The objects of critical information infrastructure are hospitals, factories, telecom operators and many other enterprises. And if earlier cases under this article were isolated, then in 2022 last year there were already ten of them – several dozen.
Moreover, employees are blamed not so much for bad faith, but for negligence. RTM Group mentioned several real cases: accidentally deleting a file from the server, copying important data from a work computer to a home computer, logging into corporate systems from a home computer using high privilege accounts.
In order to avoid criminal prosecution, the RTM Group advised the heads of some organizations to find out from Russia’s Federal Technical and Export Control Service (FSTEC) whether their enterprises fall under the definition of a critical information infrastructure object. You should familiarize yourself with all the documents governing the security of the CII facility, if any, and strictly adhere to the requirements listed here.
Source: Ferra
