What keeps incident responders up at night: Common pitfalls that cyber responders encounter when…>
IBM Security Intelligence Post – IBM Security X-Force Team
Incident responders from IBM X-Force discuss their worst-case scenarios and the challenges they face in responding to cybersecurity incidents.
Laurance Dine, a Global Partner at X-Force Incident Response, envisions the worst day as a situation where there is a shortage of staff and multiple catastrophic incidents occurring globally.
The lack of resources would hinder their ability to assist their clients effectively.
To address this concern, he emphasizes the importance of industry relationships, wherein they can call on other organizations for support if needed.
Meg West, an Incident Response Consultant, highlights the difficulty faced by incident responders and cybersecurity professionals when crucial logs are missing.
This makes it challenging to determine what happened during an incident and who was responsible.
She also mentions the frustration of encountering situations where organizations failed to enable necessary logging or proactive threat-blocking measures.
Additionally, when nobody knows who owns a compromised system, it becomes difficult to assess the impact of the incident or the sensitivity of the compromised data.
John Dwyer, the Head of Research, expresses his concern about the failure to learn from past experiences, particularly regarding ransomware attacks.
He believes that the current prevalence of ransomware presents an opportunity to fundamentally transform global computing practices and reduce risks.
However, he worries that organizations are resorting to buying new solutions without truly learning from previous incidents and designing more secure networks.
He fears that this opportunity for change may be wasted.
Overall, the insights provided by these incident responders shed light on the challenges they face, including staffing limitations, missing logs, ownership ambiguity, and the need for fundamental changes in cybersecurity practices.
Link: https://securityintelligence.com/posts/what-keeps-incident-responders-up-at-night-common-pitfalls-cyber-responders-encounter/