By Yuraisha Mari – Cyber threat statistics make for grim but thought-provoking reading. Kaspersky research has found that ransomware attacks globally, accounted for every third cyber incident last year. The data has shown a significant 30% global increase in the number of targeted ransomware groups compared to 2022. Ransomware attacks are therefore still one of the number one cyberthreats experienced by customers today.
According to a Kaspersky survey, 78% of companies in the Middle East, Türkiye, and Africa (META) region have experienced at least one cyber incident in the past two years. Twenty-nine percent of these incidents were caused by employees falling victim to phishing attacks. Security Awareness is a major concern for most IT budget holders with the frequency of high-severity incidents with direct human involvement exceeding two per day in 2023.
The Kaspersky Digital Footprint Intelligence has found that the share of corporate devices compromised with data-stealing malware has increased by one-third since 2020. Our team has revealed that corporate devices are facing a growing threat from info stealers, with the share of corporate users compromised with such malware having increased by 34% since 2020.
In 2023, our experts concluded that every second device (53%) that was infected with credential-stealing malware was corporate.
Among trends in cybercrime we can name cross-platform ransomware; code adoption from other malware families; dark market of malware, zero-day vulnerabilities, stolen data. We estimate about 80% of cyberthreats are general malware or crimeware, while 19,9% is targeted crimeware and less than 1% is advanced persistent threats.
With the spread of attacks via suppliers it’s essential for organisations of all sizes to mitigate against the evolving threat landscape.
One of the best approaches is to combine endpoint protection with endpoint detection and response as well as extended detection and response. This three-pronged way to navigate the modern attack surface will empower companies across all industry sectors with the means to improve device protection while also defending themselves against human error.
Injecting these solutions with machine learning and AI capabilities means businesses can withstand more prevalent, evasive, and sophisticated attacks while benefitting from complete visibility, control, rapid response, and proactive threat hunting. An example of this approach in practice can be found in the Kaspersky Next line of cybersecurity products. These are deployment-agnostic and allow for both cloud and on-premises options.
Even with powerful solutions such as these available, organisations must have cybersecurity policies and employee training programmes. Kaspersky research has found less than one-third of companies in South Africa organised training on cybersecurity for employees.
To be effective against evolving cyber threats, companies are advised to organise cyber literacy courses and conduct frequent checkups to review their efficacy. Employees must also know about trending cyberthreats and know how to recognise and avoid them. Regular education for IT and InfoSec staff about actual cyber risks is also important.
One more aspect that influences cybersecurity in organisations is IT understaffing. 43% of companies in the META region acknowledged that they are facing a shortfall of qualified cybersecurity professionals. The use of centralised and automated solutions such as Kaspersky Extended Detection and Response can help reduce the burden on the IT security team and minimise the possibility of making mistakes.
By aggregating and correlating data from multiple sources in one place and using technologies of machine learning, such solutions reduce the mean time to detect threats and provide fast automated response. To minimise the negative consequences of the cybersecurity staff shortfall, it’s recommended to adopt managed security services, thus acquiring high-level expertise without hiring additional personnel.
Staying on top of cybersecurity changes and having a holistic approach to cyber defences helps organisations operate and develop without interruptions, getting all the benefits of information technologies while having an advanced security strategy, educated employees, threat intelligence and robust security solutions.
Yuraisha Mari is the enterprise group manager for Africa at Kaspersky