hese results were shown by a joint survey conducted by K2 Cybersecurity and Garda Group. During the study, analysts interviewed more than 200 IT and IS directors of Russian companies, as well as senior specialists in the field of information security. According to the survey results, it turned out that almost half (42%) do not know about technologies for masking and depersonalizing personal data, 32% have only heard about the existence of such tools and only 23% use them to protect data.
Alexey Drozd, Head of the albania whatsapp resource Information Security Department at SearchInform, named problems with terminology and the information security maturity of companies as the reasons for the unpopularity of masking technologies: "There is no common denominator in the minds of specialists. Some call masking obfuscation, others mean replacing some data with others, etc. Mature companies in terms of information security understand the value of data, so they build comprehensive information security systems. Immature companies, accordingly, do not build information security or do it to a minimum. Therefore, most likely, they have not even heard of masking. And if they have heard, they considered it a complex and incomprehensible technology, and as a result, unnecessary."
Owner of the product "Sphere. Data Anonymization" of the "Sphere" platform Maxim Penkov emphasized that before implementing data anonymization tools, a business must be at a certain stage of the evolutionary path: have a well-established IT development cycle and a well-thought-out software production process.
Alexander Cherny, IT infrastructure architect for the Transformation Strategy practice at Reksoft Consulting, recalled that FSTEC recommends using masking technologies in Order No. 21, which was issued back in 2013: "I doubt that an active information security specialist, and especially an information security director, does not know what depersonalization of personal data is. Either the authors of the survey understand something else by the term "masking", or the question itself was posed in such a way that respondents misunderstood the context. Potentially, such survey results may indicate that the process of transferring personal data in most of the surveyed organizations is carried out only within the framework of current legislation and does not require depersonalization (for example, transferring data to the Federal Tax Service), or all of their ISPDN are classified no higher than the 4th level of protection."
"The number and volume of data leaks are growing rapidly. At the same time, a third of them are related to the compromise of large databases during transfer within the company or to third parties for solving various problems. Masking allows us to comprehensively solve this problem and create anonymous copies of databases that can be transferred to third parties without the risk of leaks and violations of regulatory requirements. The survey showed that, unfortunately, very few companies know and use such a necessary tool. This may be due, among other things, to the fact that only 20% of respondents turn to IT outsourcing," Vadim Katolik, Head of Business Application Protection at K2 Cybersecurity, commented on the survey results.