What are cyber threats, what is new and dangerous in the arsenal of cybercriminals today, and how to protect your business at a sufficient level?
Why did cybercrime become one of the top threats to business in 2025
In 2024, cyber attacks in Russia increased by 35% compared to the previous year, and the damage per incident for a medium-sized company reached 20 million rubles. The reality is that no company, from a small startup to a huge manufacturing holding company, is 100% immune from online attacks. Such high-profile incidents as the hacking of state automated system (SAS) “Pravosudiye” (“Justice”) and the paralysis of some media holdings are only the visible part of the iceberg.
Such incidents entail many risks: direct financial losses (ransom, fines for personal data leaks of up to 15 million), irreparable damage to business reputation (up to 71% of clients have been known to leave) and contract failures. The departure of foreign vendors of network equipment and international sanctions have exacerbated these risks even more.
Today’s realities require a revision of generally accepted approaches to cybersecurity. Information security is becoming not just an expense item in the company’s budget, but the foundation for the sustainability of the entire business.
The main types of cyber threats and their consequences for business
Cyber attacks are a daily reality. In 2024, almost 40% of incidents in Russia started with phishing. The attackers masterfully forge emails from colleagues and partners and use voices generated using deepfake technology. As a result, fraudsters gain instant access to corporate accounts and bank accounts.
Damage from incidents involving compromised corporate mail can reach 4 million rubles per month for medium-sized companies, and proper training of employees to recognize signs of such attacks reduces risks by 45%.
The most severe damage is caused by ransomware (encryption viruses). They account for approximately 40% of all incidents. The average ransom that companies paid to attackers in 2024 is ₽5 million, but even greater losses were incurred due to operational disruptions and downtime (up to ₽4 million/hour for some industries), and in some cases, complete data destruction. Note that modern encryption viruses work lightning fast. For example, Black Basta is able to block completely the internal network of a large factory in just 50 hours.
DDoS attacks that paralyze websites and online services have increased by 30%. For businesses such as e-commerce, an hour of downtime is a loss of revenue and an outflow of customers. Regional businesses are particularly vulnerable to such attacks. Every fifth attack in 2024 in our country was aimed at small businesses.
The trend towards attacks through IoT devices (Internet of Things) is gaining momentum: modems, smart home/office elements such as smart cameras, printers, or just sensors. Hacking one such device allows criminals to gain access to the entire network. In production, this leads to the shutdown of the assembly line and even the theft of technology. According to Solar JSOC, the number of such incidents has increased by 2 times recently.
Vulnerabilities of outdated software and operating systems, as well as zero-day attacks (cases where attackers discover the possibility of hacking before developers become aware of it) are exploited less frequently and account for only 8% of known cases, but their consequences are catastrophic: massive leakage of customer data with fines of up to ₽15 million or even loss of intellectual property. As an example, I will cite the hacking of corporate networks through a vulnerability in Cisco IOS XE in 2023.
The Man in the Black Hood: motives and methods of cybercriminals
The loner in the black hood is a Hollywood myth. In fact, crimes are committed by well-structured groups with defined roles and clear goals. 65% of attacks in Russia are motivated by quick financial gain. And hardly any of the highly skilled fraudsters who commit these crimes outwardly correspond to the image widely replicated by popular culture.
The most dangerous: The racket
The most dangerous for businesses are extortionists, who act as “digital racketeers” and are the authors of up to 60% of all incidents. They use automated ransomware attacks (using viruses like Black Basta), encrypt data, and demand a ransom in cryptocurrency for data recovery. Their methods include mass mailing of phishing emails and messages in messengers, as well as exploiting vulnerabilities in the software used. I have already mentioned the risks: on average, up to 5 million rubles and weeks of downtime.
Competitors and cyber hires
The tools of this category of scammers are targeted phishing (forgery of letters from management) and DDoS attacks to sabotage ongoing tenders or disrupt specific transactions (25-30% of attacks). In other words, they deliver targeted, pre-calculated strikes, usually related to some important events. For example, the Midnight Blizzard group attacked Microsoft in 2023 on behalf of the corporation’s competitors. Such attacks are often carefully disguised and look like legitimate traffic, which makes them difficult to detect.
Own employees
Insiders— the company’s employees who decided to make money by selling access to corporate data, account for about 5% of all incidents. The motives here can be very different: from revenge on the boss with whom the relationship did not work out (as in the story with the Cisco administrator who deleted 456 virtual machines), to banal corruption. The risks in this category are very high, because an insider knows the internal processes and is often able to bypass even advanced security systems. Dealing with leaks or damage of this kind is a very time-consuming undertaking.
