Threats are there – no strategy: what prevents businesses from resisting cyberattacks
24 April 10:56
62% of Ukrainian companies lack a clear strategy for dealing with information and cyber attacks. This is evidenced by the results of a survey aimed at finding out whether Ukrainian businesses are ready to adequately respond to cyber threats. The results of the survey were published by the European Business Association, "Komersant Ukrainian" reports.
The survey showed that more than half of business organizations recognize a moderate or high probability of cyber or information attacks over the next year. However, 30% of respondents said their company never or almost never conducts risk assessments.
Which cyberattacks can cause the most problems
Among the main cyber threats to a company, respondents most often identified email phishing (71%) and data breaches (70%).
The top five threats also include bot attacks in comments under company posts (43%), hacking of company employee accounts (41%), and cyberattacks on brand social media (40%).
What the business community lacks in cyber defense
62% of respondents said that they lack a clear strategy for dealing with a cyber crisis, and 39% of companies do not have a separate anti-crisis communication plan.
41% of companies do not have specialized practical trainings to prepare for cyber and information crises.
Only a third of respondents said they were fully prepared for a cyber crisis: they have trained response teams and designated speakers.
The survey results revealed a pattern: companies that have already experienced cyberattacks demonstrate a much higher level of preparedness – they regularly conduct trainings and have a fully integrated crisis communication plan.
What hinders the creation of reliable protection
Survey respondents acknowledged that the main barriers to establishing an effective cyber incident response system are the rapidly evolving threats (57%), lack of internal expertise (37%), and limited budgets for training and threat monitoring (38% and 30%, respectively).
AI threat monitoring (34%) and scenario-based crisis modeling exercises (32%) were named the most popular tools for crisis management.
21% of respondents consider it useful to learn from the experience of other companies that have faced cyber incidents.
How to ensure protection against cybercriminals
To protect themselves from cyber threats, the experts of the computer emergency response team recommend that businesses and organizations should
– Scan the attack surface and use tools such as censys.io, shodan.io, or Nmap to identify open network ports.
– Use multi-factor authentication to access VPNs and corporate email.
– Isolate systems accessible from the Internet.
– Filter outbound traffic and use a proxy server to control outbound network connections.
– Expand the scope of logs and configure event logs to store data for at least 180-360 days.
– Control the programs used.
– Ensure readiness for network isolation and create an appropriate plan in case of isolation of network segments.
Government agencies are invited to join the vulnerability detection system
The State Center for Cybersecurity of the State Special Communications Service of Ukraine reported that in the first quarter of 2025, 6 new organizations joined the vulnerability detection system.
The system now covers 96 government agencies from the government, energy, and defense sectors.
The Cybersecurity Center reminded that the vulnerability detection system is a comprehensive cybersecurity tool that consists of a network of sensors that constantly monitor suspicious activity in the systems of government agencies and critical infrastructure facilities. The information is sent in real time to the Cyber Incident Response Center, where experts analyze and localize threats.
The vulnerability detection system protects more than 38,000 servers and workstations.
According to the State Special Communications Service, the number of cyberattacks on Ukraine increased by 70% in 2024.
