ESET: 90% of Russian Businesses Have Faced External Cyber Threats

Experts from ESET conducted a comprehensive study on the state of information security in Russian companies, surveying dozens of IT directors and business owners. According to the results, 90% of Russian companies have encountered external cyber threats, and about 50% have also faced internal threats.

Among external cyber threats, spam leads the way—65% of respondents selected it in a multi-choice survey, which is slightly below the CIS average of 73%. Additionally, 47% of companies suffered from various types of malware. The spread of malicious software is closely linked to the activities of spammers and phishers, who aim to lull employees into a false sense of security and trick them into clicking on malicious links or downloading dangerous files.

A notable example is a cyberattack where victims downloaded ransomware (about 35% of Russian companies encountered ransomware) and banking trojans disguised as business documents from websites promoted through malicious advertising banners. Users often landed on these sites via legitimate portals, including specialized accounting and legal websites.

Many respondents noted that malware often ended up on devices due to employees themselves, who used unverified external drives or installed unwanted software.

Additionally, 7% of respondents reported incidents where employees lost corporate smartphones, tablets, or laptops containing confidential information.

Internal Security Challenges

It is worth noting that specialists in the CIS more frequently face internal information security issues (the average for Russia is 50%, while for the CIS it is 68%). At the same time, Russian companies have had to fend off more serious threats such as DDoS attacks, phishing, and ransomware.

Employees with access to personal data do not always have sufficient knowledge of security protocols when handling confidential information. As a result, one in five companies in Russia has suffered from accidental data leaks. Russian IT managers are particularly concerned about protecting employees’ personal data (60%), partly due to stricter domestic data protection regulations.

Cybersecurity Measures and Trends

Given the relevance of information security issues, most companies in Russia are taking steps to counter cyber threats. 90% of respondents reported using antivirus solutions, 45% monitor the use of external drives, 26% have implemented systems to protect financial transactions, and 28% are actively combating DDoS attacks.

Outsourcing is becoming increasingly popular in the field of information security: 15% of those surveyed said they hire third-party companies for security audits. Currently, outsourced security is one of the key trends in cybersecurity.

As of the end of 2019, 5% of Russian companies were dissatisfied with their information security status and wanted to increase their budgets. Moreover, as the number of computers grows, so does dissatisfaction and the desire to boost information security spending. There is also a global shortage of information security professionals, making it difficult to build effective security systems.