Incident responders are primarily driven by a strong sense of duty to protect others. This responsibility, increasingly questioned by the wave of disruptive attacks, from the proliferation of ransomware attacks to the recent rise in cleaning malware, according to IBM Security.
The global survey of more than 1,100 cybersecurity incident responders in 10 markets revealed trends and challenges incident responders experience due to the nature of their profession. Highlights include:
a sense of service – More than a third of incident responders were drawn to the field by a sense of duty to protect and the opportunity to help others and businesses. For nearly 80% of those surveyed, this was one of the main reasons they were drawn to RI.
Fighting on multiple battlefronts – Amid a growing number of cyberattacks in recent years, 68% of incident responders surveyed said it is common for them to be assigned to respond to two or more overlapping incidents simultaneously.
Impact on daily life – The high demands of cybersecurity engagements also affect the personal lives of incident responders, with 67% experiencing stress or anxiety in their daily lives. Insomnia, exhaustion, and impact on social life or relationships continued as effects cited by respondents. Despite these challenges, the vast majority acknowledged that they have a strong support system.
“The real-world repercussions of cyberattacks are now causing public safety concerns to grow and risks stressing the market,” he said. laurance dinner, Global Leader, IBM Security X-Force Incident Response. “Incident responders are the frontline defenders standing between cyber adversaries causing disruption and the integrity and continuity of critical services.”
While many IR teams are forced to engage on multiple battlefronts, businesses may be left without the resources to mitigate and recover from cyberattacks. The IBM study found that 68% of incident responders surveyed find it common to need to simultaneously respond to two or more cybersecurity incidentshighlighting a field that is constantly engaged.
Among US respondents, 34% said the average length of an IR engagement was 4-6 weeks, while a quarter cited the first week as the most stressful or demanding period of the engagement. During this period, about a third of the respondents work more than 12 hours per day on average.
As incident responders take on the pressure and high demands associated with cyber response, the vast majority of respondents acknowledged that they have a strong support system in place. Specifically, the majority of respondents feel that their leadership has a strong understanding of the activities that IRs entail, while 95% say that they provide the support structure necessary for them to be successful.
84% say they have adequate access to mental health support resources, and 64% of incident responders seek mental health support due to the demanding nature of responding to cyberattacks.
But companies can further support incident responders, whether they are the internal Blue Teams or the external IR teams they engage in the event of a cyber crisis, by prioritizing cyber readiness and creating custom plans and playbooks for their environment. and resources. This can help enable a quicker and more agile response at the start of an incident and relieve an unnecessary layer of pressure across the business.
For this, it is important to know the situation of your infrastructure. Companies can focus on testing their readiness through simulation exercises, not only to get a sense of how their teams will react to an attack, but also to provide opportunities to successfully integrate multiple teams involved during a cyber incident.
