New SANS Institute Incident Response Survey Finds Malware, Unauthorized Access and APTs Lead Attacks

Bethesda, Md. – A new SANS Institute survey, Incident Response Capabilities in 2016, finds that malware, unauthorized access and APTs remain the top threats to a variety of organizations. The survey results, released June 8, also indicate that lack of expert staff is impacting incident response and that security operations centers (SOCs) remain immature.

SANS analyst and survey report author Matt Bromiley noted, "While many enterprises have put security operations centers in place, they are evolving. One telling stat is that only 16 percent of respondents evaluated their network visibility infrastructure as mature. We anticipate the maturity of the SOCs and more staff experience will improve this visibility in coming years."

"While automation and new tools are helping response teams," Bromiley said, "65% of survey respondents see a skills shortage as an impediment to incident response efforts. Training and experience is the difference between breached and not breached."

Although malware has the top spot as the underlying cause of reported breaches, at 69%, unauthorized access, chosen by 51%, is recognized as a growing problem as attackers take advantage of weak, outdated remote access and authentication mechanisms. Organizations are also reporting that 36% of attacks are advanced persistent threats (APTs) or multistage attacks.

Full results will be shared during a two-part webcast. Part 1, Wednesday, June 8, 2016, at 1 PM EDT, will focus on the current threat landscape and how prepared incident responders are to respond to security incidents. Part 2, Thursday, June 9, 2016, at 1 PM EDT, will focus emerging trends in incident response. The series is sponsored by AlienVault, Arbor Networks, HPE, IBM Security, Intel Security, LogRhythm, NETSCOUT, and Veriato, and hosted by SANS.

Register to attend the Part 1 webcast at and the Part 2 webcast at

Those who register for the webcast will also receive access to the published results paper.

Tweet this:

2016 IR Capabilities Pt 1: The Current Threat Landscape & Survey Results | June 8 | Part 2- June 9 | Free Webcast:

Malware and APTs remain top threats- Get the full results- SANS 2016 Incident Response Survey in this FREE WEBCAST:

"Unauthorized Access"- 51% of breaches- growing problem as attackers exploit the weak| SANS 2016 IR Survey Results:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (