Financial Crime World

Banking Cybersecurity Threats in Kazakhstan: ‘Cyber Shield’ Concept Implemented to Boost Readiness

A Comprehensive Approach to Addressing Cybersecurity Concerns

In a recent interview, Ruslan Kenzhebekovich Abdikalikov, Chair of the Information Security Committee formed under the Republic of Kazakhstan’s Ministry of Digital Development, Innovation and Aerospace Industry, discussed the country’s efforts to address banking cybersecurity threats. Kazakhstan has implemented its national “Cyber Shield of Kazakhstan” cybersecurity concept, which aims to boost the country’s readiness to prevent and respond to incidents.

Origins of the Cyber Shield Concept

The concept was approved in 2017 after President Nursultan Nazarbayev instructed the government to create a comprehensive plan to protect the country’s information and communication technologies (ICTs). A working group consisting of parliamentarians, representatives of state bodies, professional and industry associations, higher educational institutions, and the industry developed the concept.

Measures to Boost Cybersecurity

The resulting document outlines measures to:

  • Boost legal and industrial culture of cybersecurity
  • Improve the country’s readiness to prevent and respond to incidents
  • Provide basic definitions and explanations to raise general awareness about threats

Key problems identified during the development process included:

  • Insufficient awareness among citizens about cybersecurity threats
  • Shortage of information security professionals
  • Inadequate information protection infrastructure
  • Neglect by organizations of information security requirements
  • Limited trust in the public sector
  • Risks associated with the provision of electronic public services

Progress and Successes

Kazakhstan has made significant progress in implementing its Cyber Shield concept, moving up from 103rd place to the 31st in just three years according to the International Telecommunication Union’s Global Cybersecurity Index (GCI). The country scores high on four of the five GCI criteria: legal, technical, organizational, and cooperation.

Achievements

To achieve this success, Kazakhstan has:

  • Established a separate body responsible for implementing state policy on cybersecurity
  • Created a national coordination centre and dedicated information security centre for the financial sector
  • Nurtured domestic ICT solutions, equipment, and software production

The country also plans to intensify efforts to educate the public and develop its legal framework for information security inspectors and Bug Bounty sites.

Strengthening Cybersecurity Across the CIS Region

In terms of strengthening cybersecurity and personal data protection across all CIS countries, Abdikalikov suggests that essential criteria must be in place, including:

  • Legislative and regulatory frameworks for people’s data and personal data protection
  • State structures dealing with personal data protection and individual rights
  • Public awareness about rights and freedoms to be protected as personal data is collected and processed
  • Technical and organizational measures to prevent leakage of personal data
  • Administrative and criminal liability for illegal actions with personal data
  • State safeguards for legitimate collection, processing of personal data with proper protection measures