So your organization has defended against a phishing threat. Congrats! Now how do you repeat this outcome when faced with future attacks? Does your organization want to share this intelligence with other organizations? Will your organization capture and store data about this attempt to prevent further attempts? Will you record any exploit kit code found in the phishing emails used to spread a malware dropper, and ultimately ransomware?

When an incident occurs, three useful things should happen. First, the organization should automate the organization’s response by using software that either proactively blocks ...