Incident response: Why the need for talented professionals matters

Published on: 12 May 2022

Preventing cyber attacks is a huge issue for governments and businesses worldwide. As we live more of our lives online and operate in an always-on society, more criminals than ever are turning their attention to digital operations (as must the sleuths trying to track them down).

According to the National Cyber Security Centre’s Annual Review, 777 cyber incidents were mitigated against in 2021 in the UK alone, up from 723 the previous year.

Attacks are still getting through

However, despite all this preventative action, attacks and breaches are still happening. Vectra AI’s latest Security Leaders Research report found that from February 2021 to February 2022, 74 per cent of global business leaders reported experiencing a significant security event within their organisation.

Meanwhile, 54 per cent of all ransomware attacks - now one of the most common forms of cyber breaches - were successful even with preventative measures in place.

No matter how much we try, society is still failing to keep pace with ever-evolving cybercrime tactics and the new methods being developed to breach the walls of the castle.

For example, even within ransomware, perpetrators have shifted from simply infecting systems to attempting bribery and extortion with the aim of making a profit from affected companies.

Prevention is better than cure

That’s why it’s more essential than ever not just to deal with stopping cyber criminals from getting in, but to acknowledge that they might - and what to do about it.

“Prevention should not come at the expense of detection. In a high-risk game where the bad guys hold many winning cards, detection and response is the best option to minimise the impact of any breach as quickly as possible,” said Tim Wade, deputy chief technology officer at Vectra.

Companies are therefore becoming more aware that they need to employ individuals with incident response skills - and that's why you could find yourself in demand if you have them from previous training.

According to the SANS Institute, businesses need dedicated ‘computer incident response teams’ to lead cyber incident response in six areas: preparation,  identification, containment, eradication, recovery, and lessons learned.

It suggests organisations should invest in services and forensic tools that can: determine how breaches occur and the evidence to prove it; work out how to harden IT environments against future attacks; eradicate attackers from IT systems; focus on recovery efforts to restore the business; and monitor endpoint cyber hygiene across the organisation.

Step in incident response professionals

Unfortunately, most companies still rely on ad hoc processes when it comes to cyber. According to the Cyber Resilience Study, just 26 per cent of firms have an enterprise-wide incident response plan in place, which means they are increasingly realising they need to turn to dedicated cyber incident response professionals. 

Cyber Incident Response is the term used to describe the actions taken when a computer system or network is compromised. Incident response teams or individuals working in this field must evaluate situations as they arise and work out the most appropriate actions to allow recovery from the incident, as well as to prevent such things from happening again.

The goal is essentially damage limitation, both in terms of the cost of the original incident and the knock-on effects such as reputational damage that could occur later.

What key skills do incident response professionals need?

Cyber Incident Response Teams should include individuals familiar with common incident response processes and computer forensics, as well as cloud security and analytics.

Gartner also recommends “experts who can guide enterprise executives on appropriate communication in the wake of such incidents”, so good communication skills are another desirable attribute when looking for roles in this field.

After all, incident responders typically step in when something has gone awry and people are stressed, so being able to break down the details into actionable advice is essential.

Another key skill is likely to be an understanding of where logs and other artefacts can be found on different operating systems, as companies may vary in what they use.

Finally, getting officially certified could be a great way to stand out in an increasingly sought-after area, with a range of professional qualifications now available in incident handling, intrusion analytics and forensic analytics.

In the UK, the Communications-Electronics Security Group and the Centre for the Protection of National Infrastructure collaborate on a Cyber Incident Response Scheme, while the governing body CREST certifies qualification for incident managers, so checking out their websites may be a good place to start.

Opportunities available 

As mentioned earlier, many organisations are now coming around to the fact that cyber incident response is as crucial as attack prevention, so the number of available roles in this area is growing exponentially. 

For instance, consulting giants PwC and Deloitte regularly advertise vacancies, as do banks such as Lloyd’s that deal with huge volumes of customer data.

You may also find consulting roles in smaller firms, while the civil service is another key area for professionals interested in embarking upon this type of career. The National Crime Agency and the National Cyber Security Centre are two of the biggest examples where expertise may be put to good use.

The old adage about prevention being better than cure has never been truer when it comes to cyber crime, so why not look into the opportunities that incident response could present you with today?