Skip to Main ContentSkip to Footer
Research & Intelligence

Incident Response Lessons Learned in 2021

Real-world incidents reveal information about evolving tactics, techniques, and procedures. Sharing and applying that knowledge can help other organizations avoid similar compromises.

Incident Response Lessons Learned in 2021 - Blog
Counter Threat Unit Research Team
March 21, 2022

The Secureworks® Incident Response (IR) practice plays a critical role supporting organizations impacted by a security incident. By leveraging expertise gained from working hundreds of engagements each year, Secureworks incident responders help customers through the difficult process of identifying, containing, and remediating a breach, ideally before it causes too much harm.

These engagements give Secureworks Counter Threat Unit™ (CTU) researchers valuable insights into the nature of the threats our customers face. We then use that enhanced knowledge about threat actor behaviors to inform and protect other organizations.

IR engagements in 2021 revealed several notable trends:

  • There were multiple high-profile ransomware incidents, including the attack on Kaseya VSA software in July. The number of ransomware engagements increased in the second half of 2021, and this trend was also reflected in the number of victims publicly named and shamed on ransomware leak sites.
  • For the first time, exploitation of unpatched vulnerabilities replaced credential abuse as the most common initial access vector. Organizations that do not implement a vulnerability management process are at significantly increased risk of experiencing a security incident.
  • Multi-factor authentication (MFA) remains important, as many attacks exploited remote access solutions that required only a username and password. However, correct implementation of MFA is increasingly critical as threat actors look for ways to bypass it.
  • Cloud environments offer security benefits but also introduce challenges around network visibility, access management, and evidence preservation. Organizations should ensure that they understand their cloud security control framework to avoid leaving gaps that a threat actor can exploit.
  • Business email compromise (BEC) can cost a victim millions of dollars. Secureworks incident responders consistently advised organizations to secure email and to monitor for spoofed domains, which are often leveraged in these attacks.

For more details and statistics, read our Learning from Incident Response: 2021 Year in Review report.

Back to all Blogs

Now Trending...

State of the Threat Report 2023
Report

State of the Threat Report

Access Now

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.

Additional Resources

cyberpredictions24_4-3-xl (1)
Blog

Three Cybersecurity Platform Predictions for 2024

Read Now