网络应急人员短缺,且压力巨大
如果20年前,有人跟我说我要负责保证食品杂货店库存充足,公共交通按时刻表正常运行,加油站供应充足,我会很疑惑自己从事的到底是什么职业。
20年前,我所从事的是与今天一样的工作,是一名数字取证和网络安全事件响应人员。当时,我的主要工作是保护企业和消费者的数据,避免它们落入坏人手中。没有人担心物理世界受到的影响。但现在,这些不同体验因为一种共同的特征相互关联:它们的运行都依赖(数字和物理)网络连接。而20年前盗窃信用卡数据的网络犯罪分子,正在对这些网络发起攻击。
网络攻击带来的风险发生了巨大变化。多年来,从在美国空军服役到为电信业巨头的客户服务,再到现在领导和培训下一代网络一线响应人员,我曾阻止了数以千计的网络攻击。我想说的是,这些变化已经并将继续影响所有人,影响的规模之大可能超出我们的想象。
物理世界和数字世界正在逐渐融合,而网络威胁现在也蔓延到了“现实世界”。我们的任务不只是防止数据落入坏人手中,或者信用卡数据被盗。现在的网络攻击都经过了精心策划,目的是实现物理破坏和运行停机,通常针对全球重要的服务:据美国联邦调查局(FBI)披露,2021年,16个关键基础设施行业中,有14个遭到了勒索软件攻击。
攻击就发生在我们眼前,只是我们并没有“切身体会”。 2022年,一次勒索软件攻击导致德国数百座加油站停止服务。英国最近挫败了一次对其交通枢纽的攻击。在战争时期,网络越来越多地变成了一种主要工具,尽管我们尚未看到它充分展现威力。
随着威胁日益升级,人们对网络安全防护人员提出的要求也越来越高。现在,如果不能防御网络攻击,会对经济产生严重影响,妨碍普通市民使用重要的日常服务。
风险不止于此……
网络事件的影响会迅速扩散,但令人担忧的是,全球掌握网络防御技能的人才却依旧严重不足。最近一项全球调查发现,68%的网络事件响应人员普遍要同时应对两个甚至更多攻击。许多公司一旦遭遇网络危机,不可避免会面临无人可用的窘境。
简而言之,事件响应人员的数量严重不足。
尽管如此,他们仍然坚守在一线。数据显示,他们依旧承受了巨大的精神压力,通常不堪重负。事实上,勒索软件这种破坏性攻击加剧了网络一线响应人员的压力和心理素质要求。许多人由于所从事的应对网络安全威胁的工作性质,必须寻求心理健康协助。
全世界越来越依赖这些事件响应人员,只是我们还没有充分意识到他们的重要性。然而,如果我们不现在行动起来支持他们,并创建一个人才库,以满足未来必然更大的网络需求,当新的数字阵地遭遇攻击的时候,我们可能会措手不及。
我们必须将事件响应作为一种数字交汇的应急服务,并承认网络响应人员所承受的巨大压力和高压的工作环境。虽然我们看到他们的服务意识比这些挑战更重要,但公司以及网络安全行业必须执行可持续的支持结构,以避免事件响应人员出现职业倦怠。首先在为防御网络安全做准备,以及围绕资源和条件进行规划时,要将事件响应人员和他们面临的挑战考虑在内。
政府和私人行业必须加大对公众的教育,宣传网络安全的重要性,以及事件响应人员的关键使命。为了培养下一代网络安全一线防御人员,人们必须知道这个职业路径的存在。我们看到帮助人们规划网络职业的项目越来越多,例如DHS CISA的“在网络中看到自己”计划。这需要各方共同努力,将该领域内不同学科的教育与网络安全培训路径相结合。例如,IBM正在与20所传统黑人高校合作,帮助他们建立网络安全领导力中心(Cybersecurity Leadership Centers)。
无论是在幕后打击网络犯罪分子,拔掉服务器机房的插座以防止攻击不可控的传播,还是在作战室出谋划策,事件响应人员都在夜以继日地,默默守护着我们的现代生活方式。问题是,我们是否为他们提供了足够多的支持?(财富中文网)
本文作者劳伦斯·戴恩为IBM X-Force部门全球网络事件响应负责人。
Fortune.com上发表的评论文章中表达的观点,仅代表作者本人的观点,并不代表《财富》杂志的观点和信仰。
翻译:刘进龙
审校:汪皓
如果20年前,有人跟我说我要负责保证食品杂货店库存充足,公共交通按时刻表正常运行,加油站供应充足,我会很疑惑自己从事的到底是什么职业。
20年前,我所从事的是与今天一样的工作,是一名数字取证和网络安全事件响应人员。当时,我的主要工作是保护企业和消费者的数据,避免它们落入坏人手中。没有人担心物理世界受到的影响。但现在,这些不同体验因为一种共同的特征相互关联:它们的运行都依赖(数字和物理)网络连接。而20年前盗窃信用卡数据的网络犯罪分子,正在对这些网络发起攻击。
网络攻击带来的风险发生了巨大变化。多年来,从在美国空军服役到为电信业巨头的客户服务,再到现在领导和培训下一代网络一线响应人员,我曾阻止了数以千计的网络攻击。我想说的是,这些变化已经并将继续影响所有人,影响的规模之大可能超出我们的想象。
物理世界和数字世界正在逐渐融合,而网络威胁现在也蔓延到了“现实世界”。我们的任务不只是防止数据落入坏人手中,或者信用卡数据被盗。现在的网络攻击都经过了精心策划,目的是实现物理破坏和运行停机,通常针对全球重要的服务:据美国联邦调查局(FBI)披露,2021年,16个关键基础设施行业中,有14个遭到了勒索软件攻击。
攻击就发生在我们眼前,只是我们并没有“切身体会”。 2022年,一次勒索软件攻击导致德国数百座加油站停止服务。英国最近挫败了一次对其交通枢纽的攻击。在战争时期,网络越来越多地变成了一种主要工具,尽管我们尚未看到它充分展现威力。
随着威胁日益升级,人们对网络安全防护人员提出的要求也越来越高。现在,如果不能防御网络攻击,会对经济产生严重影响,妨碍普通市民使用重要的日常服务。
风险不止于此……
网络事件的影响会迅速扩散,但令人担忧的是,全球掌握网络防御技能的人才却依旧严重不足。最近一项全球调查发现,68%的网络事件响应人员普遍要同时应对两个甚至更多攻击。许多公司一旦遭遇网络危机,不可避免会面临无人可用的窘境。
简而言之,事件响应人员的数量严重不足。
尽管如此,他们仍然坚守在一线。数据显示,他们依旧承受了巨大的精神压力,通常不堪重负。事实上,勒索软件这种破坏性攻击加剧了网络一线响应人员的压力和心理素质要求。许多人由于所从事的应对网络安全威胁的工作性质,必须寻求心理健康协助。
全世界越来越依赖这些事件响应人员,只是我们还没有充分意识到他们的重要性。然而,如果我们不现在行动起来支持他们,并创建一个人才库,以满足未来必然更大的网络需求,当新的数字阵地遭遇攻击的时候,我们可能会措手不及。
我们必须将事件响应作为一种数字交汇的应急服务,并承认网络响应人员所承受的巨大压力和高压的工作环境。虽然我们看到他们的服务意识比这些挑战更重要,但公司以及网络安全行业必须执行可持续的支持结构,以避免事件响应人员出现职业倦怠。首先在为防御网络安全做准备,以及围绕资源和条件进行规划时,要将事件响应人员和他们面临的挑战考虑在内。
政府和私人行业必须加大对公众的教育,宣传网络安全的重要性,以及事件响应人员的关键使命。为了培养下一代网络安全一线防御人员,人们必须知道这个职业路径的存在。我们看到帮助人们规划网络职业的项目越来越多,例如DHS CISA的“在网络中看到自己”计划。这需要各方共同努力,将该领域内不同学科的教育与网络安全培训路径相结合。例如,IBM正在与20所传统黑人高校合作,帮助他们建立网络安全领导力中心(Cybersecurity Leadership Centers)。
无论是在幕后打击网络犯罪分子,拔掉服务器机房的插座以防止攻击不可控的传播,还是在作战室出谋划策,事件响应人员都在夜以继日地,默默守护着我们的现代生活方式。问题是,我们是否为他们提供了足够多的支持?(财富中文网)
