Prvih 72 ur odziva na incidente je ključnega pomena za ukrotitev kaosa zaradi kibernetskega napada

Strokovnjaki za kibernetsko varnost, zadolženi za odzivanje na napade, doživljajo stres, izgorelost in težave z duševnim zdravjem, ki se poslabšajo zaradi pomanjkanja pripravljenosti na kršitve in zadostne prakse odzivanja na incidente v njihovih organizacijah.

A new IBM Security-sponsored survey published this week found that two-thirds (67%) of incident responders suffer stress and anxiety during at least some of their engagements, while 44% have sacrificed the well-being of their relationships, and 42% have suffered burnout, according to the survey conducted by Morning Consult. In addition, 68% of incidents responders often have to work on two or more incidents at the same time, increasing their stress, according to the survey’s results.

Companies that plan and practice responding to a variety of incidents can lower the stress levels of their incident responders, employees, and executives, says John Dwyer, head of research for IBM Security’s X-Force response team.

“Organizations are not effectively establishing their response strategies with the responders in mind — it does not need to be as stressful as it is,” he says. “There is a lot of time when the responders are managing organizations during an incident, because those organizations were not prepared for the crisis that occurs these attacks happen every day.”

O Študija, ki jo financira IBM Security poudarja, zakaj se je skupnost kibernetske varnosti vse bolj osredotočala na duševno zdravje svojih članov. Približno polovica (51 %) zagovornikov kibernetske varnosti ima v preteklem letu doživeli izgorelost ali izjemen stres, glede na raziskavo VMware, objavljeno avgusta 2021. Vodstvo kibernetske varnosti izpostavili tudi vprašanje as one that affects the community and companies’ ability to retain skilled workers.

Raziskava IBM-a je pokazala, da je 62 % reševalcev incidentov s sedežem v ZDA zaradi svoje službe iskalo podporo za duševno zdravje, vendar je imelo 82 % ameriških podjetij ustrezen program in storitve za pomoč svojim delavcem.

“I’ve worked some really big incidents in the past with some clients that were very prepared, and I found that was really fulfilling work to do,” Dwyer says. “I have had other incidents, where the company’s incident response process was not ready, and that was very stressful.”

Raziskava je pokazala, da imajo strokovnjaki za odzivanje na incidente tri glavne razloge za opravljanje svojega poklica. Šestintrideset odstotkov jih je kot glavni razlog navedlo občutek dolžnosti, da zaščitijo druge in podjetje, 19 % jih je navedlo zanimanje za reševanje problemov, nadaljnjih 19 % pa stalne priložnosti za učenje.

Vendar so nekateri od teh razlogov tudi vzroki stresa za strokovnjake za odzivanje na incidente. Polovica vprašanih je navedla obvladovanje pričakovanj več zainteresiranih strani kot tri glavne dejavnike stresa, medtem ko jih je 48 % navedlo svoj občutek odgovornosti do svoje stranke ali podjetja kot tri glavne dejavnike stresa. Odzivniki na incidente so zelo predani svojemu delu, pri čemer jih tretjina (34 %) dela 13 ali več ur na dan v najbolj stresnih obdobjih procesa odzivanja na incidente, je pokazala raziskava.

“The general public is probably not aware of how much these men and women are working long hours to make sure that people’s lives and businesses are not impacted,” Dwyer says.

Vadba, praksa, praksa

Raziskava je preučevala reševalce incidentov v 10 različnih državah: Avstraliji, Braziliji, Kanadi, Franciji, Nemčiji, Indiji, na Japonskem, Španiji, Združenem kraljestvu in Združenih državah. Španija je imela najvišjo stopnjo izgorelosti (69 %), Indija je imela največji vpliv na odnose, Brazilija pa je imela največ primerov nespečnosti, kažejo podatki raziskave.

Največji skupini (39 %) je bilo najbolj stresno obdobje odzivanja na kibernetski varnostni incident prvi trije dnevi; 29 % jih je menilo, da je prvih 24 ur najbolj stresnih; nekateri (20 %) pa menijo, da je najzahtevnejši celoten prvi teden.

Companies need not only to be prepared to respond to an incident, but also have practiced the response and have playbooks to make response-focused activity second nature and remove the stress from incident responders, says IBM Security’s Dwyer.

“If I went to an organization and asked them to run a script on every system with 24 hours — how many could do that?” he says. “Organizations need to practice, practice, practice. Not just tabletop, but practice with purpose. Ask, ‘What would happen if my business went offline for 24 hours and how do we deal with that?'”

Odziv na incidente je kup izkušenj, ki jih morajo obvladati strokovnjaki, podjetja pa morajo čim bolj podpirati ekipo, pravi Dwyer. Podpora za duševno zdravje je dober začetek, pravi, vendar je bolje imeti vzpostavljen postopek za obravnavanje zgodnjih ur in dni incidenta.

“Will every incident we respond to be a walk in the park? Probably not,” he says. “However, we can make this life manageable. There is nothing like being a responder, but you grow as a person in ways like no other discipline.”