Companies are constantly faced with new threats to information security. Together with an expert, we figure out what to prepare for and what solutions will help protect your business
Cybersecurity Trends
— How has the cyber threat landscape changed over the past year?
— The number of cyberattacks is growing, and the methods used by attackers are becoming more diverse. Thus, in 2024, the number of incidents increased by 16% compared to 2023, and more than 30 new attack techniques appeared. These include methods for gaining unauthorized access to data and approaches to overcoming protective barriers. Social engineering methods are also improving. According to our data, 88% of attacks on individuals and 50% of attacks on companies use psychological deception methods rather than complex technical tricks.
Today, fraudsters are actively mastering social networks and instant messengers — their use in attacks has increased by at least 10% (in the fourth quarter of 2024 compared to the previous one. — RBC Trends ). Attackers can use a person’s personal data, hacked accounts of their acquaintances, and create fake videos from colleagues to steal confidential information.
The situation with vulnerabilities in operating systems is a concern. This concerns Windows, which has been on the market for decades. In 2024, more than 1,000 new security vulnerabilities were discovered in it, and more than 3,700 in Linux . This situation completely refutes the myth that this operating system is more secure than Windows and that it is not susceptible to infection. The difficulty for the Russian market is that Linux is now being actively implemented in many companies, and development is being carried out on it for educational services, healthcare, and other government programs. This, naturally, creates new challenges, because adaptation to the specifics of domestic organizations can lead to the emergence of vulnerabilities that open the door to cybercriminals.
— Where else might there be weak points in corporate security?
— Previously, when employees worked in the office on corporate, often stationary computers, the company’s cyber defense strategy was focused on creating a secure perimeter. For example, it included installing a good firewall .
Nowadays, people work remotely and from different devices — home and corporate laptops, tablets, smartphones, which are not always protected. This means that attackers have loopholes to create a bridge to penetrate the corporate network. Thus, after compromise, criminals can use the device as an intermediate node. From there, they can attack other computers on the network, scan the network for vulnerabilities, intercept information (for example, in Man-in-the-Middle attacks, when the attacker gains access to the communication channel and steals data. — RBC Trends ).
It is almost impossible to create a secure perimeter around an employee’s home laptop. Therefore, it is necessary to provide protection at the level of individual end devices – hosts (laptops, desktops, servers, remote workstations). It is important to be able to catch malware, identify complex attacks and compromise attempts right at the entry point.
Evolution of Cybersecurity Technologies
— How are protection methods changing in response to new threats?
— Often, security technologies always improve due to the development of attack techniques. If 20 years ago simple antiviruses were enough, today a comprehensive approach is important, where it is necessary to protect both networks and end devices.
Hosts, servers, and network infrastructure form the backbone of any company’s IT system, and a vulnerability in these components can lead to the entire organization being compromised. At the network level, threats manifest themselves as traffic anomalies: for example, when work computers suddenly start exchanging data with unknown IP addresses, or the volume of data transferred increases sharply during non-working hours.
Endpoints are essentially the gateway into the system through which hackers seek to steal valuable data and paralyze the company’s operations. It is critical to prevent attacks on them with security measures.
At the same time, today it is not enough to simply block malware, as a classic antivirus does. We need to strive to detect attacks at early stages, and for this, it is necessary to correctly configure the protection of end devices. It should be as flexible as possible and depend on the level of risks.
Information security (IS) is a multi-layered protection. For end devices, EPP (Endpoint Protection Platform) and EDR (Endpoint Detection and Response) tools are used.
— What is the difference between EDR and EPP solutions?
— They perform different but complementary functions. Let’s imagine a simple example: your house is the end device that needs to be protected. EPP is good locks on the doors, a strong and high fence around the site, that is, basic security measures. The EDR tool can be compared to a system of automatic response sensors inside the house and an alarm.
EPP is the first line of defense that prevents penetration into the system. The solution provides basic protection for computers, laptops, servers. This includes classic antivirus, personal firewall, host and application control, as well as other functions that block known threats.
EDR constantly monitors what is happening on the device, analyzes the behavior of programs and users, and identifies suspicious activity. The product detects complex, non-standard, and hidden attacks that have managed to bypass basic protection, and has tools for responding to incidents. In addition, based on signs and behavioral models, the system creates a complete picture of the attack, which can be greatly extended in time.
