Security experts unsure of how to combat targetted attacks: Kaspersky report

More than 60% of IT security experts are unsure of how to combat security breaches like targetted attacks, a new report on behalf of cybersecurity company Kaspersky Lab has found.

The report, titled New Threats, New Mindset: Being Risk Ready in a World of Complex Attacks, found that global businesses realize a security breach will happen to them at some point (57% versus 51% last year), but they remain unsure of the most effective strategy to combat threats like targeted attacks (42%). “Perhaps more worryingly, the study showed that uncertainty is significantly higher (63 per cent) among respondents who are IT security experts and should, therefore, be more familiar with the issue,” Kaspersky said in a press release.

The study also revealed some geographical differences. Half of businesses in the Asia-Pacific region agreed that they were unsure of the best response strategy, compared to 41% in Europe, 39% in North America and 31% in Russia. Similarly, 46% of respondents agreed that their knowledge of IT security threats specifically targetting their business is “far from ideal,” the report said, rising to 62% in Asia-Pacific and dropping to 42%, 41% and 36%, in Europe, North America and Russia, respectively.

The Kaspersky Lab Corporate IT Security Risks Survey is a global study of IT business decision makers, carried out by market research company B2B International. Researchers questioned 5,274 workers about various aspects of cybersecurity, including their company’s attitudes towards the area, the main challenges they are facing and the types of approaches/strategies they currently use. Respondents represented very small businesses (1-49 employees), small- to medium-sized businesses (50-999 employees) and large organizations with 1,000+ employees. Results were compared to last year’s survey – as well as between regions, industries and company sizes – to paint a comprehensive picture of the threat landscape, Kaspersky noted in the release.

According to the survey, “targetted attacks have become one of the fastest growing threats in 2017, increasing in overall prevalence by 11 per cent for large enterprises.” In addition, two-thirds of respondents (66%) in the study agreed that threats are becoming more complex and for more than half (52%), it’s becoming difficult to tell the difference between generic and complex attacks.

Surprisingly, and despite the high level of uncertainty about their strategies, the majority of companies (77%) believe that they spend enough – or even overspend – on protection from targetted attacks. “This is perhaps due to how threat protection is perceived: threats are sometimes merely seen as a technical problem to be solved through buying and deploying more advanced cybersecurity solutions,” Kaspersky said in the release. “A more balanced approach to incident response, however, includes investing not only in the right technologies, but also in people with specific skillsets and in the right processes.”

Technology is one of the most important parts in this combination, the cybersecurity company explained. As the study shows, there is a clear need for security solutions that go beyond prevention and provide a more complete package, also adding a detection and response functionality. For example, 56% of businesses agree that they need better tools to detect and respond to advanced persistent threats and targetted attacks.

This is especially true given the fact that detection speed is crucial in reducing the financial impact of an attack. According to the report, in the last year, just one-quarter (25%) of companies discovered their most serious security incident within a day; however, immediate detection significantly lowers the average cost of recovery – for example from US$1.2 million for enterprises that take more than a week to detect the threat, to US$456,000 for those that can detect a threat right away.

People are another crucial component, with 53% of businesses agreeing that they need to employ more specialists with specific experience in IT security, namely in security operations centre management, incident response and threat hunting – this figure jumps to 61% among enterprises. “This is not surprising, as a lack of internal experts increases a company’s exposure to targetted attacks by 15%, and also increases the average financial impact of an attack on enterprises – from US$930,000 to US$1.1 million,” Kaspersky said.

Overall, to be able to effectively combat complex cyberthreats, organizations also need to think about incident response as a process, not a destination, Kaspersky advised. This means that there’s a need for a comprehensive incident investigation framework, comprised of always-on monitoring, advanced detection and critical security event mitigation.

“Now that companies are starting to realize that cybersecurity breaches are a real risk to their business continuity, it’s time to give incident response the attention it deserves,” suggested Alessio Aceti, head of the enterprise business division with Kaspersky Lab. “It can no longer be a small part of the IT security department’s responsibilities, and should instead involve strategic planning and investment at the highest level. For organizations, this doesn’t mean becoming risk-free but it will certainly help to become risk-ready and survive a serious breach when it happens.”