A new survey by IBM confirms what many in the incident response field know all too well--it's an incredibly difficult job.
Why? Because responding to any sort of incident is very stressful.
The survey, which polled over 1,000 incident responders across the globe, found that the first three days of an attack are the most stressful. During that time, more than a third are working upwards of 12 hours a day.
One of the main drivers of this stress is ransomware. 81% of respondents found that the rise of ransomware exacerbates the demands of responding to an incident.
It's no surprise, then, that 67% of the respondents said they experience stress in their daily lives due to the response to an incident.
Responding to a ransomware attack is, of course, all-encompassing. What makes matters even worse is that the attacks don't stop when one has hit. There is constantly another one on the horizon.
Security professionals know that when they see smoke, they must confirm there is no fire. Systems that make incident response easier are critical.
Consider how it works in post-delivery email response systems. These systems, as you know, respond to a malicious email after it reaches the inbox.
When the alert is sent to the SOC it does not tell the Security Professionals that everything is fine and the attack was evaded. On the contrary, it tells them that their end-user was exposed to an attack and they need to investigate whether the end-user fell victim to that attack.
In some cases, it’s actually the end-user that reports the issue to the SOC. In one of our customers that had us replace their post-delivery solution, an end-user received a phishing email from “IT”, and like most, got a new email notification to his phone. Although the email was quarantined, the notification was not (and cannot). Aside from the bad user experience, the end-user reached out to IT support and asked to send it again because he couldn’t find it. IT responded they did not send anything, assumed it was phishing and asked the end-user if he clicked the link. This was 24 hours after the email was delivered— the end-user could not remember what he did, and the IT, as good security professionals should do, reset his password just in case. It’s a story of everyone doing their job and acting responsibly. Well, everyone but the email security solution that should have blocked it before the inbox and save everyone’s time.
In a time where we all sometimes feel like we're in an all-out cyber war, no one has too many resources to spare and Security Professionals should be able to spend their time on the things machines cannot do, not on things machines should have blocked.