Light Dark
October 27, 2022 By IBM Security X-Force Team 2 min read
Incident Response

What does the worst day look like for incident responders? What keeps them up at night? And what makes their jobs more difficult? Cyber responders from IBM X-Force shared their first-hand accounts for what can turn a bad situation into a worst-case scenario when it comes to responding to a cybersecurity incident. Read on to hear their stories.

Laurance Dine, Global Partner, X-Force Incident Response, IBM Security

“My worst day would be a day where we don’t have enough people and there are catastrophic incidents happening globally. [We’d be] trying to help our clients and we couldn’t get enough people in front of them to actually help. I thought about that a lot, but what I do to combat that worst day thought process is I have friends in the industry. We have relationships with other organizations that if need be, we can call and pull them in if necessary.”

Meg West, Incident Response Consultant, X-Force, IBM Security

“We can all agree as incident responders, and even cybersecurity professionals, [that our job gets more difficult] when it comes to looking at our logs. Some key logs are missing so you can’t discern what happened, who did it, etc. That’s one of the most disappointing things to find out — [hearing,] ‘Oh, we were supposed to start logging that, but never enabled it… yeah, we were going to start doing that, we were going to make our EDR more proactive in blocking things,’ but they don’t. Not having the correct logs, not having the right tools enabled. When people don’t know who owns a specific system and the system gets compromised and everyone’s pointing fingers at each other saying, ‘We don’t know the criticality or sensitivity of the data, we can’t assess the impact of the incident because we don’t know who owns that system or who works on it.’ Those are all really common pitfalls that we see.”

John Dwyer, Head of Research, X-Force, IBM Security

“What keeps me up at night is sometimes I wonder if we haven’t learned our lesson over the last four years. I’ve always said we are presented with a once-in-a-lifetime opportunity due to the golden age of ransomware to fundamentally change how we do computing on a worldwide scale. We all have it right now to implement all the things to drastically reduce the risk to your organization across various threats. We’re starting to fall back into trying to buy a solution and not really learning from what has happened and architect new networks… That’s the stuff that really scares me is [wondering if ] we’re wasting this opportunity.”

IBM Security X-Force Team

More from Incident Response
October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

September 27, 2023

Tequila OS 2.0: The first forensic Linux distribution in Latin America

3 min read - Incident response teams are stretched thin, and the threats are only intensifying. But new tools are helping bridge the gap for cybersecurity pros in Latin America. IBM Security X-Force Threat Intelligence Index 2023 found that 12% of the security incidents X-force responded to were in Latin America. In comparison, 31% were in the Asia-Pacific, followed by Europe with 28%, North America with 25% and the Middle East with 4%. In the Latin American region, Brazil had 67% of incidents that…

August 31, 2023

Alert fatigue: A 911 cyber call center that never sleeps

4 min read - Imagine running a 911 call center where the switchboard is constantly lit up with incoming calls. The initial question, “What’s your emergency, please?” aims to funnel the event to the right responder for triage and assessment. Over the course of your shift, requests could range from soft-spoken “I’m having a heart attack” pleas to “Where’s my pizza?” freak-outs eating up important resources. Now add into the mix a volume of calls that burnout kicks in and important threats are missed.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature