Incident responders are primarily driven by a strong sense of duty to protect others. This responsibility that’s increasingly challenged by the surge of disruptive attacks, from the proliferation of ransomware attacks to the recent rise of wiper malware, according to IBM Security.
The global survey of over 1100 cybersecurity incident responders in 10 markets revealed trends and challenges that incident responders experience due to the nature of their profession. Key highlights include:
A sense of service – Over a third of incident responders were attracted to the field by a sense of duty to protect and opportunity to help others and businesses. For nearly 80% of respondents, this was one of the top reasons attracting them to IR.
Fighting multiple battlefronts – Amid a growing number of cyberattacks in recent years, 68% of incident responders surveyed stated it’s common to be assigned to respond to two or more overlapping incidents simultaneously.
Impact on daily life – The high demands of cybersecurity engagements also affect incident responders’ personal lives, with 67% experiencing stress or anxiety in their daily lives. Insomnia, burnout and impact on social life or relationships followed as effects respondents cited. Despite these challenges, the vast majority acknowledged they have a strong support system in place.
“The real-world repercussions that cyberattacks now have are causing public safety concerns and market-stressing risks to grow,” said Laurance Dine, Global Lead, IBM Security X-Force Incident Response. “Incident responders are the frontline defenders standing between cyber adversaries causing disruption and the integrity and continuity of critical services.”
While many IR teams are forced to take on multiple battlefronts, businesses could be left without the necessary resources to mitigate and recover from cyberattacks. The IBM study found that 68% of incident responders surveyed find it common to simultaneously need to respond to two or more cybersecurity incidents, highlighting a field that is constantly engaged.
Amongst U.S. respondents 34% said the average length of an IR engagement was 4-6 weeks, while a quarter cited the first week as often the most stressful or demanding period of the engagement. During this period about a third of respondents work more than 12 hours per day on average.
As incident responders take on the pressure and high demands associated with cyber response, the overwhelming majority of respondents acknowledged they have a strong support system in place. Specifically, most respondents feel their leadership have a strong understanding of the activities IR involves, while 95% say it provides the necessary support structure for them to be successful.
84% state they have adequate access to mental health support resources, with 64% of incident responders seeking out mental health assistance due to the demanding nature of responding to cyberattacks.
But businesses can further support incident responders, whether in-house Blue Teams or the external IR teams they engage in the event of a cyber crisis, by prioritizing cyber preparedness and creating plans and playbooks that are customized to their environment and resources. This can help enable a more agile and quick response at the onset of an incident and alleviate an unnecessary layer of pressure across the business.
To that end, situational awareness of their infrastructure is important. Businesses can focus on testing their state of readiness through simulation exercises, not only to get a feel of how their teams will react under attack, but to provide opportunities to correctly integrate multiple teams that are engaged during a cyber incident.