Sadly i've found that most times it's a false alarm, depending on how your forms post and such, we have had to disable it on many of our sites through the AppKey. Is that the safest thing? no, but if you have an form that it's being triggered on, you may need to take that route.
First though verify this isn't a real attack, if it is and you have a form exposed that could be a risk factor, you probably don't want to disable CSRF.
i would read up on Kentico's documentation on CSRF and judge for yourself what you want to do.