Joint survey of analytical center TAdviser and Microsoft "Cyber Security in the Russian Companies", devoted to information security in the Russian segment of medium and small business, showed that 76% of the companies for the last year faced incidents in this sphere. At the same time data of Positive Technologies company show that more than a half of respondents of the SMB-companies consider risk of the purposeful attack (ART) of critical, and 80% of the companies are not sure of the readiness to resist to the attacks of this kind.
Main channels and purposes of the attacks
Most of the respondents polled by TAdviser and Microsoft noted that e-mail (66%) and external Internet resources (63%) became the main channel of threats, external drives (18%) and messengers (10%) follow further. At the same time 37% of respondents reported that money was the purpose of the attacks. On the second place — personal data (32%), and on the third — credentials (31%).
Representatives of some companies announced emergence of new types of the threats connected with mobile applications and devices. However use of programs racketeers was the most widespread method of the attacks: they were called by 54% of respondents. On the second place — DDoS (52%), go further the purposeful attacks and a phishing (on 39%). Within the poll only 15% of the companies reported that did not suffer damage as a result of cyber attacks, having successfully reflected them.
The research of Positive Technologies "the APT attacks by eyes of staff of the Russian companies" confirms that business recognizes risks of such attacks and as their result the SMB-companies most often see information leak (including, according to data of poll of Microsoft and TAdviser, because of insiders), destruction and substitution of data (on 32% and 23% respectively) and also in 22% of cases as effects from the attack selected simple infrastructure, in 18% — damage of reputation, 15% of respondents noted as an effect from cyber attack real financial loss.
Artem Sinitsyn, the program manager of information security of Microsoft in the countries of Central and Eastern Europe, commented on results of a research:
"We note growth of interest of cybercriminals in the SMB-companies, it is proved by a considerable share (39%) of the purposeful attacks. The staff of the companies to whom the attacks using means of social engineering are directed become "A weak link". For 2018 the average monthly indicator of the similar attacks grew by 4.5 times. At the same time we see that the SMB-companies reached a certain level of a maturity in approaches to providing Information Security: adequately estimate risk level and need of acceptance of effective measures. The companies already actively transform business: 39% of respondents confirmed the readiness to ensure functioning of geographically dispersed teams, including using mobile devices out of perimeter of corporate network (24%). At this stage it is crucial to outstrip actions of cybercriminals and to develop and also to apply pro-active strategy in cybersecurity."
According to a research of TAdviser and Microsoft, 48% of respondents consider regular trainings on cybersecurity for personnel as the most efficiently protection against cybercriminals, and 47% answered that use of means of cryptoprotection will help to avoid the attacks. Another 40% called the best protection against threats a regular software update, and 32% of respondents noted need of use of modern devices for risk minimization of cybersecurity.
The research of Positive Technologies shows that the SMB-companies in most cases already use standard means of protecting: antiviruses (in 85% of cases), IPS/IDS — 43%, in 37% of cases — firewalls (web application firewall, WAF). However after growth of threats of the company begin to use also such technologies for protection as sandboxes and the systems of the deep analysis of traffic (network traffic analysis) — on 33% and 20% respectively.
At the same time only 9% fall to the share of specialized solutions for protection against APT. Thus, the risk of APT is taken rather seriously today (including in SMB sector), but in practice approach to security does not correspond to new threats from cybercriminals yet.
"The cyber security of segments of large and small business cannot be considered separately from each other. This year showed that stories in which the large target organization is attacked through the less protected partner (i.e. the SMB-organization) from single cases turned into a trend. Therefore the aspiration of large business to increase the security logically can lead to growth of requirements in terms of cybersecurity for the companies of the market of SMB (for which capability to resist to cyber attacks can turn into competitive advantage)", — explains Alexey Novikov, the director of expert center of security of Positive Technologies (PT Expert Security Center).
According to him, key recommendations about increase in security of organinization can be considered the correct setup of technical means of protection, permanent data collection and processing about security events, the analysis of traffic and search of suspicious activity in infrastructure and also the correct response to incidents and high-quality recovery of systems.