Growing information attacks and open testing: new cybersecurity trends
“The number of attacks is only growing”
In the last three months, the number of cyberattacks has increased almost 10 times. This was announced during a press conference at the 2024 Kazan Digital Week forum by Director of Digital Transformation at Innostage Ruslan Suleymanov. According to him, the company has repelled more than 360,000 attacks.
“Practice shows that the number of attacks is only growing. There are already many cases. This suggests that any company is susceptible to cyberattacks by intruders. One of the trends is an attack through the supply chain, an attack through trusted partners. Large companies have partners or subsidiaries that are less protected, and any hacking attempts are carried out through them. Also through the supply chain — through vendors, through integrators,” added head of Innostage SOC CyberArt Maxim Akimov.
According to him, in the last few of years, about 94 million pieces of data have leaked online — “more than half of the population of our country.” To solve the problem, it is necessary to systematically form the country's information security policy.
“To assess the risks of damage from attacks, you need to see what resources are important for a particular organisation. We have defined unacceptable events for ourselves — loss of financial resources. Most often, financial losses are very difficult to calculate, reputational ones are easier. From them, you can estimate the material potential losses — you can lose current and potential clients,” Akimov answered the moderator's question about risk assessment.
“You need to pay white hackers”
To combat attackers, you need to use the methodology of open cyber tests, the speakers are sure. During them, the so-called “white hackers” look for vulnerabilities of the company, which helps to close the gaps and improve the company's cybersecurity.
“You should never pay attackers. But you can and should pay white hackers. This tests the real security of your company. They will show what routes attackers can use to get into your structures,” Akimov answered a question about the trend of paying for white hat hackers.
Suleimanov agreed with his words:
“You can't pay hackers, but we are talking about attackers. <...> Open cyber tests are studies within the legal framework of a company's cyber resilience. This is good for the industry, Russia in general, and for the entire community that deals with cyber security. This is an independent story, it helps a company understand its level of cyber security: whether the target level has been achieved.”
Open cyber research allows companies to identify most of the current attack methods and find a way to repel them, Suleymanov said. “New methods for hackers are constantly appearing, it is impossible to predict them.”
“Unfortunately, security specialists in this story are more likely to catch up than to get ahead. We have to comply and look for new ways to protect ourselves, Akimov explained.
Suleymanov also said that the company has increased payments for a researcher who can transfer up to 200,000 rubles from an organisation's account to an account controlled by a hacker. Previously, this amount was 5 million rubles, now it is 10 million.