Inefficient incident response to email attacks is costing billions in losses every year. Barracuda researchers found that, on average, a business takes three and a half hours (212 minutes) to remediate an attack. In fact, 11% of organizations spend more than six hours on investigation and remediation – and that’s just email threats. For many organizations, finding, identifying and removing threats is a slow and manual process that they don’t have the resources to perform. As a result, attacks have time to spread and cause more damage.

How long would it take you to identify, investigate, and remediate an incident?  It would depend on the type of incident.  You should have staff or outside resources that are prepared to take action on the most likely types of attacks you might face, based on an assessment of your risk.  The risk assessment should look at:

1) What type(s) of data is stored in or passes through your network?

2) Does any of this data fall under protected categories that requires adherence to specific standards to protect it and notification if it is exposed?

3) What vendor(s) touch or have access to this data?  How are you confirming that they are also taking steps to prevent exposure as you are still ultimately liable?

4) What staff members have access to the data, and how do they access it?  Do any work from remote locations or have ability to connect from home?

Based on the factors above, you can determine your most likely types of incidents.  Let’s take the example of a firm that provides professional services (law firm, accountant,  insurer, or even IT support provider) as they are all likely to have sensitive data on their clients.  Some examples of likely scenarios could be:

  • Employee receives phishing email and provides credentials via fake log in site, hackers now have access to the data that they employee has access to.
  • MSP is hacked, and data stored on AWS back up servers is copied to the Dark Web for sale, including your business’s back up files.
  • Staff member who normally works from home goes to a local coffee shop and connects to the office database using free wi-fi and unencrypted connection is intercepted.

Incident response resources can provide help with identifying, investigating, responding, remediating threats, and lessons learned to prevent similar attacks in the future.