Remember the good old days of cyber incident response, when the job involved digital forensics and lots of stolen credit cards versus grid-busting malware and multimillion-dollar ransom demands?
IBM Security’s Laurance Dine, Global Lead for the company’s X-Force Incident Response (IR) team, does.
“Evolving threats are leading to changes in the IR role itself,” Dine said The registry. “When I started 20 years ago, it wasn’t like that. The landscape has changed significantly and now we’ve seen disruptions in the pipeline, we’ve seen attacks on critical infrastructure, things like that that are massive.”
X-Force saw a nearly 25 percent increase in the number of incidents its IR team responded to from 2020-2021. Additionally, Check Point research reported a 50 percent increase in total network attacks per week in 2021 compared to 2020.
These cyber attacks are not limited to one sector or one country or, say, the war in Ukraine. It’s a global issue, and as such, IBM Security wanted to encourage “an industry-wide recognition and celebration of incident responders,” Dine said.
To that end, Security Shop sponsored a global survey of more than 1,100 responders in 10 markets, asking them about the ins and outs of their job—and how the stress of being a frontline responder to cyberattacks is affecting their personal lives lives. And they’ve timed it to coincide with National Cybersecurity Awareness Month, which runs now through the end of October.
Spoiler alert (or not): It’s a stressful job, and nearly a third of survey respondents reported experiencing insomnia (30 percent), burnout (30 percent), and effects on their social life or relationships (29 percent). ).
“We need to protect emergency workers from themselves,” Dine said. “Instead of saying, ‘Hey, I worked 16 hours. I have to go home and take a nap.’ They’re like, ‘Okay, what’s next? How do I put myself in even more danger by doing another 12-hour shift.’”
Ransomware makes things worse
A major reason behind this is ransomware, as the volume and frequency of these attacks, along with rising ransom demands and payouts, show no signs of improving. According to the IBM report, 81 percent of responders say the rise in ransomware has increased the stress and psychological demands required during incident response.
“Ransomware has changed the game because of the immediate disruption and direct financial loss it can cause to organizations,” Dine said, adding that this stress extends beyond the immediate IR team to the chief security officers, the analysts at security Operations Center and IR support across the enterprise extends business.
“You know that every minute a production line is down costs significant amounts of money,” he said. “Everyone knows what’s happening there and everyone is looking for answers.”
what brings you here
The survey also asked respondents what attracted them to IR in the first place, and 77 percent named a sense of duty to help and protect others in the top three, followed by the continued opportunity to learn (67 percent) and the Ability to solve problems (60 percent).
Despite this drive to help others, about half of those surveyed said that “taking responsibility for their team or customers” (48 percent) and “managing stakeholder expectations” (50 percent) were among the top three stressors at work .
Meanwhile, individual IR jobs can span over a month: 48 percent said the average is two to four weeks, while 30 percent said an average incident lasts longer than four weeks. Additionally, 39 percent said the first three days after responding to an attack were the most stressful, and 34 percent said they worked more than 12 hours a day during the most stressful time of the cyber incident.
Despite these long hours and lengthy deployments, 68 percent of incident responders surveyed said they often respond to two or more overlapping incidents at the same time.
A ray of sunshine on mental support
The good news in all of this is that the vast majority (84 percent) of respondents said they have access to adequate mental health support resources, and 65 percent said they sought those resources as a result of incident response.
Dine said he was “pleasantly surprised” by the number of responders who felt they had good access to mental health resources, noting that this was another change – albeit positive – in the past two decades be. He credits Millennials and Gen Z with destigmatizing mental health support in the workforce.
“I’m not saying nobody was talking about it 20 years ago, but it wasn’t like it is today where there are very open discussions with people saying, ‘Hey, I need a break.’ Or, even better, the ability for leaders to pay attention to their employees and say, ‘Okay, you’ve had enough. You have to go and take a break,'” he said. “These things are great for the industry.”
The report also highlights the steps companies can take to help IR teams succeed and take unnecessary stress off of them. First: Develop IR plans and customized playbooks. And then rehearse the plan by regularly conducting simulation exercises.
“Preparation is my biggest thing,” Dine said. “You know [cyber incidents] will happen. You know it’s not going away anytime soon. A lack of preparation is truly inexcusable.”
There’s also a snack bar for people in the trenches, and this may be more difficult to put into practice, Dine admitted, because “we’re here to help. And it’s very difficult for us to walk away when people need help.” Help.”
“But my message to the emergency services and especially to the leadership of the emergency services is: you have to take care of your employees. You must take care of yourself.” ®
https://www.theregister.com/2022/10/03/ibm_incident_reponder_survey/ IBM Security Survey Shows IR Teams Really Need a Break • The Register