Kaspersky's MDR report 2023 reveals rising cyber incident rates across sectors. Sergey Soldatov, head of security operations center, Kaspersky, emphasises need for robust cybersecurity solutions
Throughout 2023, Kaspersky's Managed Detection and Response (MDR) team recorded more than two critical cyber incidents daily, surpassing the frequency observed in previous years. The latest MDR Analyst Report showcases this trend across various industries, with the financial, IT, government, and industrial sectors experiencing the highest incidence rates.
The annual MDR Analyst Report offers insights into reported incidents, their characteristics, and their distribution by industry and geographic region. It also sheds light on the most prevalent tactics, techniques, and tools employed by attackers over the past year. These findings stem from an analysis of MDR incidents detected by the Kaspersky Security Operations Center (SOC).
Advanced attack protection recommendations
According to the report, 22.9% of all identified high-severity incidents occurred within the government sector. IT companies followed closely at 15.4%, with financial and industrial companies reporting 14.9% and 11.8% of incidents, respectively.
In terms of incident nature, nearly 25% were human-driven, while just over 20% involved various types of 'cyber exercises'—formerly classified as targeted attacks by Kaspersky but reclassified as such upon explicit customer confirmation.
The percentage of malware attacks resulting in serious consequences slightly decreased in 2023 compared to previous years, constituting just over 12% of the total reported critical incidents. This decline reflects the "commoditization of attacks," wherein previously developed tools, initially intended for targeted campaigns, have become widespread due to deliberate or accidental leaks. These tools are now repurposed in attempts to execute fully automated attack scenarios.
The 2023 MDR report also indicated that around 4-5% of incidents involved the detection of targeted attack artifacts, publicly available critical vulnerabilities, and the use of social engineering.
Sergey Soldatov, head of security operations center at Kaspersky, commented, ‘In 2023, Kaspersky detected a smaller number of high-severity incidents, but observed a simultaneous increase in the number of medium and low severity ones. This redistribution of occurrences is associated with the detection of malware without visible traces of active human participation in attacks, which can be explained by the “commoditization of tools”. However, it’s important to understand that the low number of high-severity incidents does not necessarily indicate low damage. Targeted attacks are now planned more carefully, and become more dangerous. Therefore, we recommend the use of effective automated cybersecurity solutions managed with the help of experienced SOC analysts.’
To bolster protection against advanced attacks, companies are encouraged to implement effective cybersecurity solutions and engage qualified practitioners to manage them or opt for managed security services like Kaspersky Managed Detection and Response (MDR) and Kaspersky Incident Response. These services cover the entire incident management cycle, from threat identification to ongoing protection and remediation, offering defense against evasive cyberattacks, incident investigation, and additional expertise, even in the absence of in-house security personnel.