Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

One in 10 cybersecurity incidents investigated by Kaspersky in organisations are considered severe

July 2021 by Kaspersky

According to anonymised metadata voluntarily provided by Kaspersky MDR customers, one-in-10 (9%) prevented cybersecurity incidents could cause major disruption or unauthorised access to the customer’s assets. The vast majority of incidents (72%) were of medium severity. This means that if these threats had not been detected by the service, they would have affected the performance of the assets or could lead to single data misuse cases.

Cyberattacks are growing in complexity, with threat actors employing evasive techniques to avoid detection by security solutions. Detection and prevention of such threats requires seasoned threat hunters who can spot suspicious actions before they cause damage to a company. Kaspersky analysed anonymised customers’ cases identified via the Kaspersky MDR service in Q4 2020[1] to see how widespread and severe resolved incidents were.

The research revealed that almost every industry, except mass media and transportation, saw high-severity incidents during the analysed period. Most often critical incidents affected organisations from the public sector (41% of all high severity incidents were detected in this industry), IT (15%) and financial (13%) verticals.

Almost a third (30%) of these critical incidents were human-driven targeted attacks. Almost one quarter (23%) of high severity incidents were classified as high-impact malware outbreaks, including ransomware. In 9% of cases, cybercriminals gained access to a company’s IT infrastructure using social engineering techniques.

Kaspersky experts also noted that current APTs were typically detected together with artifacts of previous advanced attacks, suggesting that if an organisation responds to a sophisticated threat, it’s often attacked again, likely by the same actor. Also, in organisations experiencing APTs, experts often discovered signs of simulation of adversarial behavior, such as red teaming, or an assessment of a company’s operational security capabilities through a sophisticated attack simulation.

“Our study found that targeted attacks are rather common – more than one quarter (27%) of organisations faced them. The good news is that organisations that are likely to experience such incidents know about this risk and are prepared for them. These organisations employ services that help them assess their defensive capabilities, such as red teaming, as well as seek help from experts who can stop criminals," comments Gleb Gritsai, Head of Security Services, Kaspersky.

To protect your organisation from APTs and other advanced attacks, Kaspersky recommends the following:
• Dedicated services can help against high-profile threats. The Kaspersky Managed Detection and Response service can help identify and stop attacks in their early stages, before the attackers achieve their goals.
• Use a dedicated set for effective endpoint protection, threat detection and response products to timely detect and remediate even new and evasive threats. Kaspersky Optimum Framework includes the essential set of endpoint protection empowered with EDR and MDR.
• Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training.
• Provide your staff with basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques.
The full report is available at the following link.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.


[1] Since Q4 2020 when the service was available in selected markets. It was launched globally in Q1 2021.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts