Who is an incident handler?
In lieu of a cyber incident, an incident handler is responsible for planning, managing, coordinating, and communicating with other staff to contain and mitigate the after-effects of an incident. An incident handler is needed when an organization has an online presence that collects and stores sensitive data and/or is susceptible to a security breach.
Two must-have skills of an incident handler
1. They handle and respond to cloud security incidents
The latest reports show that the use of cloud solutions has increased by 54.6% in organizations. With the spike in the adoption of cloud-based services, it is imperative that organizations are equipped to handle any cyber incidents related to the cloud. This is considering the fact that there is a 300% increase in cloud-based attacks, as per 2017’s Microsoft report.
Module 8 of EC-Council Certified Incident Handler (E|CIH) is dedicated to ‘Handling and Responding to Cloud Security Incidents.’ It also introduces cloud-based attack detection tools like Tripwire.
2. They handle and respond to email security incidents
The importance of email security has risen immensely over the years, especially spear phishing attacks accounting for 91% of all cyberattacks. Such attacks required a skilled incident handler to deal with the situation. The incident handler must be well-versed with various phishing scenarios and other email security threats. They should be able to implement powerful anti-phishing tools and device a strong strategy to deal with these incidents.
Module 5 of E|CIH, ‘Handling and Responding to Email Security Incidents,’ trains you to handle all types of phishing attacks. The module separately covers two of the most critical anti-phishing tools, which are Gophish and SPAMfighter.
5 Steps to handle a cyber incident
Maintaining an incident handling plan is critical to ensure a well-rounded incident handling and response plan. Here is a five-step process, as laid out by the ISO/IEC Standard 27035
Step 1: Prepare
To deal with multiple forms of cyber incidents requires one to be prepared. This means having a dedicated team in place.
Step 2: Identify
It goes without saying that identifying an incident is extremely critical to be able to handle it efficiently. All suspicious activity must be reported immediately.
Step 3: Assess
The incident must first be assessed to determine a suitable plan. Categorizing what the incident is will help the team plan what action must be taken.
Step 4: Respond
Based on the assessment, appropriate steps must be taken to ensure business continuity and minimal loss.
Step 5: Learn
Documentation of the incident in detail is highly important for future use.
Tips for a professional incident handler
1. Maintain checklists and templates:
Have different checklists and templates in place. This step will be useful for operational maintenance response. The team might need to deal with different configurations, which requires separate guides for start-up, shutdown, restoration, and more.
2. Report financial metrics:
Report the management and concerned stakeholders regarding financial metrics. The management and stakeholders should be aware of the recovery cost savings and the level of productivity.
3. Regularly test and update the IH&R plan:
Regularly test and evaluate your IR plan. It’s crucial that you analyze what did and didn’t go well with the existing plan. To check your IR plan, you can start with a paper test, tabletop exercises, and simulated attacks.
Do you want to be an incident handler and work on a containment plan to reduce the cost of damage and mitigate further incidents? Join the industry-recognized credential program, EC-Council Certified Incident Handler (E|CIH). The latest iteration of E|CIH program has been developed in collaboration with cybersecurity and incident handling response practitioners across the globe.