Many companies fail to notice a cyberattack before it’s too late, only calling in for help once they’ve already had funds or data stolen, or their devices wrecked.
This is according to a new report by Kaspersky. It claims that half of the incident response requests it had gotten last year, happened when it was already too late. The remaining 44 per cent of requests were processed after the attack was detected, but before it managed to cause any serious harm.
Kaspersky says that incident response should not only be used after the cyberattack – it can also be a tool for catching an attack during its earliest stages.
Last year, a quarter of IR cases were initiated after a company spotted malicious activity on its network. Another quarter was initiated after the company found a virus or other forms of malware.
But not everyone was able to properly assess the situation following these findings, and incorrect assessments resulted in malicious activity evolving into a “serious cyberattack with real consequences”.
“The earlier an organisation catches an attack, the smaller the consequences will be. But based on our experience, companies often do not pay proper attention to artefacts of serious attacks, and our incident response team often is being called when it is already too late to prevent damage,” comments Ayman Shaaban, security expert at Kaspersky.
“On the other hand, we see that many companies have learned how to assess signs of a serious cyberattack in their network and we were able to prevent what could have been more sever incidents. We call on other organisations to consider this as a successful case study,”