Threats in the new digital reality

The degree of risk in the digital space is continuously growing. In 2024, many organizations and individuals were affected by cyberattacks. More than 41 million cyber incidents were registered in Russia in the second quarter of the year, which is a 74% increase compared to the same period of 2023. Some of the most common threats in the digital environment include social engineering attacks, password theft, and data breaches. But there are also other risks. The ten most dangerous of them are described below.

• Social engineering. Attackers use psychological manipulation to make victims disclose their personal data. This type of scam includes phishing, vishing and pretexting.

• Ransomware. Scammers use malicious software to lock devices and demand a ransom for restoring access. In 2024, victims of this type of incidents lost up to 43% of their data, regardless of all attempts to recover them.

• Supply chain attacks. Criminals attack companies’ suppliers to get access to their systems. A striking example here is an incident that happened to SolarWinds, a US-based technology firm, in 2019 when attackers used a malicious code in software updates to access thousands of systems.

• Use of AI. In 2024, the digital security threat posed by artificial intelligence reached its pinnacle, accounting for 85% of all cyberattacks.  Scammers use AI to crack passwords, write compelling phishing emails, and mimic voices for vishing.

• Password cracking. Popular passwords and their reuse make accounts vulnerable. Attackers use various methods for password mining and spraying to gain access to accounts. 

• Attacks on IoT (Internet of Things) devices. Internet-connected smart devices, such as cameras or thermostats, become targets for hacking. This way, attackers obtain personal data of victims or even spy on them.

• Cloud vulnerabilities. According to IBM, more than 40% of all data breaches in 2024 involve cloud services. These vulnerabilities are dangerous not only because of financial losses, but also because they can potentially undermine customer trust and negatively affect the company’s reputation. 

• Business email compromise (BEC) attacks. Criminals often use corporate email compromise (BEC) attacks, posing as high-ranking employees in order to trick employees into giving them money or personal data.

• Distributed denial of services (DDoS) attacks are designed to overload company servers, leading to malfunction of websites or services. Scammers may use these for blackmail, demanding a ransom for restoring normal operation. Such attacks use bots to generate a huge number of simultaneous requests, which overloads the network and disrupts its operation.

• Hacks and data breaches. This is also one of the most common types of threats to digital information. Data breaches can be either due to an accidental disclosure or malicious actions of attackers. According to an IBM report, in 2024, the average damage from data breaches increased by 10% compared to the previous year, reaching about $4.8 million.

Digital dangers continue to transform and new, more sophisticated types of attack emerge. This means that ways to combat digital threats should also keep up with the times and be in line with current challenges. Let us explore the key cybersecurity trends for the near future.

1. Artificial intelligence. In 2023, hackers actively used AI, including ChatGPT, for hacking and phishing. It is expected that malicious abuse of AI will remain a threat until 2030. This boosts the development of ethical standards and the use of AI for good purposes — to enhance security.

2. Staff training. Lack of knowledge in cybersecurity remains a serious problem. Large companies, such as Sber and VTB, are active in conducting cyber security exercises to explain their employees the fundamentals of digital security and methods for preventing scams.

3. Ecosystem solutions. Companies increasingly use integrated ecosystems that combine several solutions for comprehensive protection. However, this can lead to dependence on a single provider — this risk should be taken into account at the implementation stage.

4. Vulnerability analysis. New digital opportunities give rise to new threats. It is important to monitor services, protect corporate networks and verify reliability of suppliers, especially when using open source software.

5. Import substitution. In 2025, critical infrastructure entities in Russia should completely switch to Russian software. This stimulates the development of Russian solutions in information security.

6. State regulation. Russia is strengthening control over its critical infrastructure facilities.  The Federal Service for Technology and Export Control (FSTEC) develops a centralized system for data protection and a register of reliable hosting providers.

7. Staffing problems. The growing demand for highly skilled IT specialists leads to active staff training in the framework of both corporate programs and government initiatives.

If you do not know what methods of protection are relevant for your company, you can always seek for advice from experts at SEVEN SENSES — we will help you solve your problems with our Comprehensive Security Development and Implementation service.

As was mentioned earlier, data breaches are one of the key current threats to digital information. As criminal groups around the worlds become more active, companies have to strengthen protection of their data and systems. In Russia, every second successful attack during the first six months of 2024 led to a leak of sensitive information. The most affected entities include government agencies (13%), IT companies (12%) and industrial enterprises (11%).

Given this, it is necessary to promote effective methods to counter threats that involve compromising privacy of sensitive data in the digital space. One of these is pentest — a penetration test, also referred to as “pentesting”. The term describes a set of procedures designed to get a fair assessment of the level of protection of a system against external threats, and identify and fix its weaknesses.

A pentest simulates actual hacker attacks, helping identify vulnerabilities and fix them in a timely fashion. Regular pentesting allows you to:

• Assess the effectiveness of your current security measures;
• Develop a plan for improvement of protection, including recommendations on how to optimize its configuration and what new methods and solutions to implement;
• Support a high level of cybersecurity in the context of a constantly growing number of threats.

The popularity of pentesting is increasing every year. While previously it was mainly performed by financial entities, nowadays, many companies in different industries realize the importance of this tool for the prevention of threats emerging in the digital space. Pentesting becomes an integral part of information security strategies and helps companies stay one step ahead of cybercriminals.

It is important to keep in mind that a pentest is a very complex and time-consuming procedure designed to identify vulnerabilities. It requires special skills, experience and knowledge of the latest trends in cybersecurity. Therefore, the following aspects should be taken into account to make sure pentesting achieves the maximum effect:

1. Selecting a team. When planning a pentest, it is important to pay attention to the skills, work experience and successful cases of the team you are engaging.
2. Defining goals. You should be clear about what needs to be tested, be it your corporate website, network or other aspects of information security.
3. Regularity. Pentesting is necessary not only for finding problems on a one-time basis, but also after the deployment of new systems, services or products.
4. Internal threats. It is necessary to remember about internal security and test not only external, but also internal processes and networks.
5. Cyber literacy of personnel. Pentest results can and should be used for training your staff and raising their awareness of cyber threats.

Thus, regular pentesting becomes a real necessity for the protection of your business against ever-evolving threats. At SEVEN SENSES, our experts have all the necessary skills and experience for conducting a pentest that will fully address your needs for detecting and closing gaps in your security system. Contact us to make criminals unable to gain access to your sensitive data and assets.