A Kaspersky MDR study shows that one in ten corporate security incidents is serious. A third of the incidents classified as serious are due to targeted attacks or APTs. The public sector is most affected.
One in ten (9 percent) prevented cybersecurity incidents in companies would have caused massive disruptions or unauthorized access to the IT systems of the companies concerned, as a current Kaspersky analysis shows. Kaspersky IT security specialists rate the majority of incidents (72 percent) as moderate.
Cyber defense in companies is growing
If these had not been discovered and stopped, they would have seriously damaged the performance of the company, and in individual cases data misuse would have been possible. However, found artifacts from red teaming exercises and penetration tests show that companies are beginning to seek comprehensive cyber defense.
Cyber attacks are becoming increasingly complex as they use obfuscation tactics to avoid detection by security solutions. To counter these threats, companies need experienced IT security professionals who actively identify suspicious activity before serious damage is caused.
Public sector companies hardest hit
The current Managed Detection and Response (MDR) study by Kaspersky now shows in an analysis of metadata that Kaspersky MDR customers voluntarily provided, how widespread the prevented security incidents are and what danger they pose. According to this, almost all branches of industry, with the exception of the mass media and transport, were confronted with serious incidents during the analysis period. Organizations in the public sector were most affected (41 percent of all serious threats), followed by IT firms (15 percent) and companies in the financial sector (13 percent).
Almost a third (30 percent) of all critical incidents were due to targeted, human-directed attacks. Kaspersky experts classified almost a quarter (23 percent) of the serious incidents as threatening malware outbreaks, including ransomware attacks. In 9 percent of the cases, cyber criminals used social engineering methods to gain access to the company's IT infrastructure.
European companies faced more serious incidents
In an international comparison, European companies were slightly more affected by serious incidents. In 12 percent of the cases (international: 9 percent) in European organizations this led to major disruptions or unauthorized access. Targeted attacks or unknown threats were identified that required further investigations using digital forensics. Nearly two-thirds (63 percent) of the compromises were of moderate severity. A quarter (25 percent) of the attacks could be classified as minor.
The most serious incidents were in Healthcare (24 percent) and IT (24 percent), followed by Industry (16 percent), Transportation (16 percent), and Retail (13 percent).
Companies evaluate their defense capabilities
According to the Kaspersky experts, current Advanced Persistent Threat (APT) threats were typically discovered together with artifacts from similar, known attacks. From this it can be concluded that organizations are often attacked repeatedly when defending themselves against a complex threat. At the same time, the Kaspersky experts repeatedly discovered signs of security simulations that imitate hostile behavior, such as red teaming, in the companies affected by APTs. In some cases, the organizations threatened by APTs actually had their entire IT security architecture put through its paces using highly developed attack simulations.
Lots of targeted attacks
"Our analysis shows that targeted attacks are quite common - more than a quarter of companies have already faced them," explains Christian Milde, Managing Director Central Europe at Kaspersky. “The good news is that companies that are more likely to encounter such incidents are aware of this risk and are prepared for it. These organizations use services that help them assess their defense capabilities, for example through red teaming. They also seek help from experts with specific APT expertise. "
Kaspersky recommendations for protection against complex attacks
- Specialized solutions help protect against sophisticated threats. Kaspersky Managed Detection and Response helps identify and block cyberattacks as early as possible, before cyber criminals can cause damage.
- Companies should combine solutions in order to be prepared against different dangers. The Kaspersky Optimum Framework contains all the tools necessary to detect, analyze and defend against threats that are designed to bypass endpoint protection and is reinforced by EDR and MDR.
- A threat assessment is an effective way of checking existing detection and prevention systems for adequate protection. Kaspersky Targeted Attack Discovery enables past and ongoing attacks to be identified and effective measures to be initiated.
- Employee training is critical to cybersecurity as human error due to lack of knowledge and awareness is the number one cause of cyber incidents. Kaspersky offers short, intensive training courses for employees in all positions, from receptionists to IT / OT security experts, ICS operators and engineers.
- Pentesting: The Kaspersky ICS CERT offers tests of the network infrastructure for penetration in the ICS environment. Such tests are an effective means of checking the protection of the network infrastructure against cyber attacks.
- The Security Operations Center (SOC) should always have access to the latest industry-specific threat information, such as Kaspersky Threat Intelligence. In its report "The Forrester Wave ™: External Threat Intelligence Services Q1, 2021", Forrester names Kaspersky as one of the first two providers of external threat intelligence services and awarded the company the status of a "Leader".
The Kaspersky MDR study “Managed Detection and Response: Analyst Report” cited in the article is available online.
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/