Incident Response Report Reveals Use of Common and Novel TacticsWhile many threat actors continue to take advantage of traditional security gaps, some threat actors increasingly seek novel approaches and alternate attack vectors. By: Jeffrey Carpenter
Investigating incidents not only reveals the past but can help prepare for the future. We have published the Secureworks® Incident Response Insights Report 2019, which explores our analysis and findings from more than 1,000 Secureworks incident response engagements over a 12-month period. It provides information about threat actors' behaviors and lessons learned from real-life compromises and includes recommendations to help organizations better defend against and respond to incidents.
Some highlights from the report:
- Fundamentals are important — The path of least resistance was the most common approach in incidents we observed in 2018. Attackers tend to favor approaches that require minimal effort to achieve maximum impact. As a result, they often leverage common weaknesses in organizations’ defenses and use tools and techniques that have proven successful at taking advantage of typical security gaps. Organizations need to assess their security program and identify and prioritize solutions to protect their information and business operations.
- Improving visibility is key — From knowing what is on the network and managing authorized software and configurations, to using tools to monitor network traffic and activities on endpoints, good visibility across an organization’s infrastructure enables efficient and effective incident response.
- External compromises can cause internal compromises — When implementing a security strategy, organizations must consider the risks posed by their supply chain. Threat actors are increasingly compromising trusted third parties to access their desired target.
By implementing the recommendations in the report — including applying technological controls such as multi-factor authentication (MFA), improving processes for issues such as transaction requests, increasing visibility, and establishing human defenses such as educating users about recognizing and reporting phishing attempts — organizations can defend against many common attacks.