by Max Avory
Phishing campaigns continue to become more targeted and sophisticated, evading email gateways and Microsoft 365 Defender, and forcing businesses to increasingly rely on employees to spot suspicious messages. The statistics of potential data breaches are alarming – with some estimating that cybercrime costs will grow 15 percent per year in the next five years, reaching $10.5 trillion annually in 2025.
Even if your organization has avoided getting phished (well done, by the way), the odds are your security team spends too much of its time investigating suspicious messages and removing malicious emails. While there are tools such as Safe Links and Office 365 Safe Attachments, which can help reduce your response costs, incident response costs can impact your business heavily.
Let’s take a look at some of the important factors that go into incident response costs.
The time spent investigating alerts and remediating confirmed threats will be dependent on a company’s security maturity level. Relative to phishing, security maturity refers to how a company continually improves its people, processes, and technology involved in mitigating phishing emails and business email compromise attempts. The level of maturity is based on how optimized and automated an organization is, to handle these types of attacks.
Why Low-Security Maturity = High Cost
A company operating at a low maturity level will continue to see an increase in the number of alerts and false positives, especially if they rely entirely on user-submitted emails and rules-based detection in a secure email gateway. Whilst security awareness training has done a good job educating employees of the risks, it has also contributed towards the additional number of alerts, in particular false positives being sent to SOC teams by employees.
It takes a lot of effort for a SOC analyst to manually investigate these alerts and remediate confirmed threats. To continue to detect and manually respond to confirmed threats in this fashion is not sustainable and costs a company a lot of time and SOC analyst salary.
Bigger Concerns That Impact Enterprises
Alert fatigue associated with targeted phishing and business email compromise is real. SOC analysts are overwhelmed with the volume of alerts from users, two-thirds of which are false positives. It has been widely reported that alert fatigue leads to missed, ignored, or delayed responses which could end up developing into a significant security breach if not caught in time. So much time is being spent triaging phishing alerts that it’s leaving CISOs alarmed about other strategic objectives that are being neglected.
It’s gotten to the point that security teams are considering a change in profession because of burnout. Stress and anxiety are on the rise caused by the fear of missing an incident, a further reason why the scale of this problem is growing out of control. We know phishing attacks do not always occur during regular business hours and therefore SOC teams must be on call 24/7, mounting to their frustration. Despite the lucrative salaries SOC analysts are earning, the turnover is straining the existing labor shortage in the cybersecurity industry.
Eliminate the Pain and Salary Costs with Incident Response Solutions
There are solutions that remove the strain security teams are facing. Existing efforts like security awareness training are not enough alone to fight against phishing. However, implementing a multi-layered approach will reduce not only the number of alerts but also the time it takes to investigate and remediate them.
It’s important to detect and classify what gets through (e.g., malicious, suspicious, and clean) by adding a post-delivery detection system (e.g., machine learning). Automating the remediation of confirmed malicious emails and crowdsourcing the analysis of suspicious messages will reduce the volume of alerts that SOC analysts must triage.
Further, organizations can outsource incident response to eliminate the investigation burden associated with analyzing suspicious emails. Security awareness training should be used to help create a culture of empowerment and not fear by giving users easy-to-use security tools to help them apply their security knowledge. This in turn will help reduce the number of false positives submitted by users and simultaneously reduce the number of suspicious emails that go unreported.
Benefits of Calculating Incident Response Costs
Determining Overall Value
Calculating incident response costs helps businesses determine the value of an offering for their specific security environment. Once any technical due diligence is complete, determining ROI can help to evaluate a product for its overall value.
Communicating with C-Suite and Board Members
When communicating rationale to the board, you will want to focus on regulations, reputation, and business risk, which can be aided by calculating and presenting the potential cost of overall incident response.
Better Aligning with Business Goals
Calculating incident response can demonstrate how a new solution may align with the overall strategic goals, fostering quicker decision-making.
Try our Incident Response Calculator
Curious to know what phishing investigation and incident response costs your organization? Find out by using our Incident Response Calculator.