Yandex doubled its investments in digital security in 2023 to 6 billion rubles

Yandex has focused on strengthening user data protection, improving infrastructure security, and developing technologies to combat fraudsters.

Investments were directed at the development of secure data storage systems, the development of protection technologies against DDoS attacks and fraud, access control systems, independent audits and other areas, including equipment development. The number of employees responsible for digital security increased by a third during the year.

What has changed in infrastructure data protection?

• In 2023, Yandex developed a storage facility where all data is encrypted and it is impossible to correlate the information in the storage facility with that of a real user.
• The company also strengthened control over actions within the infrastructure and limited access to production using the Zero Touch Production approach: they are delivered to a limited number of employees only from trusted devices for a specific task while it is being solved.
• In 2023, comprehensive Smart Protection technology was enhanced to protect against DDoS attacks. Different security elements began to exchange data more actively with each other, thanks to this the system has become more flexible, learns and scales faster.

What has changed in technology to protect users

• Yandex has further refined its algorithms to recognize fraudulent and phishing sites, as a result of which the browser more accurately identifies such sites and has prevented more than 110 million accesses to them.
• The accuracy of the caller ID in the Yandex with Alice application was increased to 95% and the integrity of the database was increased to 42 million numbers, this is 2.5 times more than at the beginning of the year. The service has also learned to warn about unwanted calls in instant messengers.
• Yandex 360 introduced new ways to block malicious emails, developed a system for analyzing spambot attacks, and improved the mechanism for identifying emails from spammers. In less than a year, Mail processed more than 78 billion letters, 17 billion of which were marked as spam or blocked.
• Algorithms have been improved to verify that ads comply with the rules for placement on the ad network. In less than a year, the company rejected more than 33 million ads and blocked around 190,000 accounts of advertisers who tried to place ads that violated the rules.

Independent audits

• In 2023, Yandex reported that it had passed 39 independent audits to test infrastructure for resistance to attacks and security of services, and received certificates of compliance of service protection with international standards (for example, Yandex Pay received international safety certification). PCI DSS 4.0 standard).
• In 2023, the fund of the “Bug Hunt” program to find bugs and vulnerabilities increased from 40 to 100 million rubles.