Inefficient incident response to email attacks is costing businesses billions in losses every year. For many organizations, finding, identifying and removing email threats is a slow and manual process that takes too long and uses too many resources. As a result, attacks often have time to spread and cause more damage.
In a recent survey, Barracuda researchers found that, on average, a business takes three and a half hours (212 minutes) to remediate an attack. In fact, 11% of organizations spend more than six hours on investigation and remediation.
Here’s a closer look at why manual incident response is inefficient, along with some solutions to help every business identify and remediate attacks more quickly.
Highlighted Threat
Inefficient incident response — Suspicious emails need to be identified and remediated quickly, before they spread across the organization and cause further damage. After all, in most phishing campaigns, it takes 16 minutes for someone to click on a malicious link. With manual incident response, however, it takes about three and a half hours for organizations to respond. In many cases, by that time, the attack has spread further, requiring additional investigation and remediation.
Fast and automated incident response is more important than ever, considering spear-phishing attacks designed to evade email security are on the rise. For example, business email compromise attacks, which include no malicious links or attachments, have been shockingly effective; in the last three years, these attacks have resulted in losses of $26 billion.
The Details
Barracuda researchers looked at the results of email threat scans of 383,790 mailboxes across 654 organizations over a 30-day period. They used the Barracuda Email Threat Scanner, a free tool that organizations can use to analyze their Office 365 environment and detect threats that got past their email gateway.
The scans conducted in this 30-day period identified nearly 500,000 malicious messages in these inboxes. On average, each organization had more than 700 malicious emails that users could access anytime.
How long would it take you to identify, investigate, and remediate all these malicious messages? At 3.5 hours of clean up per campaign, it would take days, if not weeks, to clean up and make sure that many malicious messages were removed.
In addition to these attacks that are already in your mailboxes, users report suspicious messages to IT every day. Based on data from Barracuda customers, a typical organization responds to around five email-related security incidents each day. With an average of 3.5 hours to respond to each incident, it takes more than 17 hours, or the equivalent of two full-time employees, to respond to what’s being reported each day. That’s time that could be spent on more proactive security measures, such as training employees, managing security patches, or investigating delivered mail for malicious content, which will help them stay ahead of attackers.
How you can improve incident response times
Organizations rarely have this kind of time and resources, so not all incidents are handled according to best practices. Often, IT departments need to prioritize which malicious messages need to be addressed first, leaving organizations, users, and data exposed.
This is where automated incidence response can help. Barracuda research shows that, with automated incident response, you can reduce your response time by 95% on average. For example, for 78% of our customers, incident response now takes less than 10 minutes. That means the five incidents reported by users each day would take less than an hour to remediate.
Automated incident response solutions let you easily identify all internal users who have received a malicious email and remove all instances of it. You can also automatically deliver alerts to affected users to warn them about the threat or provide other instructions.
Improving incident response time makes organizations more secure, helps limit damage, and saves valuable time and resources for IT teams.
Here are three steps you can take to improve incident response:
- Assess email vulnerabilities — Scan your organization’s inboxes to find malicious email and social engineering attacks that your email gateway missed. This will help you understand the vulnerabilities that exist in your email system and the scope of what needs to be investigated and remediated.
- Add spear-phishing protection — Introducing an AI-based protection against phishing and account takeover will help you block these types of threats more effectively and stay ahead of attackers by using artificial intelligence to look for anomalies in real time.
- Automate incident response — An automated incident response solution will help you quickly clean up any threats you found in users’ inboxes during the email scan and make remediation more efficient for all messages going forward.