An effective approach to building an effective security system
— What problems does combining several tools into one platform solve?
— Imagine a situation: an attack has occurred on one of the computers, the antivirus has been triggered. In the company’s information security department, this will lead to the creation of an incident and analysis of what happened. In order to conduct a comprehensive investigation, it is necessary to collect a lot of heterogeneous information, but related to this attack: what kind of malicious process was caught, what user was working at that moment and what other applications were open.
At each stage, you spend time switching between different interfaces, trying to connect data from different sources, risking losing important details.
Having all these products in a single console gives you a complete picture of what happened, when, how the threat got into the system, and what it was trying to do. This allows security professionals to focus on responding to advanced targeted attacks while the EPP solution stops known threats.
— What other benefits does EPP provide besides protection from threats?
— Firstly, when you have a single control panel, you don’t need to waste resources on supporting disparate systems.
Secondly, modern EPPs expand the capabilities of IT departments that manage corporate infrastructure. For example, this year we plan to add the function of managing connected devices – USB drives, flash drives, smartphones, tablets, printers, scanners, external cameras – through a single console.
EPP also allows you to manage security settings on different computers in the company. Information security specialists can allow the installation of certain applications, configure user rights, etc. This approach helps prevent situations where an employee independently installs questionable programs, runs something with administrator rights, or opens unsafe sites.
— How accessible are such comprehensive security systems for businesses?
— For Russian businesses today, the choice is limited. Complex systems primarily imply interconnections between their components in the form of various solutions that complement each other. If the components are from different vendors, then integrator companies will be engaged in building such systems. At the same time, some vendors have a sufficient product portfolio to create such systems “from a single window”. For example, in 2023, we at Positive Technologies released our own EDR product for endpoint protection. And recently we signed a deal with the Belarusian IT company Virusblokada to expand our technical portfolio and improve antivirus protection technology for implementation in existing products, as well as for launching an independent EPP solution.
— Why did you choose this particular developer?
— VirusBlockade has over 20 years of experience in malware analysis. Its specialists were the first to discover the famous Stuxnet worm that attacked Iran’s nuclear programs. At that time, for the first time in the history of cyberattacks, a virus destroyed physical infrastructure.
I would like to separately note the strong engineering school of VirusBlokada. The competencies of its employees allow us to create reliable technologies that complement our own developments. If Positive Technologies previously focused on network security and solutions for monitoring information security events, now we will expand our capabilities in the field of endpoint protection.
Reliable protection of IT infrastructure in 2025
— How can a business understand that a security system is outdated?
— I would advise to proceed from what the company’s management actually needs — formal protection or the result in the form of a cyber-resistant business? If the latter, it is necessary to conduct a regular assessment of resistance to cyber attacks. The following will help with this:
pentests (penetration test – “testing for the possibility of penetration”. – “RBK Trends” );
special training platforms that simulate attacks and demonstrate how protection works;
Bug Bounty programs, that is, offering a reward to white hat hackers who find vulnerabilities in your system.
— How can a company effectively protect its IT infrastructure in 2025?
— Start from the structure of your IT environment. There is no universal solution that will suit everyone. You need to determine what is really critical for your business, what events are considered unacceptable, and build cyber defense accordingly.
If we adhere to the basic principles of information security, then companies need:
endpoint security tools;
systems for detecting and blocking network attacks;
solutions for collecting and analyzing suspicious activities, managing security rules;
specialists responsible for monitoring security systems and responding to threats;
continuous training of employees in information security rules.
— What criteria should be taken into account when choosing a supplier?
— I recommend paying attention to the following factors:
the vendor’s reputation and its experience in building cybersecurity for various industries;
qualification of specialists;
the vendor’s willingness to take responsibility for the solutions being implemented, including participation in Bug Bounty programs;
quality and speed of technical support;
flexibility of the solution and its compatibility with your IT infrastructure;
support for domestic operating systems.
Another important condition is the willingness to share plans and improve your tools based on feedback. An open dialogue with the market is an opportunity to understand how to further develop products, so we always welcome new ideas from our users and openly discuss our solutions with them.