For criminals of this type, the key factor is the illusion of complete anonymity and impunity on the Darknet, as well as the “virtual mentality”, which means a feeling of complete lack of boundaries on the web. These factors reduce ethical barriers, and as a result, according to research, about 80% of cybercriminals consider their risk of capture to be minimal. Because of such ideas, even teenagers can paralyze a business for basic hooligan reasons by hacking the network through vulnerable IoT devices.
Know your enemy
An entrepreneur should have a good understanding of the types of criminals described and their psychological profiles, since, for example, backup protection methods are useless against an insider. This will require monitoring employee behavior and careful segmentation of internal networks.
Risk assessment checklist
Cyber threat risk assessment should not be assigned to the IT department, it should be a strategic priority for business owners. I recommend following this checklist.
1. Audit of the corporate infrastructure
Check for vulnerabilities in legacy software (Windows Server 2012+, 1C 7.7), which is still used by up to 40% of small businesses. Existing cybercriminal tools such as Solar AURA scan the corporate network in 24 hours, identifying “holes” for zero-day attacks.
Case study: a pharmacy chain saved ₽3 million by closing a vulnerability in a Wi-Fi router and preventing hacking of the prescription database.
2. Testing employees’ vigilance against phishing
80% of successful attacks start with human error. Conduct phishing simulations regularly and without notice using tools such as KnowBe4. If up to 30% of your staff clicks on a fake letter “from the CEO”, take urgent action and organize training. It can
3. Analyzing your contractors’ policies from a cybersecurity perspective
This measure will prevent up to 50% of threats. Use the services of MSSP providers and SOC (companies specializing in monitoring and minimizing cyber threats), and if you are already doing this, require FSTEC/FSB certificates from them.
4. Search for leaked data on the Darknet
After each incident, monitor the digital footprint. Services such as BI.ZONE Threat Intelligence detect password compromise before an attack, while the cost of using it is only from ₽15 thousand/month, and the damage from a leak can be hundreds of times higher.
IMPORTANT: These measures should not be a one-time action. Automate audits through platforms such as Kaspersky Automated Security Assessment or similar, compile detailed quarterly reports and analyze them thoroughly.
Trends and forecasts in the field of information security for 2025
Everything that is happening in the field of cybersecurity in 2025 can be defined through three key trends.
AI is like a double-edged sword
Attackers actively use generative AI to create hyper-realistic phishing message samples, including voice clones of real executives, and automate their attacks. At the same time, AI is becoming the basis of protection for systems like Solar AI SOC, reducing threat response time by 40% and analyzing up to 1 million events per second. The market for information security systems using AI in Russia will grow by 30% during the year.
Strict requirements of regulators
By 2026, 40% of CII facilities are 100% likely to switch to Russian information security solutions, and international sanctions will accelerate the introduction of import substitution. GitHub has already been blocked for public sector enterprises, and Western EDR systems such as CrowdStrike are being widely replaced by P7-CyberArsenal or Serchinform. Fines for personal data leaks will be raised to ₽18 million.
Quantum computers for cyber attacks and the spread of 6G
Quantum computers in the period 2025-2027 will be able to crack RSA-type encryption algorithms. Companies will have to implement quantum-resistant encryption algorithms (for example, the RCC project). The spread of the 6G network will increase the risks for the IoT: fully automated smart factories will become a desirable target for cyber attacks. Preparations for this new era are already underway — Rostec has begun testing isolated 6G networks.
Conclusion
Investing in cybersecurity in 2025 is an investment in business sustainability. International sanctions related to the spread of AI threats and the tightening of regulatory requirements (even applying criminal liability) require a quarterly review of the protection of the IT infrastructure. Otherwise, even a small business can lose up to ₽5 million/year due to downtime, buybacks of its own data from fraudsters and reputational damage.
Responsibility for decisions made in this area is distributed as follows:
- the CEO approves the budget and strategy;
- the IT director implements solutions (NGFW, EDR, 2FA);
- the information security specialist(s) monitors threats 24/7.
If these roles are not defined, then up to 58% of attacks can go unnoticed for a period of 1 month. The cost of protecting against cyber threats is high, but the savings due to averted losses will exceed the cost by 20 times or more.
If you start with an audit today, then tomorrow your comprehensive protection will become one of your competitive advantages. We live in an era when up to 70% of customers choose suppliers based on data storage security criteria, so your willingness to respond to any cyber threats translates into customer trust and a guarantee of your business continuity.
By Viktor Zhuravkov, CEO of ESTT