„Ich habe neulich erst darüber nachgedacht“, sagt Sophie Ellis-Bextor in ihrem entzückend aristokratisch-kühl klingenden Akzent, „wie Musik die einzige Kunstform ist, in der du

      11 September 2025 12:05

      [172]

      Society

      Most Russian businesses are exposed to high- and critical-level vulnerabilities in the security of their information systems — this is the conclusion reached by MegaFon specialists after analyzing the results of pentests the mobile operator conducted in 2025.

      The study showed that 60% of companies have high- and critical-level vulnerabilities. The first category includes defects in authentication systems that allow bypassing protections, weaknesses in web applications that risk data leakage, and misconfigurations of network services that create additional attack vectors. Critical-level flaws can lead to the takeover of domain controllers with the acquisition of full privileges over corporate infrastructure and to unauthorized access to confidential data.

      In 36% of cases medium-level vulnerabilities were identified, which do not grant full control over a system but can become an important link in an attack chain and compromise better-protected components of the infrastructure. Only 4% of companies have no serious security gaps. Pentests were carried out among companies from various sectors and fields: 60% in the electric power, IT and industrial sectors, 20% in the financial sector, and 8% each in real estate, advertising and media, and retail.

      A pentest is a safe method of assessing an organization's information systems security by simulating the actions of attackers. During testing, specialists analyze external and internal networks, check web applications and mobile services, assess resilience to social engineering attacks, and test authentication systems. As a result, businesses receive a detailed report describing the vulnerabilities found and step-by-step recommendations for their remediation and prevention.

      Of all types of pentests, external testing remains the most in demand: since the beginning of this year demand for it has grown by 48% compared to the results for the whole of 2024. In second place are compliance projects (analysis of systems' conformity with regulators' requirements, normative documents and industry standards). Their number increased by 75% over the same period. The largest increase (more than 100%) was shown by incident investigation services; however, such work accounts for only 4% of the total volume.

      Demand for pentests grows by approximately 30% annually, but the market has now reached record levels. According to experts, by the end of 2025 their number will double compared to last year, which is explained by an increase in cyberattacks, including the use of new threats and methods, as well as tightened regulatory requirements (the introduction of new standards and stricter liability).

      "The results of our study show that only 32% of the tested companies have a high level of protection against cyberattacks. Another 23% have a medium level of security, and the remaining 45% have a low level. Conducting pentests is just the first step toward building an effective cybersecurity system. By analyzing the results of such comprehensive testing, a company can identify weak points in its infrastructure and understand how to properly build its defenses," notes MegaFon's Director of Corporate Business Development Natalia Taldykina.

      NIA "Nizhny Novgorod" has a Telegram channel. Subscribe to stay informed about major events, exclusive materials and timely information. Copyright © 1999—2025 NIA "Nizhny Novgorod". When republishing, a hyperlink to NIA "Nizhny Novgorod" is mandatory. This resource may contain 18+ materials.