The Rostelecom-Solar report provides information on common vulnerabilities and deficiencies in infrastructure components, employee awareness of information security issues, and statistics on how to fix discovered vulnerabilities.

The data presented in the report was obtained based on the results of the work carried out by experts of the security analysis department of the Solar JSOC, a center for countering cyberattacks, in June 2020 - June 2021.

The works included external and internal breach testing, web application analysis, sociotechnical research. Part of the work was devoted to checking the vulnerabilities discovered during the previous security analysis and the correctness of repair.

Key findings:

• Most of the vulnerabilities have a high severity rating, but at the same time they have low exploitation complexity.
• The most vulnerable systems at the outer perimeter are web applications.
• Incorrect setting of access rights is discovered in 81% of web applications.
• The weakest point of internal networks is password management.
• 15% of users perform potentially harmful actions when they receive phishing emails.
• 78% of critical vulnerabilities discovered during the security analysis were fully or partially eliminated before retesting.

Share: