According to a report based on the analysis of incidents reported to Kaspersky Managed Detection and Response (MDR) customers, Security Operations Center (SOC), analysts discovered more than three high-severity incidents with direct human involvement every day in 2022.
The main reasons for companies to outsource external cybersecurity experts in 2022 were the efficiency that external specialists provided while dealing with cybersecurity solutions and the requirements of specialized knowledge. To address gaps in expertise among IT Security professionals and provide them with insights into the current threat landscape, Kaspersky analyzed anonymized customer incidents detected by its MDR service.
Kaspersky’s annual Managed Detection and Response Analyst Report showed that high-severity incidents required an average of 43.8 minutes to be detected by Kaspersky MDR. Due to an increase in human-driven attacks, this processing time grew by approximately 6% compared to the previous year, as these attacks take up more SOC analyst time.
Regarding the nature of such incidents, 30% of them were associated with APTs, 26% accounted for malware attacks, and just over 19% resulted from “ethical hacking” (pen tests, red teaming, or any other types of cyber exercises conducted in customers’ infrastructures either for the security assessment of IT systems or to test the operational readiness of the MDR service).
The proportion of incidents involving publicly available critical vulnerabilities and the detection of traces of previous attacks involving humans was around 9%. The remaining incidents resulted from the successful use of social engineering techniques or were linked to insider threats.
According to the MDR report, human-driven sophisticated attacks are increasing and require more resources and time to investigate. To efficiently detect these attacks, comprehensive threat hunting practices combined with classic alert monitoring are recommended by Sergey Soldatov, Head of Security Operations Center at Kaspersky.
To better protect against advanced attacks, Kaspersky experts recommend that users deploy a solution that combines detection and response capabilities and helps identify threats without involving additional in-house resources.
They also advise that to provide the SOC team with access to the latest threat intelligence and ensure in-depth visibility into cyber threats targeting your organisation.
Moreover, experts belive that users should provide their staff with essential cybersecurity knowledge to reduce the likelihood of targeted attacks.
And finally, they suggest the implementation of expert Incident Response training to improve the expertise of your in-house digital forensics and incident response team.