According to the latest Kaspersky Managed Detection and Response (MDR) analyst report, advanced persistent threats (APTs) have been detected in 25% of companies, accounting for over 43% of all high-severity incidents. This marks a staggering 74% increase compared to 2023.
The annual Managed Detection and Response (MDR) analyst report provides insights based on the analysis of MDR incidents identified by Kaspersky's Security Operations Center team. The report sheds light on the most prevalent attacker tactics, techniques and tools, as well as the characteristics of detected incidents and their distribution across regions and industry sectors among MDR customers.
According to recent findings, Advanced Persistent Threats (APTs), classified as human-driven attacks, significantly affected one in four companies, representing a staggering 43% of all high-severity incidents detected in 2024. Compared to previous years, this marks a striking 74% increase from 2023 and a 43% rise from 2022. Despite advancements in automated detection technologies, determined attackers continue to exploit vulnerabilities and circumvent these systems. Notably, APTs were identified across every sector except telecommunications, with the IT and government sectors bearing the brunt.
Moreover, incidents characterized as human-driven attacks confirmed by customers as cyber exercises comprised more than 17% of total incidents. Additionally, severe violations of security policies comprised approximately 12% of high-severity events, with malware-related incidents also accounting for over 12%, predominantly affecting the financial, industrial and IT sectors.
"In 2024, we observed a significant escalation in Advanced Persistent Threats and this alarming trend emphasizes that even with advancements in automated detection, determined human-driven attacks continue to exploit vulnerabilities across various sectors. Organizations must enhance their preparedness and invest in comprehensive cybersecurity strategies to counteract these sophisticated threats," states Sergey Soldatov, Head of Security Operations Center at Kaspersky.
If companies lack cybersecurity personnel or expertise, they can apply Kaspersky Managed Detection and Response and Kaspersky Incident Response to investigate incidents and receive expert support. These services encompass the entire incident management cycle, from threat identification to continuous protection and remediation, allowing organizations to safeguard themselves even against evasive cyber threats.
The full Kaspersky Managed Detection and Response analyst report for 2024 is available via this link.
