How to Effectively Use LinkedIn and Cold Calls for Outreach Campaigns
The era when cybersecurity was reduced to buying an antivirus and configuring a firewall has irrevocably passed, according to those interviewed by Vedomosti. Innovations and technologies" experts. According to them, today's digital landscape dictates new rules: attacks are becoming more complex and professional, and their consequences are costly for businesses. The question is no longer "if" the company is attacked, but "when" it will happen and how devastating the consequences will be. The number of recorded DDoS attacks against domestic companies in January-June 2025 It has almost doubled (by 95%) year-on-year, and the total duration of attacks has increased 2.5 times, according to the Selectel report.
In terms of the number of DDoS attacks, Russia took the fourth position in the ranking of the most attacked countries (9.6% of the total number of DDoS attacks in the world), according to StormWall's estimate for the third quarter of 2025. Russia has been ranked fourth for the first time in the last three years, which indicates an increase in hacker attacks and the growing interest of cybercriminals in relation to Russian companies from various industries.
At the same time, the volume of leaks increased: the number of data stolen from Russian companies increased by 138 times in the first nine months of 2025 compared to the same period in 2024, Solar Group estimated. According to the company, the total amount of data leaked from Russian organizations in January–September 2025 amounted to approximately 748 TB, which is equivalent to storing 250,000 high–resolution films or 187 billion jpeg photos. At the same time, the development of artificial intelligence (AI) technologies accelerates the trend towards an increase in the number of cyber incidents. "The number of attacks will only increase, and their difficulty will increase. And I see a great influence of AI in this," said Said Atziev, Deputy Director General for Cybersecurity at Cicada JSC. According to the head of BI.Andrey Chaliapin's Zone TDR, with the advent of AI-based tools, the entry threshold for attackers has decreased: exploiting vulnerabilities and finding potential attack points have become easier.
All of these risks are relevant not only for large companies, but also for small businesses, said Denis Polyansky, Director of Customer Security at Selectel. According to him, small companies believe that they are not interesting to intruders, so they often do not build their defenses properly, but the situation has changed. "AI allows attackers to reduce the cost of creating and modifying malicious code. This makes it possible to effectively bypass traditional signature antiviruses, which makes complex attacks economically feasible even against small and medium–sized businesses, as well as individuals," the expert explained.
Current realities are forcing businesses to change their paradigm and move from reactive "patching holes" in IT security to a proactive strategy. Companies are increasingly willing to invest in proactive cyber defense, as the risks of inaction have become unacceptably high. "Today, cybersecurity issues are issues of sustainability, and often business survival. Imagine that you have deployed your infrastructure and launched a digital service: it will only take a few minutes before they try to attack you for the first time, scan ports or find a password," says Polyansky. According to him, responding to threats after the fact is no longer enough, so a reliable service provider that takes over the provision of infrastructure and its protection is now becoming not just a supplier of resources, but a strategic partner.
The damage from a single data leak, according to estimates by the companies themselves, can amount to 140 million rubles, the expert cited the data. This amount includes direct damage from downtime and missed transactions, as well as indirect costs of remediation, audits, and regulatory fines. This assessment was relevant even before the revolving fines for personal data leaks introduced on May 30, 2025, Polyansky said. In such conditions, investments in secure IT infrastructure become an economically justified necessity, and not just an expense item, he is sure.
The foundation of security
A modern IT system for any business is a multi-layered structure that includes infrastructure, data, application, and user layers. It is necessary to ensure security at every level, experts emphasize. According to them, without a reliable and properly configured system, top-level security tools are ineffective. Antivirus or Web application Protection System (WAF) will not help if there are vulnerabilities in the network configuration, servers are not updated or there are no backups.
Faced with these challenges, companies have to make a choice: build and maintain a multi-level protection system on their own or entrust this task to an external partner. In 2024, 95% of large companies in Russia used ready-made cloud infrastructure, since creating your own secure IT environment from scratch requires significant capital investments in hardware and constant operating costs to support it, a study by Nubes cloud provider showed. "An important factor is also the ability to quickly scale cloud solutions, which allows you to quickly test hypotheses for potential business growth using the OPEX model (operating costs. – "Vedomosti. Innovations and technologies") instead of capital investments," said Alexander Lugansky, UserGate Development Manager.
The choice not in favor of in-house solutions is also dictated by the lack of expensive information security (IS) specialists on the market, he added. According to the expert, for example, round-the-clock monitoring of information security events requires a significant staff of highly specialized employees. There really aren't many good specialists on the market, and the total cost of maintaining them can be significantly higher than using a ready-made cloud service, Lugansky believes.
Provider as a competence center
As the experts interviewed emphasize, large cloud providers can afford what an individual company cannot: secure data centers, advanced equipment, multiple backups, and a staff of experts who monitor security around the clock. Plus, such organizations have expertise in the field of information security: due to the specifics of their activities, they reflect a large number of cyber attacks on a daily basis and accumulate data on current threats. Due to this experience, providers can more effectively build a strategy for protecting their customers' IT infrastructure based on the latest data, Polyansky emphasized. "By turning to a professional provider, businesses gain access to knowledge, practices, and experience that are difficult to accumulate on their own. This allows companies to avoid typical mistakes when designing infrastructure on their own and building cyber defense systems," he added.
In addition, modern providers provide an ecosystem of solutions. We are talking about services such as DDoS protection, WAF, vulnerability scanners and backup systems that are already compatible and integrated into a single infrastructure. This saves the client from having to make independent choices, purchase, and integrate disparate systems, Polyansky emphasized.
Compliance as part of the infrastructure
A separate layer of work is compliance with legal requirements. For any company working with personal data, this means that it is necessary to comply with the norms of 152-FZ. For the financial sector, the requirements of the Central Bank are added to this, for businesses working with government agencies, the need for certification of their systems and the availability of FSTEC and FSB certificates for the security tools used. The infrastructure of most large providers has already been certified according to all necessary standards, and by hosting their systems with such a provider, the company "inherits" a significant part of this compliance, experts say.
As Polyansky noted, the growing demands from regulators are becoming one of the main challenges for businesses along with constant attacks and staff shortages. For example, next year, the 117th FSTEC order, which establishes requirements for the security of information systems, will affect a significant part of commercial companies that require interaction with government systems. In order to independently bring the infrastructure in line with new requirements, resources and competencies are needed, which are not enough on the market, Polyansky stressed. But companies providing cloud services and data center services are ready to take on these tasks, offering ready-made certified turnkey infrastructure without capital expenditures on the part of the client.
For example, the information security vendor Multifactor was faced with the need to certify its solution according to the PCI DSS standard (an international data security standard designed to protect payment card information). Selectel provided the company with its infrastructure, which already had this certification, and Multifactor was able to bring its solution in line with the customer's requirements within one day.
"Using a certified provider's infrastructure is not just a tool to simplify the process, but often a necessary condition," said Fyodor Dbar, Commercial Director of the Security Code company. He noted that companies need to undergo certification and attestation. The first one confirms that a specific solution meets the requirements, and the certification is a comprehensive assessment of how the entire information security system of the company as a whole meets the standards, the expert said.