In the majority of cases when security researchers request additional details of a suspicious object, they actually turn out to be malicious and put corporate security at risk, shows a new Kaspersky study. Security experts said that they did an analysis of statistics derived from their threat intelligence portal which showed a direct link between premonition of danger and the actual results.
The study found that when security researchers requested additional details of a suspicious object, 72 per cent of cases turned out to be malicious and could put corporate security at risk if not investigated. 44 per cent of average security alerts faced by companies are not investigated while 67 per cent of companies do not report cybersecurity incidents to regulators.
Experts say companies often struggle to handle the huge volume of incoming warning signals. This puts additional pressure on companies to decide which alerts deserve their maximum attention.
-- Kaspersky's stats reveal that in most cases, the initial call to check the alert is proven to be right
-- 7 out of 10 of requests analysed by researchers turn out to be malicious.
-- The share of such objects is especially high for web-related items.
-- 86 per cent of these requests are confined to domains, in addition to IP addresses (75 per cent) and URLs (73 per cent).
-- The study shows This figure drops for files whereas 61 per cent of hashes were categorised as dangerous.
-- It is harder for researchers to distinguish legitimate files from malicious ones without consulting with the appropriate threat intelligence.
-- 41 per cent of total requests fall under the category where researchers are supposed to analyse which resources the endpoints in their network are communicating with.
-- 3 per cent of requests were about a file hash category.
"As our statistics show, security analysts in organizations rarely make mistakes when they suspect that an alert poses a security risk and might need further investigation. However, it’s not all about checking the hypotheses," said Anatoly Simonenko, Group Manager, Technology Solutions Product Management at Kaspersky.
"To be able to accelerate their incident response and forensic capabilities, analysts need to see the bigger picture on a threat, quickly," Simonenko added. "Access to threat intelligence provides just that, ultimately saving time and effort for typically understaffed security teams."