Manually addressing breaches that result from email-based attacks is a time sink for IT professionals, according to a Barracuda report.
Security incident response plans often prioritize ensuring an infection is completely eradicated, to the detriment of speed. However, attack payloads are increasingly designed to traverse networks to infect as many systems as possible, making remediation a race against the clock.
Phishing attacks, including Business Email Compromise (BEC) attacks that direct users to perform transfer-of-funds requests to accounts controlled by cybercriminals, have resulted in losses totaling $26 billion from June 2016 to July 2019, according to the FBI.
On average, businesses take three and a half hours--212 minutes, precisely--to remediate attacks, with 11% of businesses surveyed taking more than six hours on remediating security incidents, according to a Barracuda Networks blog post, published Thursday.
SEE: Phishing attacks: A guide for IT pros (free PDF) (TechRepublic)
Likewise, Barracuda cites a 2018 Verizon study that found that it takes only 16 minutes for a user to click on a malicious link, in most phishing campaigns, highlighting the urgency with which timely response is needed. "Based on data from Barracuda customers, a typical organization responds to around five email-related security incidents each day. With an average of 3.5 hours to respond to each incident, it takes more than 17 hours, or the equivalent of two full-time employees, to respond to what's being reported each day," the post stated.
One of the solutions for this as proposed by Barracuda is automated email scanning--a service they, and others, provide freely. From an analysis of data from Barracuda users, nearly 500,000 malicious messages were identified in a 30-day sample of over 380,000 mailboxes across 654 organizations. On average, according to the report, "each organization had more than 700 malicious emails that users could access anytime."
Use of automated incident response reduced response time by 95%, on average, according to the report. Barracuda recommends the use of email scanning and automated incident response to protect against email-based attacks.
The FBI offers the following suggestions for protecting against email-based attacks:
Use secondary channels or two-factor authentication to verify requests for changes in account information.
Ensure the URL in emails is associated with the business it claims to be from.
Be alert to hyperlinks that may contain misspellings of the actual domain name.
Refrain from supplying login credentials or PII in response to any emails.
Monitor their personal financial accounts on a regular basis for irregularities, such as missing deposits.
Keep all software patches on and all systems updated.
Verify the email address used to send emails, especially when using a mobile or handheld device by ensuring the senders address email address appears to match who it is coming from.
Ensure the settings the employees' computer are enabled to allow full email extensions to be viewed.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)