Light Dark
October 27, 2022 By IBM Security X-Force Team 2 min read
Incident Response

What does the worst day look like for incident responders? What keeps them up at night? And what makes their jobs more difficult? Cyber responders from IBM X-Force shared their first-hand accounts for what can turn a bad situation into a worst-case scenario when it comes to responding to a cybersecurity incident. Read on to hear their stories.

Laurance Dine, Global Partner, X-Force Incident Response, IBM Security

“My worst day would be a day where we don’t have enough people and there are catastrophic incidents happening globally. [We’d be] trying to help our clients and we couldn’t get enough people in front of them to actually help. I thought about that a lot, but what I do to combat that worst day thought process is I have friends in the industry. We have relationships with other organizations that if need be, we can call and pull them in if necessary.”

Meg West, Incident Response Consultant, X-Force, IBM Security

“We can all agree as incident responders, and even cybersecurity professionals, [that our job gets more difficult] when it comes to looking at our logs. Some key logs are missing so you can’t discern what happened, who did it, etc. That’s one of the most disappointing things to find out — [hearing,] ‘Oh, we were supposed to start logging that, but never enabled it… yeah, we were going to start doing that, we were going to make our EDR more proactive in blocking things,’ but they don’t. Not having the correct logs, not having the right tools enabled. When people don’t know who owns a specific system and the system gets compromised and everyone’s pointing fingers at each other saying, ‘We don’t know the criticality or sensitivity of the data, we can’t assess the impact of the incident because we don’t know who owns that system or who works on it.’ Those are all really common pitfalls that we see.”

John Dwyer, Head of Research, X-Force, IBM Security

“What keeps me up at night is sometimes I wonder if we haven’t learned our lesson over the last four years. I’ve always said we are presented with a once-in-a-lifetime opportunity due to the golden age of ransomware to fundamentally change how we do computing on a worldwide scale. We all have it right now to implement all the things to drastically reduce the risk to your organization across various threats. We’re starting to fall back into trying to buy a solution and not really learning from what has happened and architect new networks… That’s the stuff that really scares me is [wondering if ] we’re wasting this opportunity.”

IBM Security X-Force Team

More from Incident Response
May 3, 2024

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

March 6, 2024

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature