Resolving cyber attacks

4 realistic perks of having a proactive certified incident handler on-board

Tiru Dehariya
© Shutterstock /vs148

Does your firm need a certified incident handler on the team? Incident handlers manage the situation that happens after a cybersecurity attack. They plan, manage, coordinate, and communicate in order to contain and mitigate the attack’s effects. In this article, Tiru Dehariya discusses some of the benefits that come with having an incident handler on board and when to look for when hiring one.

The challenge of tackling growing cybersecurity attacks is inescapable and needs the incorporation of another security layer – incident handling in all online-based businesses. Even federal agencies are now mandating incident response capabilities.

The Federal Financial Institution Examination Council (FFIEC), the US federal institution promoting uniformity in the supervision of financial institutions through uniform principles, standards, and report forms, released a guide on incident response. It includes a mandate for all businesses to properly develop and integrate an incident response policy in their business continuity planning process

The above-stated is one such example indicating the importance of employing an incident handler and also, first responders. Even Article 33 of the General Data Protection Regulation (GDPR) highlights the importance of having a superior authority at the time of a cyber incident or data breach.

This article will focus on how your organization can further business growth using precautionary yet, an active layer of cybersecurity solutions, by hiring an incident handler. But, even finding a real expert can be a challenge. This guide has a checklist of must-have skills to look for in your prospects.

Does your firm need an incident handler?

Incident handlers are responsible for managing a chaotic situation after a cyber attack. The professional will plan, manage, coordinate, and communicate with other staff to contain and mitigate the after-effects of an incident. All the job responsibilities of an incident handler must comply with the already devised incident response plan (IRP).

Your firm is in a desperate need of an incident handler if you fall under any of these categories:

  • The sensitive data of your organization has an online presence
  • If you think any form of a security breach can cause harm to your organization’s reputation and customer trust
  • If any data loss can lead to potential loss of revenue

What to look for in an incident handler to minimize the drastic effects of security incidents

Radware’s 2018-2019 Global Application and Network Security report reveals that 2018 witnessed a 52% growth in the financial cost of a single successful cyber attack when compared with the estimation in the previous year’s survey. This percentage translates to an estimated calculation of over $1.1 million. This financial loss then tags along with the three most common repercussions: loss of productivity (54% of 790 businesses and security executives and professionals agreed to it), negative customer experience (43%), and brand reputation loss (37%). [3]

SEE ALSO: How data science can answer cybersecurity challenges

In such a scenario, a certified incident handler can be your solution for the following reasons:

They fortify your cloud-based business

A 2018 report from the American Bar Association (ABA) says cloud usage grew 54.6% in organizations. It’s among the few major compelling attributes of the web-based software solutions that deserve every business’s attention. The 2018 Cloud Security report suggests respondents choose cloud-based solutions because it is:

    • Affordable and reduces costs to a great extent (according to 47% of respondents)
    • Takes less time for its deployment (47%)
    • Offers anywhere-anytime access with the high-security rate (37%)
    • Reduces the efforts to patch/upgrade software (33%)

With all that, the primary objective is a secure environment for sensitive data. The ABA report suggests that almost 31% of respondents indicated that cloud services offer better security than they could have achieved by themselves.

But as flexible, cost-effective, and secure the cloud-based solutions are, there is an increase of 300% in cloud-based attacks, as per 2017’s Microsoft report. It’s the proper configuration of web-based software solutions and readiness to handle cloud-based attacks that contributes to a successful business. For instance, Man in the Cloud (MITC) attacks give attackers access to data available on popular file synchronization services (such as Google Drive). The attacker then infects the victim’s files with malicious code. You should have an incident handler with such advanced knowledge in your security team. A professional who knows how to use MITC attack detection tools and techniques are the ones who are either prepared for the worse or already have faced such a scenario. 

Module 8 of EC-Council Certified Incident Handler (E|CIH) is dedicated to ‘Handling and Responding to Cloud Security Incidents.’ It also introduces cloud-based attack detection tools like Tripwire.

Saves your organization from sophisticated phishing attacks

Evident reports prove that forms of phishing attacks target organizations and individuals. As per the Symantec 2018 Internet Security Threat Report, spear-phishing was the primary infection vector used by the 65% of public groups to carry out targeted attacks. In January 2019, the Democratic National Committee (DNC) confirmed they were targeted by spear-phishing attacks after the 2018 midterms. The campaign was allegedly carried out by the cyber-espionage group, APT29 (or Cozy Bear).

Even the massive Emotet and TrickBot campaigns, which used phishing emails as attack vectors, attribute to the rise of phishing attacks. The critical situation demands a professional with smart strategies to combat genuine-seeming phishing attacks. Familiarity with powerful anti-phishing tools is as essential as devising a strategy. Ensuring that your employed incident handler is aware of such known-unknown scenarios should be on your checklist. 

SEE ALSO: How to prevent and react to cybersecurity threats

Module 5 of E|CIH, ‘Handling and Responding to Email Security Incidents’ helps you learn all about phishing attacks. The module separately covers two of the most critical anti-phishing tools, which are Gophish and SPAMfighter.

Fights against wise anti-forensic techniques

The acquired knowledge of an incident handler should comply with different regulations. Whenever a security professional deals with cybersecurity attacks, they should align all their actions with the applicable standard regulations. Otherwise, the organization will face damaging repercussions because of the non-aligned actions of the professional.

For instance, the Security Rule of HIPAA (Health Insurance Portability and Accountability Act) asks businesses to implement required policies and procedures to handle a security incident. Such rules and regulations emphasize the roles and responsibilities of a security professional, especially those dealing with the organization under attack.

The E|CIH certification by EC-Council ensures that the credential holder masters all incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations.

The E|CIH training and credentialing program is 40 percent lab training to ensure that the trained professional contains the right skill-set. It comes with access to over 50 labs, 800 tools, and 4 OSs and a vast array of templates, checklists, and cheat sheets. For more information visit:


Tiru Dehariya

Tiru Dehariya is a keen follower of advanced technologies. A few years ago, she noticed her inclination towards cybersecurity. Since then she’s raising awareness for cybersecurity solutions through blogs. She considers cybersecurity to be an ever-growing market with the potential to adopt more innovative solutions.

Inline Feedbacks
View all comments