17.12.2024 11:57:00
Дата публикации
The specialized publication Bluescreen interviewed the Chairman of the Information Security Committee (ISC) of the MCRIAP Ruslan Abdikalikov.
The focus is on the key challenges of 2024, problems with data leaks and the future of cybersecurity. Here are the main points of the conversation, revealing the plans and initiatives of the department.
At the beginning of the year, Kazakhstan faced one of the largest leaks of personal data, which could provoke an increase in fraud and revealed weaknesses in the information security system.
In response, the state continued to develop industry information security centers in the financial sector and plans to expand them to the areas of healthcare, education and transport.
One of the most important data protection tools has become the state access control service (ACS), which allows citizens to manage their consents to the transfer of personal data.
The service sends notifications via SMS or the eGov portal, giving the opportunity to confirm or reject the request. The system already helps to limit unauthorized access to sensitive data.
In 2024, the Committee focused on clarifying the definition of personal data and proposed dividing data into digital identifiers (IIN, phone number) and full personal data (full name).
This approach will allow companies to safely process digital identifiers without risking the privacy of citizens, and access to full names will be strictly controlled through government databases.
Particular attention is paid to toughening penalties for data leaks. The Majilis is considering a bill to increase fines, including turnover fines, which will depend on the company's annual income.
Ruslan Abdikalikov emphasized that penalties should be tangible for businesses to ensure real compliance with the law.
The CIB is also working to strengthen interaction with citizens through the e-otinish platform. The number of complaints about violations in the field of data protection has increased 50 times - from 200 to more than 10 thousand in a year.
According to Abdikalikov, citizens' activity is a positive signal that helps identify problem areas and improve data protection mechanisms.
In addition to personal data, the committee pays attention to combating online fraud.
Together with mobile operators and banks, anti-fraud centers have been created that block fraudulent calls and suspicious financial transactions.
The plans include launching a single call center that will quickly identify and prevent fraud attempts before damage is caused.
To improve digital literacy among the population, educational portals citizensec.kz and nomadguard.kz were launched. The first is aimed at raising awareness of fraudulent schemes, and the second is aimed at creating a registry of compromised data.
Citizens will be able to independently check whether their data has been made publicly available and receive recommendations on how to protect personal information.
Ruslan Abdikalikov noted that the future of cybersecurity in Kazakhstan is associated with a self-regulating ecosystem, where businesses, citizens and government agencies will work together to eliminate threats.
In the future, the CIB plans to introduce the institution of private inspectors who will help monitor compliance with security standards.
At the same time, the head of the CIB emphasized that the problem of cybersecurity will not disappear completely: threats will exist as long as digitalization develops.
The task of the state is to create conditions under which market participants themselves will strive to strictly comply with security standards.
(the text translation was done automatically)
The focus is on the key challenges of 2024, problems with data leaks and the future of cybersecurity. Here are the main points of the conversation, revealing the plans and initiatives of the department.
At the beginning of the year, Kazakhstan faced one of the largest leaks of personal data, which could provoke an increase in fraud and revealed weaknesses in the information security system.
In response, the state continued to develop industry information security centers in the financial sector and plans to expand them to the areas of healthcare, education and transport.
One of the most important data protection tools has become the state access control service (ACS), which allows citizens to manage their consents to the transfer of personal data.
The service sends notifications via SMS or the eGov portal, giving the opportunity to confirm or reject the request. The system already helps to limit unauthorized access to sensitive data.
In 2024, the Committee focused on clarifying the definition of personal data and proposed dividing data into digital identifiers (IIN, phone number) and full personal data (full name).
This approach will allow companies to safely process digital identifiers without risking the privacy of citizens, and access to full names will be strictly controlled through government databases.
Particular attention is paid to toughening penalties for data leaks. The Majilis is considering a bill to increase fines, including turnover fines, which will depend on the company's annual income.
Ruslan Abdikalikov emphasized that penalties should be tangible for businesses to ensure real compliance with the law.
The CIB is also working to strengthen interaction with citizens through the e-otinish platform. The number of complaints about violations in the field of data protection has increased 50 times - from 200 to more than 10 thousand in a year.
According to Abdikalikov, citizens' activity is a positive signal that helps identify problem areas and improve data protection mechanisms.
In addition to personal data, the committee pays attention to combating online fraud.
Together with mobile operators and banks, anti-fraud centers have been created that block fraudulent calls and suspicious financial transactions.
The plans include launching a single call center that will quickly identify and prevent fraud attempts before damage is caused.
To improve digital literacy among the population, educational portals citizensec.kz and nomadguard.kz were launched. The first is aimed at raising awareness of fraudulent schemes, and the second is aimed at creating a registry of compromised data.
Citizens will be able to independently check whether their data has been made publicly available and receive recommendations on how to protect personal information.
Ruslan Abdikalikov noted that the future of cybersecurity in Kazakhstan is associated with a self-regulating ecosystem, where businesses, citizens and government agencies will work together to eliminate threats.
In the future, the CIB plans to introduce the institution of private inspectors who will help monitor compliance with security standards.
At the same time, the head of the CIB emphasized that the problem of cybersecurity will not disappear completely: threats will exist as long as digitalization develops.
The task of the state is to create conditions under which market participants themselves will strive to strictly comply with security standards.
