Nearly 60% of Incident Response Requests Processed by Security Specialists Kaspersky in 2018 they were made after organizations suffered an attack with consequences, such as unauthorized transfers, ransomware-encrypted workstations and unavailability of services.
Already 44% of the requests were after the detection of the attack in early stage, saving the company from more serious consequences. These were the highlights of Kaspersky's latest Incident Response Report.
On 2018, 22% of security incident response cases occurred after discovering possible malicious activities on the network and other 22% started after a malicious file was found on the system. Even without any other sign of violation, both cases suggest that an attack is underway. However, not all security teams can tell if their automated security solutions have already detected and blocked malware or if this was just the beginning of an invisible infection on your network that needs outside expert support.
It is often assumed that incident response is required only when the damage of a cyber attack has already occurred and a thorough investigation is needed. However, analysis of several cases shows that this feature is not only investigative, but also a mitigation tool when it is possible to detect early attack and prevent further damage.
Some conclusions from Kaspersky's report:
- 81% of organizations providing data for analysis had indicators of malicious activity on their internal networks;
- 34% of organizations showed signs of an advanced targeted attack;
- 54% of financial organizations were being attacked by one or more groups specializing in APTs (advanced persistent threats).
To react effectively Kaspersky recommends:
- Make sure the company has a dedicated team (at least one employee) responsible for issues related to IT security;
- Implement critical asset backup systems;
- To respond quickly to a cyber attack, associate the internal security incident response team, which would be the first line of response, with external service providers who would handle more complex incidents;
- Develop a security incident response plan with detailed guidelines and procedures for the various types of cyber attacks;
- Introduce awareness training to instruct employees on digital hygiene and explain how they can recognize and avoid possible malicious emails or links;
- Implement automated processes to manage software patches and updates;
- Conduct periodic security assessments on your IT infrastructure.
