More than a third of Russian companies hope for the best
37% of respondents still do not protect web resources. At the same time, attacks have become more complex, and the number of attacks exploiting various software vulnerabilities has increased by more than a quarter.
According to the survey[1], conducted by KROC Cloud Services and the developer of the solution for the protection of web applications SolidWall, in the first half of 2023, 71% of Russian companies faced cyber attacks on their web resources. Most of them suffered simultaneously from several types of combined attacks. At the same time, 37% of respondents admitted that they still do not protect their web resources.
According to the results of the survey, DDoS attacks became the most common: 64% of respondents were affected by them. This simple type of attack is the mass generation of identical requests for resources, often using botnets or redirection vulnerabilities on third-party sites. While massive DDoS attacks distract security professionals, attackers often launch password hashes as part of an already targeted attack. 57% of respondents encountered this type of attack.
The number of attacks exploiting various software vulnerabilities increased by 28%. They are also often associated with DDoS. Last year, 15% of companies mentioned such attacks, and in the first half of 2023, 43% were already affected by them. They are mainly carried out using known vulnerabilities in Open Source components or popular frameworks and CMS. This is due to the fact that attackers now have many tools for their mass search on the Internet. Also, companies encounter encryption viruses quite often (18%).
Separately, there is a growing trend of attacks on mobile applications. At the same time, the level of their security does not increase. This is partly due to not the most effective methods of development and testing, and partly due to the low level of user literacy. This often gives the criminal access to the user’s data and devices. At the same time, the company deliberately does not eliminate some potential vulnerabilities for the ease of use of the program, for example: lack of two-factor authentication, password complexity requirements, etc. This situation will continue as mobile applications become more and more embedded in the lives of ordinary people, and the speed of application of secure development methods does not keep pace with business needs. The latter is aggravated by the general lack of specialists.
“The main trend related to threats to web resources is the growth of opportunities and simplification of the implementation of attacks. This is explained by the fact that specific tools and knowledge for finding, exploiting vulnerabilities, as well as using the obtained results are becoming available to a wider circle of cybercriminals,” Vyacheslav Zheleznyakov, director of business development at SolidSoft, said.
The survey revealed that 37% of companies’ web resources are not protected at all. The most popular means of protection were Anti-DDoS (63%), WAF (42%), Antibot (32%). The main barriers to deployment of own protection tools, in addition to underestimation of risks, are their high cost, long delivery times, connection and configuration, lack of necessary competences. All these factors contributed to the rapid growth of demand for protection tools. The number of such requests to the KROC Cloud has doubled over the past six months. Protection in three echelons: Anti-DDoS, Antibot and WAF proved to be the most effective in repelling attacks. They help neutralize DDoS attacks, filter botnet requests, protect web resources from cyber attacks in real time.
Today, the protection of the company’s web resources is a necessity for conducting a successful business. The growing demand for providing protection from the cloud has become a logical market response to increasing threats and the lack of ability for companies to provide security on their own. First, providing protections from the cloud allows you to significantly reduce the costs of their deployment and maintenance, while ensuring a high speed of implementation. Secondly, cloud protection allows you to guarantee continuous updates and monitoring, freeing the company from the need to spend resources on independent maintenance and infrastructure updates,” says Serhiy Zinkevich, director of the KROC Cloud Services business unit.
More details: https://cloud.croc.ru/
[1] The survey was conducted among 100 companies of medium and large businesses of various segments of the economy.