According to Tinkoff, almost half (46%) of online resources for SMEs in Russia have cybersecurity issues.
The most critical of the most common errors is the weak protection of cloud storage, threatening data leakage (identified in more than a quarter of organizations).
These disappointing statistics are based on the analysis of more than 40 thousand sites and databases of small companies / individual entrepreneurs. The most vulnerable areas in terms of information security were areas such as consulting, retail, and IT (44% of the problems found).
Most often (in 33% of cases) SMEs make domain verification errors. Such mistakes provoke the capture of a resource through data substitution.
The second place in the rating is taken by the threat of confidential information leakage arising from open access to the database or from the use of a weak password (27%). The ability to obtain a key by a simple brute-force attack allows an attacker to obtain personal data of customers and company employees, trade secrets, source codes of programs, etc.
The third most frequent cybersecurity error, according to Tinkoff, is SSL Unknown subject (15%). Such a problem during SSL-certificate verification threatens with interception and disclosure of data (MITM attack).
The researchers also found that the resources of SMEs are poorly protected from attacks by cryptographers (9%).
The top five problems also included another common error — an expired SSL certificate (7%). When the browser shows that the certificate is invalid, the site may fall out of access; as a result, the company loses potential customers.
“Unfortunately, cybersecurity is poorly developed in Russia and business does not realize how important it is to protect data. Firstly, the services of good and competent specialists are very expensive; secondly, after the crisis, companies direct working capital primarily for the purchase of goods and current needs,” comments Pavel Segal, First Vice President of “OPORA Russia”.