Information Security Incidents Survey in Russia

Survey among the largest companies - Top 100

Number of company’s hosts

Source:  Posi,ve  Research  Center,  Survey  among  CISOs  of  Top  100  companies,  May  2014    

Industries in the Survey

Did you have information security incidents in 2013?

All  the  companies  had  such  incidents.  

58%  of  all  incidents  affected  the  availability  of  internal  infrastructure  or  services.  

Incident types

Which threats are the most dangerous?

In fact …

•  2  vulners    –  to  hack  a  corporate  network’s  perimeter  

•  2  steps  (2013)            vs   3  steps  (2012)    

•  82%  successful  aQack  –  low  aQacker  qualifica,on  

•  100%  -­‐  control  cri,cal  resources  from  internal  network  (83%    -­‐  2012)  

Critical vulnerabilities fixing time

In fact … •  57%  system  -­‐  cri,cal  vulnerabili,es  (unpatched  soWware)  

•  57%  -­‐  2013      vs   45%  -­‐  2012  

•  32  month  -­‐  average  age  of  uninstall  updates      

•  Absolute  Champion  –  nine-­‐year-­‐old  vulnerability  (CVE-­‐2004-­‐0790)  

First-priority problems