition, the number of defacement attacks fell from 630 to 13. All of these improvements took place in less than one year.
Today, Kazakhstan is much more prepared to prevent mass attacks. A key achievement was the prevention of the ransomware worm Wannacry. Two months before the large-scale attack, state websites with vulnerabilities were warned, allowing the information system owners to work on an effective protection strategy. In the end, Wannacry, the virus that affected almost 100 countries in 2017, did not hurt Kazakhstan at all.
“Wannacry, the virus that affected almost 100 countries in 2017, did not hurt Kazakhstan at all.”
The challenge of dealing with cybersecurity threats in Central Asia is difficult. However, the diligent Kazakhstani monitoring strategy has allowed the country to proactively respond to attacks. However, this is just the first phase.
What should come next is a default solution accessible to every person, and not just to the state or corporations. As cyberattacks will not cease but will get more sophisticated and change through time, in the coming years ensuring security should be as easy as building websites.
Disclosure: The author of this article is a client of an Espacio portfolio company. 150sec applies the same editorial policy for all external contributions. For more information, please refer to our contributor guidelines.