Study: Every 10th security incident is serious

September 1, 2021
| No comments

Share post

A Kaspersky MDR study shows that one in ten corporate security incidents is serious. A third of the incidents classified as serious are due to targeted attacks or APTs. The public sector is most affected.

One in ten (9 percent) prevented cybersecurity incidents in companies would have caused massive disruptions or unauthorized access to the IT systems of the companies concerned, as a current Kaspersky analysis shows. Kaspersky IT security specialists rate the majority of incidents (72 percent) as moderate.

Cyber ​​defense in companies is growing

If these had not been discovered and stopped, they would have seriously damaged the performance of the company, and in individual cases data misuse would have been possible. However, found artifacts from red teaming exercises and penetration tests show that companies are beginning to seek comprehensive cyber defense.

Cyber ​​attacks are becoming increasingly complex as they use obfuscation tactics to avoid detection by security solutions. To counter these threats, companies need experienced IT security professionals who actively identify suspicious activity before serious damage is caused.

Public sector companies hardest hit

The current Managed Detection and Response (MDR) study by Kaspersky now shows in an analysis of metadata that Kaspersky MDR customers voluntarily provided, how widespread the prevented security incidents are and what danger they pose. According to this, almost all branches of industry, with the exception of the mass media and transport, were confronted with serious incidents during the analysis period. Organizations in the public sector were most affected (41 percent of all serious threats), followed by IT firms (15 percent) and companies in the financial sector (13 percent).

Almost a third (30 percent) of all critical incidents were due to targeted, human-directed attacks. Kaspersky experts classified almost a quarter (23 percent) of the serious incidents as threatening malware outbreaks, including ransomware attacks. In 9 percent of the cases, cyber criminals used social engineering methods to gain access to the company's IT infrastructure.

European companies faced more serious incidents

In an international comparison, European companies were slightly more affected by serious incidents. In 12 percent of the cases (international: 9 percent) in European organizations this led to major disruptions or unauthorized access. Targeted attacks or unknown threats were identified that required further investigations using digital forensics. Nearly two-thirds (63 percent) of the compromises were of moderate severity. A quarter (25 percent) of the attacks could be classified as minor.

The most serious incidents were in Healthcare (24 percent) and IT (24 percent), followed by Industry (16 percent), Transportation (16 percent), and Retail (13 percent).

Companies evaluate their defense capabilities

From the study “Managed Detection and Response: Analyst Report” Q2/2021, number of security incidents (Fig. Kaspersky).

According to the Kaspersky experts, current Advanced Persistent Threat (APT) threats were typically discovered together with artifacts from similar, known attacks. From this it can be concluded that organizations are often attacked repeatedly when defending themselves against a complex threat. At the same time, the Kaspersky experts repeatedly discovered signs of security simulations that imitate hostile behavior, such as red teaming, in the companies affected by APTs. In some cases, the organizations threatened by APTs actually had their entire IT security architecture put through its paces using highly developed attack simulations.

Lots of targeted attacks

"Our analysis shows that targeted attacks are quite common - more than a quarter of companies have already faced them," explains Christian Milde, Managing Director Central Europe at Kaspersky. “The good news is that companies that are more likely to encounter such incidents are aware of this risk and are prepared for it. These organizations use services that help them assess their defense capabilities, for example through red teaming. They also seek help from experts with specific APT expertise. "

Kaspersky recommendations for protection against complex attacks

  • Specialized solutions help protect against sophisticated threats. Kaspersky Managed Detection and Response helps identify and block cyberattacks as early as possible, before cyber criminals can cause damage.
  • Companies should combine solutions in order to be prepared against different dangers. The Kaspersky Optimum Framework contains all the tools necessary to detect, analyze and defend against threats that are designed to bypass endpoint protection and is reinforced by EDR and MDR.
  • A threat assessment is an effective way of checking existing detection and prevention systems for adequate protection. Kaspersky Targeted Attack Discovery enables past and ongoing attacks to be identified and effective measures to be initiated.
  • Employee training is critical to cybersecurity as human error due to lack of knowledge and awareness is the number one cause of cyber incidents. Kaspersky offers short, intensive training courses for employees in all positions, from receptionists to IT / OT security experts, ICS operators and engineers.
  • Pentesting: The Kaspersky ICS CERT offers tests of the network infrastructure for penetration in the ICS environment. Such tests are an effective means of checking the protection of the network infrastructure against cyber attacks.
  • The Security Operations Center (SOC) should always have access to the latest industry-specific threat information, such as Kaspersky Threat Intelligence. In its report "The Forrester Wave ™: External Threat Intelligence Services Q1, 2021", Forrester names Kaspersky as one of the first two providers of external threat intelligence services and awarded the company the status of a "Leader".

The Kaspersky MDR study “Managed Detection and Response: Analyst Report” cited in the article is available online.

More at Kaspersky.com

 

About Kaspersky

Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/

 

Matching articles on the topic

IT security: NIS-2 makes it a top priority

Only in a quarter of German companies do management take responsibility for IT security. Especially in smaller companies ➡ Read more

Cyber ​​attacks increase by 104 percent in 2023

A cybersecurity company has taken a look at last year's threat landscape. The results provide crucial insights into ➡ Read more

Mobile spyware poses a threat to businesses

More and more people are using mobile devices both in everyday life and in companies. This also reduces the risk of “mobile ➡ Read more

Crowdsourced security pinpoints many vulnerabilities

Crowdsourced security has increased significantly in the last year. In the public sector, 151 percent more vulnerabilities were reported than in the previous year. ➡ Read more

Digital Security: Consumers trust banks the most

A digital trust survey showed that banks, healthcare and government are the most trusted by consumers. The media- ➡ Read more

Darknet job exchange: Hackers are looking for renegade insiders

The Darknet is not only an exchange for illegal goods, but also a place where hackers look for new accomplices ➡ Read more

Solar energy systems – how safe are they?

A study examined the IT security of solar energy systems. Problems include a lack of encryption during data transfer, standard passwords and insecure firmware updates. trend ➡ Read more

New wave of phishing: Attackers use Adobe InDesign

There is currently an increase in phishing attacks that abuse Adobe InDesign, a well-known and trusted document publishing system. ➡ Read more

Kaspersky, Stories
, , , ,