How Threat Intelligence improves Incident Response It’s a tough world out there. Even as nation-state actors have developed powerful new capabilities, criminal groups have developed capabilities formerly limited to nation-states. Through online profiles and social engineering, attackers can develop detailed dossiers on their targets and then use that information to create a spear-phishing email. Upon gaining a foothold into an organization’s systems, it may take just a couple of days to exfiltrate data. Most cyber attacks go undetected – fewer than 1 in 4, according to Verizon’s 2016 Data Breach Investigations Report. That’s one main reason organizations are pressuring their Incident Response teams and Computer Emergency Response Teams (CERTs) to become faster and more effective at detecting and nullifying attacks.