The challenge to tackle growing cyberattacks is inescapable and needs the incorporation of another security layer – incident handling in all online-based businesses. Even federal agencies are now mandating incident response capabilities.
The Federal Financial Institution Examination Council (FFIEC), the US federal institution promoting uniformity in the supervision of financial institutions through uniform principles, standards, and report forms, released a guide on incident response. It includes a mandate for all businesses to properly develop and integrate an incident response policy in their business continuity planning process. 
Above-stated is one such example indicating the importance of employing an incident handler and also, first responders. Even Article 33 of the General Data Protection Regulation (GDPR) highlights the importance of having a superior authority at the time of the cyber incident or data breach.
This article will focus on how your organization can further business growth using precautionary yet, an active layer of cybersecurity solutions, by hiring an incident handler. But, even finding a real expert can be a challenge. This guide has a checklist of must-have skills to look for in your prospects.
Does Your Firm Need an Incident Handler?
Incident handlers are responsible for managing a chaotic situation after a cyber attack. The professional will plan, manage, coordinate, and communicate with other staff to contain and mitigate the after-effects of an incident. All the job responsibilities of an incident handler must comply with the already devised incident response plan (IRP).
Your firm is in a desperate need of an incident handler if you fall under any of these categories –
- If the sensitive data of your organization have an online presence
- If you think any form of a security breach can cost harm to your organization’s reputation and customer trust
- If any data loss can lead to potential loss of revenue
What to look for in an Incident Handler to Minimize the Drastic Effects of Security Incidents?
Radware’s 2018-2019 Global Application and Network Security Report reveals that 2018 witnessed a 52% growth in the financial cost of a single successful cyberattack when compared with the estimation in the previous year’s survey. This percentage translates to an estimated calculation of over $1.1 million. This financial loss then tags along with the three most common repercussions: loss of productivity (54% of 790 businesses and security executives and professionals agreed to it), negative customer experience (43%), and brand reputation loss (37%). 
In such a scenario, a certified incident handler can be your solution for the following reasons:
1. They Fortify Your Cloud-Based Business
A 2018 report from the American Bar Association (ABA) says cloud usage has grown 54.6% in organizations.  It’s among the few major compelling attributes of the web-based software solutions that deserve every business’ attention. 2018 Cloud Security report suggests respondents are choosing cloud-based solutions because
- It is affordable and reduces costs to a great extent (according to 47% of respondents)
- It takes less time for its deployment (47%)
- It offers anywhere-anytime access with the high-security rate (37%)
- It reduces the efforts to patch/upgrade software (33%) 
With all that, the primary objective is to have a secure environment for sensitive data. The earlier mentioned report of ABA suggests that almost 31% of respondents indicated that the cloud services offer better security than they could have achieved by themselves. 
But as flexible, cost-effective, and secure the cloud-based solutions are, there is an increase of 300% in cloud-based attacks, as per 2017’s Microsoft report.  It’s the proper configuration of web-based software solutions and readiness to handle cloud-based attacks that contributes to a successful business. For instance, Man in the Cloud (MITC) attacks allows attackers to gain access to data available on popular file synchronization services (such as Google Drive), which then enables the attacker to infect the files of the victim with malicious code. You should have an incident handler with such advanced knowledge in your security team. A professional who knows how to use MITC attack detection tools and techniques are the ones who are either prepared for the worse or already have faced such a scenario.
Phases of Incident Response Readiness
Module 8 of EC-Council Certified Incident Handler (E|CIH) is dedicated to ‘Handling and Responding to Cloud Security Incidents.’ It also introduces cloud-based attack detection tools like Tripwire.
2. Saves Your Organization from Sophisticated Phishing Attacks
Evident reports are proving that forms of phishing attacks are targeting organizations and individuals. As per the Symantec 2018 Internet Security Threat Report, spear-phishing was the primary infection vector used by the 65% of public groups to carry out targeted attacks.  In January 2019, the Democratic National Committee (DNC) confirmed that they were targeted by spear-phishing attacks after the 2018 midterms. The campaign was allegedly carried out by the cyber-espionage group, APT29 (or Cozy Bear).  Even the massive Emotet and TrickBot campaigns, which used phishing emails as attack vectors, attribute to the rise of phishing attacks. It’s a critical situation which demands a professional with smart strategies to combat against genuine-seeming phishing attacks. For that, familiarity with powerful anti-phishing tools is as essential as devising a strategy. Ensuring that your employed incident handler is aware of such known-unknown scenarios should be on your checklist.
Module 5 of E|CIH, ‘Handling and Responding to Email Security Incidents’ helps you learn all about phishing attacks. The module separately covers two of the most critical anti-phishing tools, which are Gophish and SPAMfighter.
3. Fights Against Wise Anti-Forensic Techniques
With the usage of anti-forensic tools and techniques, challenges in the digital forensics are now escalating to the next level. Anti-forensics makes it difficult for digital forensic investigators to retrieve digital evidence of a security incident. Cyber attackers use destruction methods like a golden ticket, steganography, artifact wiping, trail obfuscation, Alternate Data Stream (ADS), and many others to hamper the investigation.
To fight against the odds, your hired incident handler must possess the relevant knowledge. It’s crucial that the professional relies on advanced forensic strategies to counter anti-forensic techniques. To uncover the hidden evidence from applications, web browsers, crypto containers, and many other places, the onboard incident handler should be aware of anti-forensic techniques.
Module 3 of E|CIH, which is ‘Forensic Readiness and First Response’ holds all the essential details that you need to know about different anti-forensic techniques.
4. Compliance with Different Regulations
The acquired knowledge of an incident handler should comply with different regulations. Whenever a security professional deals with cyberattacks, they should align all their actions with the applicable standard regulations. Otherwise, the organization will face damaging repercussions because of the non-aligned actions of the professional. For instance, the Security Rule of HIPAA (Health Insurance Portability and Accountability Act) asks businesses to implement required policies and procedures to handle a security incident. Such rules and regulations emphasize the roles and responsibilities of a security professional and especially all those dealing with the organization once it is under attack.
The E|CIH program ensures that the credential holder masters all incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations.
The E|CIH training and credentialing program is 40 percent lab training to ensure that the trained professional contains the right skill-set. It comes with access to over 50 labs, 800 tools, and 4 OSs and a vast array of templates, checklists, and cheat sheets. For more information check our E|CIH program: https://www.eccouncil.org/programs/ec-council-certified-incident-handler-ecih/
Sources: https://lookbook.tenable.com/ponemonotreport/ponemon-OT-report  https://ithandbook.ffiec.gov/it-booklets/business-continuity-planning/other-policies,-standards-and-processes/incident-response.aspx  https://blog.radware.com/security/applicationsecurity/2019/01/how-cyberattacks-directly-impact-your-brand-new-radware-report/  https://www.americanbar.org/groups/law_practice/publications/techreport/ABATECHREPORT2018/2018Cloud/  https://pages.cloudpassage.com/rs/857-FXQ-213/images/2018-Cloud-Security-Report%20%281%29.pdf  https://www.techrepublic.com/article/microsoft-cloud-cybersecurity-attacks-up-300-in-last-year-report-says/  https://interactive.symantec.com/istr24  https://www.bleepingcomputer.com/news/security/phishing-attack-allegedly-targeted-us-dnc-after-2018-midterms/