K V Kurmanath | Hyderabad, June 6 |
From 9 per cent in 2020, the share of critical incidents spiked to 14 per cent in 2021
The seriousness of cyber attacks can be gauged by finding the percentage of critical incidents in the total number of cyber attacks.
A recent study finds that the share of critical incidents reported by organisations increased from one-in-ten (9 per cent) in 2020 to one-in-seven or 14 per cent, in 2021. Organisations across industries experienced high severity incidents during this period.
The most frequent causes of critical incidents remained the same as in the previous year. Targeted attacks accounted for 40.7 per cent of critical incidents, followed by malware (14 per cent) and incidents classified as exploitation of publicly exposed critical vulnerabilities (about 13 per cent).
Social engineering also remained a relevant threat, accounting for almost 5.5 per cent of incidents, according to an analysis by cyber security solutions company Kaspersky. The largest number of human-driven attacks were detected in the government, industrial, IT and financial verticals.
To better prepare themselves against targeted attacks, organisations can employ services which conduct ethical offensive exercises, Kaspersky said. “Increasingly, complex infrastructure, shortage of skilled professionals and the growing sophistication of attacks can all affect the efficiency of cybersecurity teams and their ability to identify adversarial activity before incidents happen,” it said.
How to protect networks
Kaspersky has asked organisations to deploy a solution that combines detection and response capabilities and manages threat hunting, to help identify both known and unknown threats.
An alerts-driven approach is no longer effective in reacting to modern threats. “You need to implement expert Incident Response training to improve the expertise of your in-house digital forensics and incident response team. That will help verify and handle threats quicker and minimise the incident impact,” it said.
It wants organisations to provide their staff essential cyber security knowledge in order to reduce the likelihood of targeted attacks.