Upload
positive-hack-days
View
326
Download
0
Embed Size (px)
Citation preview
Information Security Incidents Survey in Russia
Survey among the largest companies - Top 100
Number of company’s hosts
Source: Posi,ve Research Center, Survey among CISOs of Top 100 companies, May 2014
Industries in the Survey
Did you have information security incidents in 2013?
All the companies had such incidents.
58% of all incidents affected the availability of internal infrastructure or services.
Incident types
Which threats are the most dangerous?
In fact …
• 2 vulners – to hack a corporate network’s perimeter
• 2 steps (2013) vs 3 steps (2012)
• 82% successful aQack – low aQacker qualifica,on
• 100% -‐ control cri,cal resources from internal network (83% -‐ 2012)
Critical vulnerabilities fixing time
In fact … • 57% system -‐ cri,cal vulnerabili,es (unpatched soWware)
• 57% -‐ 2013 vs 45% -‐ 2012
• 32 month -‐ average age of uninstall updates
• Absolute Champion – nine-‐year-‐old vulnerability (CVE-‐2004-‐0790)
First-priority problems