We’ve all heard the phrase “time is money,” but when it comes to security incident responses, lost time isn’t just lost revenue — it can also mean a loss of new business, loss of existing customers, loss of critical data, and a loss of brand reputation. In fact, the inability to respond to email and other cyberattacks is resulting in billions of dollars of losses each year for affected businesses.
Because the threat landscape is continually evolving, identifying and removing these email-based threats is often a slow, manual, and resource-intensive process. The longer it takes to root out malicious emails, the farther they can spread and the more damage they can cause.
Over the past three years, for example, losses just from business email compromise attacks have mounted to more than $26 billion. With more and more targeted spear phishing attacks on the rise, it will become harder to spot these threats. That means a fast, automated incident response system is critical to preventing loss.
Yet, while email-based security threats spread and evolve rapidly, response times are not keeping pace. According to a recent Barracuda survey, businesses take three and a half hours (or 212 minutes) on average to remediate an attack, and 11 percent of businesses can take longer than six hours to fully investigate and remediate a problem.
Further, a recent report from Verizon found 4 percent of targets of a given phishing campaign will click on a malicious link. For most phishing campaigns, it takes roughly 16 minutes before someone clicks on that link. The first report of a problem from an end user will arrive, on average, after 28 minutes. If it takes hours before there is a response from IT or a service provider, these attacks can spread quickly before they are detected and addressed. The farther the attack spreads, the longer the remediation process takes.
The Need for Automation
In its research, Barracuda looked at the outcome of email threat scans of 383,790 mailboxes across 654 organizations over a 30-day period using the Barracuda Email Threat Scanner, a free tool that organizations can use to analyze their Office 365 environments and detect threats that got past their email gateways.
The results were alarming. Over a 30-day period, these scans identified almost 500,000 malicious messages in the surveyed inboxes. On average, each organization had more than 700 malicious emails that landed in users’ inboxes. At more than three hours of remediation work for each campaign, these companies would need days or weeks to address that volume of attacks.
Compounding the difficulty of addressing email-based attacks is the high level of end user reported incidents. Barracuda customers, on average, responded to five email-related security incidents every day. That eats up at least 17 hours of labor in response and remediation work that might otherwise be spent on more value-added tasks. Because IT departments are usually strapped for resources, they have to pick and choose which incidents to fully address first.
Having to prioritize those manual responses leaves businesses vulnerable. Automated monitoring and response solutions are critical for addressing the overwhelming volume of email-based attacks, particularly new types of attacks that are designed to bypass traditional security gateways and filtering solutions.
First, organizations should automate the assessment of their email vulnerabilities. Tools like the Barracuda Email Threat Scanner (which integrates with Office 365) can find malicious emails and social engineering-based attacks that are frequently missed by email gateways. Using this type of solution can help IT departments and managed security services providers get a better gauge of existing vulnerabilities and which types of threats will require investigation.
Companies can also leverage AI-based protection against spear phishing and account takeover attacks. This type of system can integrate directly into Office 365 to find threats that are designed to bypass traditional security gateways, and it can also learn a company’s unique communication patterns to better detect potential phishing and account takeover attacks. These solutions run automatically in the background to block these emails from reaching users.
An automated incident response solution can also help security specialists quickly address any threats found in users’ inboxes during the email scan. This also makes remediation more efficient for all messages in the future. A forensic solution can help respond quickly to attacks and stop the damage in a few minutes, identify anomalies that may indicate emerging threats, and use the intelligence gathered from those responses to block future potential malicious emails.
According to Barracuda’s research, automated incident response can help reduce response times by 95 percent on average. Based on surveys of existing customers, 78 percent of these organizations have achieved response times of less than 10 minutes. With five incidents reported each day, the time to address them is cut down to less than an hour.
With automation, organizations can improve their security response times, which limits the damage (and associate costs) following an attack. These solutions also make it easier for IT departments to optimize resource utilization and spend more time creating value for the entire organization. After all, time is money.
Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.