Information Security Incidents Survey in Russia
1 like1,040 views
An information security survey was conducted among the top 100 companies in Russia in 2014. The survey found that all companies experienced information security incidents in 2013, with 58% affecting internal infrastructure availability. The most common threats were vulnerabilities allowing network perimeter hacking in 2 steps, with 82% of attacks being successful despite low attacker qualification. Unpatched software left 57% of systems vulnerable to critical vulnerabilities, and some updates took as long as 9 years to install.
1 of 12
Downloaded 17 times
More Related Content
Ad
Viewers also liked (19)
Ad
Similar to Information Security Incidents Survey in Russia (20)
More from Positive Hack Days (20)
Recently uploaded (20)
Information Security Incidents Survey in Russia
- 2. Information Security Incidents Survey in Russia
- 3. Survey among the largest companies - Top 100 Number of company’s hosts Source: Posi,ve Research Center, Survey among CISOs of Top 100 companies, May 2014
- 4. Industries in the Survey
- 5. Did you have information security incidents in 2013? All the companies had such incidents. 58% of all incidents affected the availability of internal infrastructure or services.
- 7. Which threats are the most dangerous?
- 8. In fact … • 2 vulners – to hack a corporate network’s perimeter • 2 steps (2013) vs 3 steps (2012) • 82% successful aQack – low aQacker qualifica,on • 100% -‐ control cri,cal resources from internal network (83% -‐ 2012)
- 9. Critical vulnerabilities fixing time
- 10. In fact … • 57% system -‐ cri,cal vulnerabili,es (unpatched soWware) • 57% -‐ 2013 vs 45% -‐ 2012 • 32 month -‐ average age of uninstall updates • Absolute Champion – nine-‐year-‐old vulnerability (CVE-‐2004-‐0790)