Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Kaspersky MDR report finds daily number of human-driven cyber incidents increased by 1.5 times in 2022
Research based on the analysis of incidents reported to customers of Kaspersky Managed Detection and Response (MDR) has revealed that Security Operations Center (SOC) analysts discovered more than three high-severity incidents with direct human involvement every day in 2022.

The efficiency external specialists provided while dealing with cybersecurity solutions and requirements of special knowledge were the main reasons for the companies to outsource external experts in 2022. To address the lack of gaps in expertise among IT Security professionals and provide them with insights on the current threat landscape, Kaspersky analyzed anonymized customer incidents detected by its MDR service.  

Kaspersky's annual Managed Detection and Response Analyst Report showed the high-severity incidents required an average 43.8 minutes to be detected by Kaspersky MDR. Due to an increase in human-driven attacks this processing time grew by approximately 6% compared to previous year.

Regarding the nature of such incidents, 30% were associated with APTs, 26% accounted for malware attacks, and just over 19% resulted from "ethical hacking" (pentests, red teaming or any other types of cyber exercises conducted in customers' infrastructures either for the security assessment of IT systems or to test the operational readiness of the MDR service).

The proportion of incidents involving publicly available critical vulnerabilities and the detection of traces of previous attacks involving humans was around 9%. The remaining incidents resulted from the successful use of social engineering techniques or were linked to insider threats.    

"This MDR report shows that sophisticated attacks driven by humans continue to grow," said Sergey Soldatov, head of security operations center at Kaspersky. "They require more resources to be investigated and they take up more of SOC analyst time as this type of attack lends itself to automation to a lesser degree. To detect these attacks efficiently we recommend companies to implement comprehensive threat hunting practices combined with classic alert monitoring."

For greater protection from advanced attacks, Kaspersky experts recommend the following:

  • Deploy a solution that combines detection and response capabilities and help identify threats without involving additional in-house resources.
  • Provide your SOC team with access to the latest threat intelligence and ensure in-depth visibility into cyberthreats targeting your organization.
  • Provide your staff with essential cybersecurity knowledge to reduce the likelihood of targeted attacks.
  • Implement expert Incident Response training to improve the expertise of your in-house digital forensics and incident response team.

The full Kaspersky Managed Detection and Response Analyst Report 2022 is available here.

Published Tuesday, May 02, 2023 9:01 AM by David Marshall
Filed under: ,
Get This Featured White Paper: Virtualization Monitoring 101
You may also be interested in this white paper: Lift and Shift Backup and Disaster Recovery Scenario for Google Cloud: Step by Step Guide
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
connected-britain
ContainerDays2023
vExpert
Calendar
<May 2023>
SuMoTuWeThFrSa
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910