Currently, inside of all organizations, either large or small, the issue of performing incident response is an enormous task to tackle since most organizations are now struggling to try to find candidates that have real-world experience in the online battlegrounds. This is in part due to the many factors of Cyber Security Incident Response. With the primary factor being in the world of information technology, overall cybersecurity is still a relatively new field. It is thus causing employers to look for incident responders that may not have the amount of seasoned experience required to deal with the onslaught of attacks and breaches that occur daily. From the smallest of attacks (for example, a user getting a tracking cookie) to the most significant full-scale data breaches in the latest news. The task of finding a cybersecurity professional in the small pool of candidates seems to be getting harder and harder every day, while attacks from both outsiders and insider threats are ever-growing.
In addition to the issue of finding incident handlers while an on-going onslaught of attackers threatens your networks, many organizations that already currently have Cybersecurity professionals on staff are struggling to keep up. This is due in part to diminishing budgets, hiring freezes, or the fact that the legacy methods of working incidents is too slow-paced. The latter is witnessed in reviewing working times for incidents, even those that can be considered small, such as a reported phishing attack, cause an incident handler to waste at least 45 minutes investigating, responding, and blocking the attackers thoroughly. Even worse are the larger-scale attacks occupying incident responders for multiple days of data searching, interviewing, and responding to help remediate the attack. Lastly, another resulting issue raised from overworked and understaffed incident response individuals is that due to lack of time and employee work-force, not all incidents get reviewed as precisely as required. As a result, a simple step that the response individual may have overlooked while trying to handle another pressing case, leaves the original vulnerability un-remediated and still open for other attackers around the globe
