Threat Spotlight: Inefficient incident response

Inefficient incident response to email attacks is costing businesses billions in losses every year. For many organisations, finding, identifying and removing email threats is a slow and manual process that takes too long and uses too many resources. As a result, attacks often have time to spread and cause more damage.

  • 5 years ago Posted in
In a recent survey, Barracuda researchers found that, on average, a business takes three and a half hours (212 minutes) to remediate an attack. In fact, 11% of organisations spend more than six hours on investigation and remediation.

Here’s a closer look at why manual incident response is inefficient, along with some solutions to help every business identify and remediate attacks more quickly.

Highlighted Threat: 

Inefficient incident response — Suspicious emails need to be identified and remediated quickly, before they spread across the organisation and cause further damage. After all, in most phishing campaigns, it takes 16 minutes for someone to click on a malicious link. With manual incident response, however, it takes about three and a half hours for organisations to respond. In many cases, by that time, the attack has spread further, requiring additional investigation and remediation.

Fast and automated incident response is more important than ever, considering spear-phishing attacks designed to evade email security are on the rise. For example, business email compromise attacks, which include no malicious links or attachments, have been shockingly effective; in the last three years, these attacks have resulted in losses of $26 billion.

The Details:

Barracuda researchers looked at the results of email threat scans of 383,790 mailboxes across 654 organisations over a 30-day period. They used the Barracuda Email Threat Scanner, a free tool that organisations can use to analyse their Office 365 environment and detect threats that got past their email gateway.

The scans conducted in this 30-day period identified nearly 500,000 malicious messages in these inboxes. On average, each organisation had more than 700 malicious emails that users could access anytime. 

 How long would it take you to identify, investigate, and remediate all these malicious messages? At 3.5 hours of clean up per campaign, it would take days, if not weeks, to clean up and make sure that many malicious messages were removed. 

In addition to these attacks that are already in your mailboxes, users report suspicious messages to IT every day. Based on data from Barracuda customers, a typical organisation responds to around five email-related security incidents each day. With an average of 3.5 hours to respond to each incident, it takes more than 17 hours, or the equivalent of two full-time employees, to respond to what’s being reported each day. That’s time that could be spent on more proactive security measures, such as training employees, managing security patches, or investigating delivered mail for malicious content, which will help them stay ahead of attackers.

How you can improve incident response times

Organisations rarely have this kind of time and resources, so not all incidents are handled according to best practices. Often, IT departments need to prioritise which malicious messages need to be addressed first, leaving organisations, users, and data exposed.

This is where automated incidence response can help. Barracuda research shows that, with automated incident response, you can reduce your response time by 95% on average. For example, for 78% of our customers, incident response now takes less than 10 minutes. That means the five incidents reported by users each day would take less than an hour to remediate.

Automated incident response solutions let you easily identify all internal users who have received a malicious email and remove all instances of it. You can also automatically deliver alerts to affected users to warn them about the threat or provide other instructions. 

Improving incident response time makes organisations more secure, helps limit damage, and saves valuable time and resources for IT teams.

Here are three  steps you can take to improve incident response:
  1. Assess email vulnerabilities Scan your organisation’s inboxes to find malicious email and social engineering attacks that your email gateway missed. This will help you understand the vulnerabilities that exist in your email system and the scope of what needs to be investigated and remediated.


  2. Add spear-phishing protection — Introducing an AI-based protection against phishing and account takeover will help you block these types of threats more effectively and stay ahead of attackers by using artificial intelligence to look for anomalies in real time.

  3. Automate incident response — An automated incident response solution will help you quickly clean up any threats you found in users’ inboxes during the email scan and make remediation more efficient for all messages going forward.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...