Is Your Incident Response to Cyber Attacks Useless?


A new report from Carbon Black sheds some light on exactly what cybercriminals are doing, and why traditional incident response is unprepared at best.

Cybercriminals are becoming purposeful in their attack targets and methods and organizations are unprepared to address it, according to endpoint protection vendor Carbon Blacks latest Quarterly Incident Response Threat Report.

In the report, incident response professionals help provide insight into the what, why, and how around modern-day attacks. Some of the more pertinent stats from the report include:

  • Over one-third of attacks have espionage as the end-game
  • 59% of attacks involve lateral movement
  • Over one-third of attacks use a victim for island hopping, with your entire supply chain in mind as a target

These stats alone paint a pretty specific picture. Cybercriminals are attacking with specificity – it’s no longer the “let me gain a foothold and look around until I find something of value” attack; instead todays attacks are well thought-out, planned, and have a specific goal in mind.

A determined attack requires an equal response from your organization. Most organizations have two parts to their security strategy: prevention/protection and incident response.

Prevention and protection today are still lacking – attackers are “living off the land” according to the report, using approved native tools (e.g.: PowerShell, WMI, etc.) and cloud sharing to carry out their malicious activity, making it more difficult to identify and stop. That means organizations need a strong incident response plan in place to address an attack once discovered.

But, what does incident response look like today for most organizations?

According to the report, most organizations simply aren’t prepared:

  • 59% take a completely reactive stance toward incident response
  • 70% lack the visibility to detect an attack
  • 46% of IR engagements have experienced counter-incident response measures making it more difficult to eradicate an attacker and their footholds

The good news is that cybercriminals still enter your organization in the same manners – via social engineering, and drive-by downloads. This puts your users squarely in the line of fire.

Given that most organizations IR isn’t up to par, the onus needs to be placed on prevention – but done where it will have the most impact. Which brings us back to the user. Cyber criminals need user intervention to enable an attack – the click of a link or the opening of an attachment, for example.

By adding new-school Security Awareness Training to your security strategy, users are taught to be suspicious of email and web content they interact with, to spot malicious emails and content, and to avoid becoming a victim – lowering the organization’s risk of successful infection and attack. What you need for that is frequent simulated social engineering attacks and a steady supply of fresh training content.

 The world's largest library of security awareness training content is now just a click away!

In your fight against phishing and ransomware you can now deploy the best-in-class phishing platform combined with the world's largest library of security awareness training content; including 300+ interactive modules, videos, games, posters and newsletters.

Want to see all our great security awareness training content?

It’s easy! You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.


The ModStore Preview Includes:

checkmark 40 e-learning modules
checkmark 25 micro-modules
checkmark 16 compliance modules
checkmark 83 3-5 min videos
checkmark 26 interactive security-trivia games
checkmark 265 pieces of artwork & newsletters

Preview the ModStore Now!
(you'll be pleasantly surprised)

Start Your Preview


Topics: Cybercrime

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews