Resilience is one of those words that best describes the people of Kazakhstan. Since their relatively recent independence in 1991, the nation had to face diverse challenges that threatened its national security. Nevertheless, in this country’s short history, the social, economic and political adversities have shown that Kazakhstanis are more than ready to work as hard as they can to develop their homeland in the best way possible. Today challenges still endure and Kazakhstan now has to face a major one: cybercrime.
One of the reasons why the country is vulnerable to cybercrime is the nature of the development of telecommunication infrastructure. This led the government to launch the Cyber Shield Program, scheduled for 2022. It proposes a modern system that would mitigate and prevent cyberattacks. This upcoming measure, added to other cybersecurity tools, has already allowed Kazakhstan to improve its resources. Evidence of this is that during the past year the number of SSL certificates doubled, the number of infected resources decreased by 4 times, and the number of defacements fell from 638 to 13.
Furthermore, during recent years, the country has improved its Global Cybersecurity Index from the 100th place to the 40th. And what’s more: Kazakhstan is determined to enter the top 20 countries in the upcoming five years.
So while Kazakhstan still remains vulnerable to cyberattacks that affect businesses’ growth and national security, it is safe to say that the evolving strategies in cyberintelligence and monitoring are showing a good promise for the country’s cybersecurity landscape. Let’s explain in more detail the functionalities of Kazakhstan’s online space, the actions taken by the public and private institutions, and the potential for the future.
A target for attackers
There are different antecedents that explain the actual cybersecurity vulnerabilities of Kazakhstan. To begin with, during the past decade, Kazakhstan has rapidly developed its information technology infrastructure. As a matter of fact, last year the government launched the Digital Kazakhstan program, aiming to improve the quality of life of the country’s citizens through the digitization of the economy, the transition to digital government, the implementation of the Digital Silk Road – connecting rural areas to the Internet – and the creation of an innovative ecosystem.
Such digital improvements allowed people to equip themselves better and faster in terms of digital tools. The proportion of Kazakhstanis using payment cards started to grow exponentially. Moreover, since all government services adopted the feature that allows the usage of digital signatures for identification, the time that takes to register a new business was reduced to only ten minutes.
Unfortunately, the consequence of such a rapid shift towards digitization was that foreign hacker groups started to see Kazakhstan as a tasty target. In other words, the efforts to modernize the country weren’t necessarily accompanied by education on cyber-hygiene and cyber defense.
Currently, there is a large epidemic of attacks on websites and more than 30,000 websites are hacked daily all over the world. The most common attacks target WordPress CMS modules, as those are the most popular ones in Kazakhstan. When attackers find even the smallest vulnerability on one of its modules, it gives them access to more than 1000 web-resources. Hackers use these sites to infect end-users, steal their sensitive personal data, publish defaced websites with extremist or terrorist slogans, or just use them as part of their botnet to send spam or viruses. Despite the changing threat landscape, only 3% of web resource owners in the world use security features.
The resilience movement
Back in 2013, the President of Kazakhstan announced the “Cyber-shield” program. The first step of this comprehensive strategy was to develop cybersecurity solutions to improve regulatory documents and the law. To accomplish that, the state requested a monitoring system for the entire .kz domain zone – more than 150,000 domains. The result of this was a decrease in the response time of computer incidents from 30 days to 1.
This year, the Ministry of Digital Development, Innovations and Aerospace industry of the Republic of Kazakhstan began to work out issues with infected resources and reduced its number by 4 times. In addition, the number of defacement attacks fell from 630 to 13. All of these improvements took place in less than one year.
Today, the same ministry constantly surveils the cyber-space of Kazakhstan and is aware of where the attacks are coming from and which hacker groups are attacking. In fact, the state works along with a cybersecurity company, WebTotem, and thanks to its services, cyberattacks to the websites of the Ministry of Defense of the Republic of Kazakhstan and the Ministry of Foreign Affairs were prevented. At the same time, 300 private organizations with critical infrastructure improved their security system thanks to the same company.
Furthermore, Kazakhstan is much more prepared for mass attacks. Actually, thanks to innovative tools, major aggressions of this type have been prevented. One of them was the prevention of the feared ransomware worm Wannacry. Two months before the large-scale attack, state websites with vulnerabilities were warned, allowing the information system owners to work on an effective protection strategy. In the end, Wannacry, the virus that affected almost 100 countries in 2017, did not hurt Kazakhstan at all.
The challenge of cybersecurity in Central Asia is undeniable. However, the diligent Kazakhstani monitoring strategy has allowed the country to proactively respond to attacks. But, this is just the first phase. What should come next is a default solution accessible to every person, and not just to the state or corporations. In this way, website basic protection could become the right of every website owner. In addition, cybersecurity should be more integrated with Smart Cities’ solutions to improve public digital services and the overall citizens’ wellbeing. As cyberattacks will not cease but will get more sophisticated and change through time, in the coming years ensuring security should be as easy as building websites.