Incident responders are primarily driven by a strong sense of duty to protect others. That responsibility is increasingly being tested by the rise in disruptive attacks, from the proliferation of ransomware attacks to the recent rise of erasing malware, according to IBM Security.
The global survey of over 1,100 cybersecurity incident responders in 10 markets revealed the trends and challenges that incident responders face due to the nature of their profession. Key highlights include:
A sense of service – More than a third of incident responders were drawn to the field by a sense of duty to protect and the opportunity to help others and businesses. For nearly 80% of respondents, this was one of the main reasons that attracted them to IR.
Fight multiple battlefronts – Amid an increasing number of cyberattacks in recent years, 68% of responders surveyed said it was common to be tasked with responding to two or more overlapping incidents simultaneously.
Impact on daily life – The high demands of cybersecurity missions also affect the personal lives of incident responders, with 67% experiencing stress or anxiety in their daily lives. Insomnia, burnout and impact on social life or relationships followed as effects cited by respondents. Despite these challenges, the vast majority acknowledged having a strong support system in place.
“The real impact of cyberattacks on the world is leading to increased public safety concerns and market stress risks,” said Laurance Dine, Global Head, IBM Security X-Force Incident Response. “Incident responders are the frontline defenders who stand between disruptive cyber adversaries and the integrity and continuity of critical services.”
As many IR teams are forced to tackle multiple battlefronts, organizations could find themselves without the resources to mitigate and recover from cyberattacks. The IBM study found that 68% of responders surveyed find it common to have to respond to two or more cybersecurity incidents simultaneously, highlighting an area that is constantly engaged.
Among US respondents, 34% said the average length of an IR engagement was 4-6 weeks, while a quarter cited the first week as often being the most stressful or demanding time in the job. commitment. During this period, about a third of respondents work more than 12 hours a day on average.
As incident responders experience the pressure and high demands associated with cyber response, the overwhelming majority of respondents acknowledged having a strong support system in place. Specifically, most respondents believe their leadership has a good understanding of IR-related activities, while 95% say it provides the support structure necessary for their success.
84% report having adequate access to mental health support resources, with 64% of incident responders seeking mental health assistance due to the demanding nature of responding to cyberattacks.
But companies can further support incident responders, whether internal Blue Teams or external IR teams they engage in a cyber crisis, by prioritizing cyber preparedness and by creating plans and manuals appropriate to their environment and resources. This can enable a more agile and faster response at the onset of an incident and alleviate unnecessary pressure across the business.
To this end, situational awareness of their infrastructure is important. Organizations can focus on testing their readiness through simulation exercises, not only to get a sense of how their teams will react in the event of an attack, but also to provide opportunities to properly integrate multiple teams incurred during a cyber incident.