Inefficient Response to Email Attacks Costly to Organizations: Barracuda Networks

Inefficient response to email attacks is costing businesses billions annually. For many organizations, finding, identifying and removing threats is a slow, manual process taking too long and using too many resources. 

In a recent survey, Campbell, Calif.-based Barracuda Networks found, on average, a business takes three-and-a-half hours (212 minutes) to remediate an attack. In fact, 11% of organizations spend more than six hours on investigation and remediation.

Barracuda researchers looked at the results of email threat scans of 383,790 mailboxes across 654 organizations over a 30-day period. They used the Barracuda Email Threat Scanner, a free tool that organizations can use to analyze their Office 365 environment and detect threats that got past their email gateway.

The scans conducted in this 30-day period identified nearly 500,000 malicious messages in these inboxes. On average, each organization had more than 700 malicious emails that users could access anytime.

According to the Barracuda study, suspicious emails need a quick identification and remediation response before they spread across the organization and cause further damage. After all, in most phishing campaigns, it takes 16 minutes for someone to click on a malicious link. With manual incident response, however, it takes about three-and-a-half hours for organizations to respond. In many cases, by that time, the attack has spread further, requiring additional investigation and remediation.”

Barracuda maintained fast and automated incident response is more important than ever, considering spear-phishing attacks designed to evade email security are on the rise. “For example, business email compromise attacks, which include no malicious links or attachments, have been shockingly effective; in the last three years, these attacks have resulted in losses of $26 billion,” Baracuda said. 

Based on Barracuda customer data, a typical organization responds to about five email-related security incidents daily. With an average of 3.5 hours to respond to each incident, it takes more than 17 hours, or the equivalent of two full-time employees, to act in response daily. According to the organization, “That’s time that could be spent on more proactive security measures, such as training employees, managing security patches, or investigating delivered mail for malicious content, which will help them stay ahead of attackers.”

The Barracuda report also pointed out organizations, often pressed for time and with limited resources, do not always handle each incident according to best practices: “Often, IT departments need to prioritize which malicious messages need to be addressed first, leaving organizations, users, and data exposed.”

The Barracuda report provided three steps to improve incident response:

1. Assess email vulnerabilities: “Scan your organization’s inboxes to find malicious email and social engineering attacks that your email gateway missed.” This will help the organization understand vulnerabilities existing in the email system and the scope of investigation and remediation needed.
2. Add spear-phishing protection: Introducing an artificial intelligence-based protection against phishing and account takeover will help block these types of threats more effectively and stay ahead of attackers by using artificial intelligence to look for anomalies in real time.
3. Automate incident response. “An automated incident response solution will help you quickly clean up any threats you found in users’ inboxes during the email scan and make remediation more efficient for all messages going forward.”

The research showed that automated incident response can reduce response time for organizations by 95% on average. Barracuda concluded: “For example, for 78% of our customers, incident response now takes less than 10 minutes. That means the five incidents reported by users each day would take less than an hour to remediate.”