The Top 10 Mistakes Incident Responders Make Combatting Advanced Threats

Whether they work for an up-and-coming startup or an industry giant, security response teams are under siege as never before. Today’s cyber attacks are sophisticated, relentless, and devastating, costing U.S. businesses $8.9 million a year each on average.1 Attacking in multiple stages across multiple vectors, advanced persistent threats (APTs) and other sophisticated attacks easily evade signature-based detection and other traditional defenses.
The statistics are alarming. Nearly half of all IT security professionals recently surveyed by Information Security Media Group (ISMG) said they encountered malicious code in the last year that resulted in system downtime.2 In addition, nearly two-thirds struggle to detect APTs—62 percent struggle with the speed of detection, and 44 percent struggle with the accuracy of detection.
Even more worrisome: despite their feeling of cyber insecurity, only 28 percent of organizations have an incident response plan for APTs. Even fewer—just one in five—deemed their incident response programs “very effective.”
Strong crisis-management skills are rare. In the frantic aftermath of a breach, crucial mistakes can prolong the attack and enable more damage. These errors tend to occur regardless of the size of the organization, the scope of the incident, or the technical savvy of the responders.
Drawing on extensive front-line experience of the FireEye® Labs team, this paper describes the 10 most common mistakes—five strategic and five technical— that incident response teams make when combatting attacks. The paper also explains the effect of these mistakes and how to avoid them with a well-defined incident response plan.