Controlling the chaos: The key to effective incident response

Discussion Topics

The inherent chaos of incident response stems from the fact that cybersecurity incidents are unpredictable and complex, involving multiple systems and malicious activity. They require a rapid response to prevent damage, creating a high-pressure environment. Incident response teams must quickly analyze the situation, identify the cause, and then act. Developing a comprehensive plan can also be challenging due to the unpredictable nature of incidents. Teams need to be adaptable and
adjust their approach to each incident.

However, there’s no description of incident response that quite captures the intense
and relentless nature of this profession as we found in the testimonies provided by
the more than 200 security and IT leaders, executives, practitioners, administrators, and compliance professionals that we surveyed in March 2023.

“It’s chaotic, frenzied — we are all hands on deck, working 24/7,” wrote one IT
director for a high-tech company. “People are overworked, stressed, and pushed to
their limits,” the network services engineer for another organization told us.

Not All is doom and gloom, however. In other accounts, respondents were just as
realistic about the likelihood of a security breach, but they felt empowered and
supported in their mission. They projected control and confidence amidst the chaos.

Four key findings from the survey:
1. Incident response efforts tend to prioritize plans over people.
2. Please are the most important assets – and top challenge areas – for IR.
3. Problem-solving and team skills are considered just as critical as technical skills.
4. High morale is most common among orgs with established IR teams that adopt a learner mentality.

In this report, you’ll hear more about the key findings along with lessons learned and best practices.


CRA | Business Intelligence