84% of Russian companies have vulnerabilities allowing access to confidential corporate information in their IT systems. Moreover, 58% of organizations have at least one site with a hole for which there is publicly available hacker software. There is open access software for cracking under 10% of all identified vulnerabilities, which means that such a security gap can be exploited by an attacker without professional programming skills. This follows from Positive Technologies’ testing of 19 large companies from different sectors of the country’s economy.
The experts studied the security of their IT systems. A total of 3514 nodes were scanned, including network devices, servers and workstations of organizations.
First of all, vulnerabilities are associated with the use of outdated software versions that contain known security holes. Problems with the availability of updates were found in all companies, while 47% of the identified gaps can be eliminated by installing the latest software versions, said Ekaterina Kilyusheva, head of the research group of the information security analytics department at Positive Technologies.
Security holes in IT systems can lead to theft of funds and customer data, unavailability of services, complete destruction of corporate information and, as a result, disruption of key business processes, said Alexei Pavlov, head of the promotion of Solar JSOC services at Rostelecom.