Analysts named the main cyber threats to companies in Russia

In 2024, the number of attacks on companies in Russia increased by more than 20%, according to data from Bastion analysts, which was reviewed by Izvestia on March 10. Attackers are increasingly acting for financial gain. At the same time, companies are actively strengthening their protection. Experts told us which threats remain the most relevant.

The main risks include attacks using ransomware, phishing mailings, and DDoS campaigns. In addition, analysts pointed out that the trend of attacks through contractors is increasing — attackers gain access to large companies through hacking less secure suppliers.

"Russian business is no longer limited to antivirus and basic protection measures. Among the most demanded practices are the introduction of multi—factor authentication for all employees and contractors, regular information security audits of external partners, as well as the transition to centralized security monitoring systems (SOC)," the information security company said.

At the same time, organizations are increasingly automating incident response by connecting SIEM and SOAR systems.

From a black approach: hackers have quadrupled their attacks on Russia

The public sector, postal services and cargo and passenger transportation were among the most affected industries.

Experts noted that more than 60% of successful attacks start with phishing, which is why companies are strengthening their cyber literacy programs. Regular training sessions, phishing attack simulations, and gamified courses are becoming standard practice.

Speaking about the positive developments in the market, analysts clarified that information security is no longer solely the area of responsibility of IT departments and is becoming a strategic focus. Medium and even small businesses are investing more actively in data protection. At the same time, companies are moving to platform solutions that combine perimeter protection, incident management, work with contractors and staff training into a single ecosystem.

"Partnerships with information security companies are becoming strategic and long—term - this allows businesses not just to respond to threats, but to work ahead of the curve," the experts added.

The experts also explained that the financial motivation of the attackers remains key, but at the same time, cybercriminals are increasingly seeking to gain a foothold in the company's network for a long time, gaining steady access to data and systems. The frequency of such attacks remains consistently high, and their number is growing annually.

"We are detecting malware attacks that domestic companies have not encountered before," they said.

According to them, companies that have already built effective protection recommend: conducting regular audits of the entire supply chain; periodically conducting stress tests and cyber training for staff; reviewing access control policies — minimum privileges for each employee and contractor should become the norm. In addition, early attack detection systems should be implemented and a security culture should be established within the company, when each employee understands exactly how they affect business protection.

"The year 2024 has shown: Russian business is no longer a passive victim of attacks. Companies have learned to adapt faster to new threats, strengthened their interaction with information security partners, and stopped considering cybersecurity as an exclusively technological task. Information security is becoming part of the business strategy, which means that the level of resistance to cyber threats will continue to grow," the analysts concluded.

Earlier, on March 5, it was reported that hackers were four times more likely to attack the web resources of Russian companies in 2024 compared to 2023. This was reported to Izvestia by cybersecurity companies. The average number of web attacks increased from 15 million to 65 million events per month.