Content, Content

Incident Responders Driven by Sense of Duty, Handcuffed by Volume of Cyberattacks, IBM Reports

BARCELONA, SPAIN – FEBRUARY 26:  A logo sits illumintated outside the IBM booth on day 2 of the GSMA Mobile World Congress 2019 on February 26, 2019 in Barcelona, Spain. The annual Mobile World Congress hosts some of the world’s largest communications companies, with many unveiling their latest phones and wearables gadgets like foldable...

Incident responders are motivated by a strong sense of duty, a new study by IBM found. However, that feeling has been chipped away by the sheer volume of ransomware and other disruptive cyberattacks.

In the study of 1,100 security pros in 10 countries, IBM concluded that first responders to cyberattacks are faced with serious pressure to defend an organization’s digital front line. In fact, 81% points to ransomware and wiper malware as elevating psychological demands on them associated with increasing cyberattacks.

A 25% Rise In Cybersecurity Incidents Found

IBM’s X-Force security team saw a nearly 25% rise in cybersecurity incidents its IR team engaged in from 2020 to 2021. One among many troubling aspects of the spike in cyber events is the shortage of security professionals specifically trained and skilled to respond to cybersecurity incidents, IBM said.

Some of the study’s top line highlights include:

  • More than one-third of incident responders were attracted to the field by a sense of duty to protect and opportunity to help others and businesses. For nearly 80% of respondents, this was one of the top reasons attracting them.
  • Nearly seven in 10 incident responders surveyed said it's common to be assigned to respond to two or more overlapping incidents simultaneously.
  • 67% experience stress or anxiety in their daily lives. Insomnia, burnout and impact on social life or relationships followed as effects respondents cited. Despite these challenges, the vast majority acknowledged they have a strong support system in place.

Some additional data:

  • 68% of incident responders said it is commonplace to simultaneously need to respond to two or more cybersecurity incidents.
  • In the U.S, 34% said the average length of an IR engagement was 4-6 weeks, while 25% said the first week is often the most stressful or demanding period. During this period, about a third of respondents work more than 12 hours per day on average.
  • 95% of respondents said their organizations provide sufficient support; 84% have adequate access to mental health support resources, with 64% seeking out mental health assistance due to the demanding nature of responding to cyberattacks.

How to Help First Responder Teams

Here’s what organizations can do to help their first responder teams, according to IBM:

  • Prioritize cyber preparedness and create plans and playbooks that are customized to their environment and resources. This can help enable a more agile and quick response at the onset of an incident and alleviate an unnecessary layer of pressure across the business.
  • Test their state of readiness through simulation exercises to get a feel of how their teams will react under attack and to provide opportunities to correctly integrate multiple teams that are engaged during a cyber incident.

Laurance Dine, global lead, IBM Security X-Force Incident Response, lauded first responders:

"Incident responders are the frontline defenders standing between cyber adversaries causing disruption and the integrity and continuity of critical services. IBM salutes all IR teams across the cybersecurity community, and the essential role they play in defending the digital front line."

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.