XRAY CyberSecurity has successfully completed verification as a provider of penetration testing services within the Business Cyber Diagnostics Programme. This programme, implemented with support from the Ministry of Digital Transformation of Ukraine, the national project Diia.Business, Kyiv School of Economics and with assistance from USAID, provides 500 Ukrainian businesses with the opportunity to conduct free diagnostics of their digital infrastructure. We consider the Programme a critically important step in strengthening the cyber resilience of Ukrainian enterprises.
The state of cybersecurity in Ukraine: analysis and forecasts
According to data from the State Service of Special Communications and Information Protection of Ukraine, in 2023 the number of registered cyber incidents increased by 62.5% to 2,541 cases compared to the previous year, and in 2024 the trend continued with growth of 69.8% to 4,315 incidents. Small and medium-sized enterprises proved to be the most vulnerable, as they often lack the resources to create robust cybersecurity systems.
We forecast that over the next 2-3 years, the number and complexity of cyber attacks will continue to grow. Particular attention should be paid to attacks using artificial intelligence and machine learning, which can automatically identify and exploit vulnerabilities in real time.
Specific vulnerabilities and threats to small business in Ukraine
Based on our experience conducting penetration tests, we have identified several critical vulnerabilities characteristic specifically of the Ukrainian business environment. The most widespread problem is the use of outdated software versions without regular security updates, which creates broad opportunities for malicious actors to gain access to key systems and customer databases.
The second critical vulnerability is related to insufficient, incorrect configuration of existing security mechanisms. Many companies use weak authentication methods for system access and other configuration errors, which allow malicious actors to obtain critical levels of access to cause significant damage to the business.
The third specific problem concerns IoT devices and physical security systems (video surveillance, access control, alarms), which are often installed with factory passwords and never updated. During our testing, we regularly gain access to internal networks precisely through these types of vulnerabilities and systems, which is particularly critical under martial law conditions.
Analysing global cybersecurity trends, we observe significant regional differences in the nature and motivation of cyber attacks worldwide.
In different regions, hackers are driven by different motives. If in some countries financially motivated attacks predominate, then in geopolitically unstable regions we often encounter politically motivated cyber threats. For example, in conflict zones, attacks on critical infrastructure, logistics companies and the agricultural sector are often aimed not at financial gain, but at disrupting supply chains and creating economic destabilisation.
This emphasises the importance of adapting cybersecurity strategies to the specific threats of each region. International companies must consider not only traditional cyber threats, but also the geopolitical context of operational regions when developing comprehensive protection programmes.
Features of XRAY CyberSecurity verification
Before participating in the programme, XRAY CyberSecurity underwent a thorough verification process as a service provider. This process included submitting a detailed Declaration of Capability, where our team demonstrated:
- Many years of experience in the field of security assessment and cybersecurity testing
- Availability of qualified specialists with relevant certifications
- Successful experience implementing projects in the field of information security
- Technical capability to provide services of the highest quality
Our approach to penetration testing goes beyond standard methodologies. We have developed our own adaptive methodology, which includes simulation of attacks taking into account the specifics of the IT infrastructure of a particular business.
Therefore, we invite small and medium-sized businesses to join the Cyber Diagnostics Programme and stay ahead of cyber threats right now!
