The daily number of human-driven cyber incidents increased by 1.5 times in 2022
Research based on the analysis of incidents reported to customers of Kaspersky Managed Detection and Response (MDR) has revealed that Security Operations Center (SOC) analysts discovered more than three high-severity incidents with direct human involvement every day in 2022.
The efficiency external specialists provided while dealing with cybersecurity solutions and requirements of special knowledges were the main reasons for the companies to outsource external experts in 2022. To address the lack of gaps in expertise among IT Security professionals and provide them with insights on the current threat landscape, Kaspersky analyzed anonymized customer incidents detected by its MDR service.
Kaspersky’s annual Managed Detection and Response Analyst Report[1] showed the high-severity incidents required an average 43.8 minutes to be detected by Kaspersky MDR[2]. Due to an increase in human-driven attacks this processing time grew by approximately 6% compared to previous year, as they take up more of SOC analyst time.
Regarding the nature of such incidents, 30% of them were associated with APTs, 26% accounted for malware attacks, and just over 19% resulted from “ethical hacking” (pentests, red teaming or any other types of cyber exercises conducted in customers’ infrastructures either for the security assessment of IT systems or to test the operational readiness of the MDR service). The proportion of incidents involving publicly available critical vulnerabilities and the detection of traces of previous attacks involving humans was around 9%. The remaining incidents resulted from the successful use of social engineering techniques or were linked to insider threats.
.png)
Key causes of high-severity incidents
‘The MDR report shows that sophisticated attacks driven by humans continue to grow. They require more resources to be investigated and they take up more of SOC analyst time as this type of attack lends itself to automation to a lesser degree. To detect these attacks efficiently we recommend companies to implement comprehensive threat hunting practices combined with classic alert monitoring,’ comments Sergey Soldatov, Head of Security Operations Center, Kaspersky.
For greater protection from advanced attacks, Kaspersky experts recommend the following:
• Deploy a solution that combines detection and response capabilities and help identify threats without involving additional in-house resources.
• Provide your SOC team with access to the latest threat intelligence and ensure in-depth visibility into cyberthreats targeting your organization.
• Provide your staff with essential cybersecurity knowledge to reduce the likelihood of targeted attacks.
• Implement expert Incident Response training to improve the expertise of your in-house digital forensics and incident response team.
The full Kaspersky Managed Detection and Response Analyst Report 2022 is available via this link.
[1] The Managed Detection and Response Analyst Report 2022 presents the results of analysis of incidents detected by Kaspersky’s Security Operations Center (SOC) team. The report provides information about the most common attack tactics, techniques and tools, as well as the nature of detected incidents, their geography and distribution by sector. The results are achieved through the use of Kaspersky MDR.
[2] Kaspersky MDR is a 24/7 incident monitoring and response service powered by Kaspersky SOC technology and expertise.
The daily number of human-driven cyber incidents increased by 1.5 times in 2022
Kaspersky
Related Articles Press Releases
Kaspersky experts report more than two critical cyber incidents per day in 2023
The frequency of high-severity incidents with direct human involvement exceeded two per day in 2023, according to the Kaspersky Managed Detection and Response (MDR) team. In the latest MDR Analyst Report, they observed this trend across all industries with financial, IT, government, and industrial sectors at the top of the list.Read More >Kaspersky expands Global Transparency Initiative launching Istanbul Transparency Center
Kaspersky has today announced the opening of its new Transparency Center in Istanbul, Turkey, where the company’s stakeholders can learn more about Kaspersky solutions, review its source code or examine the results of independent audits. This marks further expansion of the company’s Global Transparency Initiative (GTI), which Kaspersky has been developing since 2018, enhancing trust in its products and internal processes and promoting evidence-based approach toward IT product security assessment.Read More >Updated Kaspersky Security for Mail Server offers advanced content filtering and enhanced visibility for SOC
Kaspersky has announced a significant update to its Kaspersky Security for Mail Server, designed to strengthen systems against emerging email threats. The latest version of Kaspersky Security for Mail Server features advanced functionality for content filtering, quarantine management, and enhanced visibility for Security Operations Centers (SOC).Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.