Cyber threats are now the number one concern of CEOs. Therefore, it’s the incident response and its handling is extremely important. According to the PwC Global Investor Survey 2018, 41% of CEOs are concerned about cyber threats over other worrisome issues like over-regulation, terrorism, and taxes. [1] In addition to this report, Malwarebytes’ Cybercrime Tactics and Techniques Q1 2019 report says businesses have detected an almost 650 percent increase in Trojan malware from the same time in 2018. [2] Note that Trojan malware is just one of the forms of cyber attacks, among the tons of other types that exist. 

Moreover, several reports prove that data center downtime drains an organization financially. The reason behind data center downtime includes power failure, human errors, technical glitches, and in most cases, security breaches. To reduce IT service downtime, organizations need to have an effective incident response plan (IRP) and a team of professionals to plan, manage, coordinate, and communicate with the concerned professionals to contain the incident. It is vital that the incident handling team works, as suggested in the IRP. 

Once organizations are on-board with the idea of how important it is to have an incident handling team, they should focus on employing the best of professionals.

Also, Read | Top 3 SIEM Tools and Their Working

Hire Those Incident Response Handlers Who Possess These Five Skills

Cyber Incident Response and handling professionals who know their way around known and unknown, traditional and advanced forms of intrusions, are the ones you should be looking for.

1. Equipped with Anti-Forensic Techniques

With the emergence of anti-forensic techniques (such as a golden ticket, program packers, encryption, data hiding in File System Structures, trail obfuscation, and many other methods), successful digital forensics has become a challenge for the investigators. To bypass these difficulties, an incident handler should know how to deal with such situations. A security professional with this kind of knowledge can improve the already drafted IR plan. 

Module 03 – ‘Forensic Readiness and First Response’ of the EC-Council Certified Incident Handler (E|CIH) ensures to include various anti-forensic techniques and methods. In addition to the above-stated methods, this module also covers data/file deletion, password protection, steganography, artifact wiping, Alternate Data Stream (ADS), and many other methods.

2. Skills to Contain Well-Planned Phishing Campaigns

Verizon’s 2019 Data Breach Investigations Report (DBIR) analyzed 41,686 security incidents, of which 2,013 were confirmed data breaches. Out of these, 32% used phishing methods. [4] In the past few years, security professionals have witnessed several sophisticated phishing campaigns. To protect your organization from such campaigns, a security professional should have skill sets to deal with well-thought-out phishing campaigns. These professionals should be aware of efficient ways and tools to detect phishing emails. A professional with the knowledge of the anti-phishing tools is a plus.

phishing in Cyber Incident Response

E|CIH dedicated an entire module – Module 05 for ‘Handling and Responding to Email Security Incidents.’ The module explains different types of email security incidents with examples and types of phishing. It separately introduces the candidate to Gophish and SPAMfighter tools.

3. Knowledge of Cloud-Based Security Incidents

2018 IDG Cloud Computing Study indicates that 73% of organizations already have at least one application using cloud services. It also reveals that another 17% have plans to adopt cloud solutions in the next 12 months. [3] With such rapid adoption of cloud services, a security professional needs to have advanced knowledge and skillsets to protect an organization from cloud-based attacks. 

With the recent headlines of accidental data exposure – enterprises like Verizon, Netflix, TD Bank, PocketiNet, and many others, using Amazon Web Services (AWS) S3 buckets faced drastic impacts. To tackle such incidents, an incident handling professional should be capable of containing the issue in the shortest time possible.

EC-Council Certified Incident Handler (E|CIH)’s Module 8 – ‘Handling and Responding to Cloud Security Incidents’ covers all the phases of handling cloud security incidents. The Module starts with introductory concepts, then move on to explain preparation to handle cloud security incidents, their detection, containment, eradication, and removal.

4. Work as Per the Concerned Regulations

One of the essential traits of professional incident handlers is that they work in compliance with different regulations. Once a security incident occurs, the incident handlers need to align all their actions with the applicable standard regulations. On violation of these regulations, the organization faces repercussions, usually in the form of huge fines and penalties. For instance, the European Union (EU)’s GDPR (General Data Protection Regulation) gives a 72-hour data breach notification window to notify the higher authority about the security breach. In case of failure, the organization gets entitled to harsh penalties.

The E|CIH credential holders are trained to keep their actions in compliance with the applicable regulations. They follow best practices and work as per the laws, acts, and regulations.

5. Handling the Latest Cyber Threats and the Associated Attack Vectors

Along with the above-listed advanced skillsets and knowledge, the incident handlers should be capable of identifying different types of cyber threats and their attack vectors. This basic knowledge includes malware detection techniques, handling of unauthorized access incidents, handling of inappropriate usage incidents, handling Denial-of-Service (DoS) incidents, and much more. Without the in-depth knowledge of such basic security incidents, no incident handlers can perform their job successfully.

E|CIH follows a holistic approach to cover incident handling and incident response. It ensures that it’s credential holder possesses elementary as well as advanced knowledge of the domain.

Apart from that, assigning such crucial responsibilities to a security professional with no prior experience can result in financial and reputational loss. In other words, your organization needs a professional with hands-on experience. 

E|CIH credential holders possess all these skills as they go through highly intensive lab sessions which stimulates real-time environment. The experts of the industry designed this training and credentialing program after going through an industry-wide job task analysis. For more information on E|CIH, visit https://www.eccouncil.org/programs/ec-council-certified-incident-handler-ecih/.

Sources:

[1] https://www.pwc.com/gx/en/ceo-survey/2018/deep-dives/pwc-global-investor-survey-2018.pdf

[2] https://resources.malwarebytes.com/files/2019/04/MWB-CTNT-2019-state-of-malware_FINAL.pdf

[3] https://resources.idg.com/download/executive-summary/cloud-computing-2018?utm_campaign=Cloud%20Computing%20Survey%202018&utm_source=Forbes%20-%20Louis

[4] https://enterprise.verizon.com/resources/reports/dbir/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.