This Cyber Awareness Month, I invite all my peers across the industry and cyber community to celebrate cybersecurity Incident Responders. Please join me in saluting Incident Responders around the world for their commitment to keeping the world’s systems, data, and services secure. For ways, you can engage in this initiative, see the call-to-action section.
IBM – Morning Consult Incident Responders Study
The role of an Incident Responder has evolved over the years at the same pace as threats and adversaries. Engagements have moved past just data theft incidents to include events capable of disrupting business continuity and the resilience of essential services to our day-to-day needs. We’ve seen this occur multiple times just in the past two years – from disruption of energy companies, food suppliers, transportation links and more.
Amid these shifts, it’s essential for businesses to understand how they can better equip and support their Incident Responders to succeed, and to do so they must first understand the challenges they face. IBM Security today announced the results of a global survey that examines the critical role of Cybersecurity Incident Responders, shedding light to the challenges these teams navigate. Some of the highlights include:
- Pressure Build-Up Amid Disruptive Attacks: Over 80% of respondents stated that the rise of ransomware attacks significantly exacerbated the pressure and psychological demands of Incident Response. In fact, 44% have experienced extreme or considerable mental strain because of responding to a major cybersecurity incident, the likes of WannaCry or NotPetya.
- An Uneven Battlefield – Amid a growing number of cyberattacks in recent years, 68% of incident responders surveyed stated it’s common to be assigned to respond to two or more overlapping incidents simultaneously, working excessive hours during the most stressful periods of these incidents.
- Stressors – The most stressful aspect of responding to a cyber incident was cited as the sense of responsibility toward respondents’ team or client – managing stakeholder expectations and pushback on recommended response/approach from the organization or client were also among the stressors cited. This highlights the need for businesses to establish better communication protocols and processes to productively react and respond in the event of a cyber crisis.
The high demands of the field have also led to a personal impact for Incident Responders, as the majority experience stress or anxiety in their daily lives, while insomnia, burnout, and impact on social life or relationships are also cited as common effects. Even so, the vast majority acknowledged they have a strong support system in place and access to adequate mental health resources.
Prioritizing Cyber Preparedness
As indicated by the study’s findings, the evolving nature and increasing pressures of Incident Response point to the need for businesses to adapt and prioritize their cyber preparedness to the current landscape and pace of change. Key questions businesses need to be asking themselves include:
Have we tested our readiness? It’s not a matter of if an organization’s incident response plan will be tested anymore, but a matter of when. By conducting simulation exercises the organization and security team can feel what it’s like to respond under pressure and better prepare. This includes augmenting your team with third parties and training with them to correctly integrate them into your response team.
Who is our “A-team” in a cyber crisis? Part of establishing incident response plans and playbooks that are customized to each businesses’ environment involves knowing what resources are at the business’s disposal. Beyond the technical components, its essential they establish specific contacts internally and identify their integral partners externally to help them navigate a cyber event. Knowing who your external partners are in advance can make all the difference in the world, during a cyber-attack when every second counts.
Build up Teams – Instead of focusing on solely recruiting individuals that possess a set of highly specialized skills – “the whole package” – leaders should focus on building up teams that together accumulate the highly-sought out skillset to respond to cyber incidents. Not only does help address the staffing challenges these teams face due to the skills gap/talent shortage, but the layered structure also helps ensure IR teams are balancing the workloads to be most productive and deliver high-quality work.
Call to Action
- Recognize and celebrate an Incident Responder on your social channels: https://ibm.biz/cyber-responders
- Register for the IBM Security X-Force webinar “Tales from the Digital Frontlines” on Wednesday, October 12 at 1:00 PM ET
- Read the complete findings of IBM Security’s Incident Responder study
- Read the Security Intelligence blog calling to the cyber community to Celebrate Incident Responders
- To schedule an X-Force consultation: biz/consultation
- To learn more about an incident response subscription: biz/IR_Retainer
- Watch the videos of our cyber-responders and Engage with our social posts on LinkedIn & Twitter
 The global survey of over 1100 cybersecurity incident responders in 10 markets was conducted by Morning Consult on behalf of IBM Security.