A recent survey found that to gain counterintelligence the vast majority of organizations would allow an attacker to take decoy files rather than stop an attack in progress, according to the latest International Cyber Benchmark Index from the Neustar International Security Council (NISC).

A reported one in five companies are currently employing forensic investigations, as well as setting up honey pots and repositories of fake data to lure attackers in, but an impressive 71% of respondents said that instead of shutting down an attack when a bad actor accesses a deceptive file, they would be willing to let the malicious actors take booby-trapped document, according to a May 16 press release.

Being able to collect intelligence could allow defenders to identify thieves in the future, potentially revealing information about the location, ownership and possible vulnerabilities of the hackers’ machines, the press release said.

Of the respondents surveyed, 51% said their enterprise had suffered a distributed denial-of-service (DDoS) attack, and 52% of participants also identified phishing as a growing threat with targeted hacking. DDoS attacks followed close behind at 49%.

“Security leaders increasingly feel that breaches are inevitable, and there is a growing appetite for advanced forensic tools that can deliver insights around attacker attribution and tactics in real time,” said Rodney Joffe, chairman of NISC and Neustar SVP and fellow.

“Whether they opt to use them like an alarm system, ejecting bad actors from the network upon contact with a honey pot or deceptive file, or for a more sophisticated counterintelligence operation that gathers vital information on attacker movements and methods, cybersecurity professionals want solutions that can provide better real-time awareness and understanding of the enemy.”

According to the survey, the threat of social engineering continues to rise across all vectors, with 48% of respondents admitting they witnessed an uptick in attempts via email, 38% noting a rise in text-based attempts and 36% reporting a rise in attempts via phone.

Responses showed that security pros are more aware not only of where attacks are originating but also of the types of attacks that pose the greatest threats.