本文作者劳伦斯·戴恩为IBM X-Force部门全球网络事件响应负责人。
Fortune.com上发表的评论文章中表达的观点,仅代表作者本人的观点,并不代表《财富》杂志的观点和信仰。
翻译:刘进龙
审校:汪皓
If you had told me 20 years ago that today I’d be charged with making sure that grocery stores remain stocked, public transportation schedules are running, and gas pumps are full, I’d be very confused as to what line of work I ended up in.
All those years ago, I had the same job I do today, as a digital forensic and cybersecurity incident responder. Back then, I focused on keeping corporate and consumer data from falling into bad actors’ hands. Concerns for physical implications were non-existent. Today, there’s a common trait connecting these seemingly disparate experiences to each other: they all rely on (digital and physical) network connections to operate. And those networks are under attack from the same cybercriminals that were stealing credit card data 20 years ago.
The stakes have changed drastically when it comes to cyberattacks. I’ve fended off thousands of cyberattacks over the years, from my service in the United States Air Force to defending clients of telecommunication giants and now leading and training the next generation of cyber frontline responders–and I’m telling you that change has and will continue to impact us all, potentially at a scale we can’t comprehend.
The physical and digital worlds are merging, and cyber threats are now crossing over into the “real world.” It’s no longer just about keeping data from falling into the wrong hands or credit card data being stolen. Cyberattacks today are engineered to achieve physical disruption and operational downtime, usually targeting the world’s critical services: The FBI revealed that in 2021, 14 of 16 critical infrastructure sectors were attacked with ransomware.
It’s happening before our eyes, it just hasn’t “hit us” yet. In 2022, a ransomware attack resulted in interrupting services at hundreds of gas stations in Germany. The U.K. recently thwarted an attack on its transportation links. Cyber has grown into a staple tool used during warfare, although we have yet to see its full extent materialize.
As threats evolve, so is what’s being asked of those defending against them. Today failing to hold the line against cyberattacks can have a material impact on the economy and access to essential day-to-day services for citizens.
But that’s not the only thing at stake…
As cyber incidents quickly multiply, what’s worrisome is that the men and women with the skills to defend against them are still in very short supply worldwide. A recent global study found that it’s common for 68% of incident responders to have to defend against two or more attacks simultaneously. Inevitably, many businesses are left without manpower in the face of a cyber crisis.
Simply put, incident responders are outnumbered.
Even so, they are still showing up, often overwhelmed, pushing through a considerable mental strain according to the data. In fact, disruptive attacks like ransomware have exacerbated the pressure and psychological demands of cyber frontline responders. Many are seeking out mental health assistance because of the very nature of responding to cyberattacks.
The world is becoming increasingly reliant on these teams, even if it’s still largely unaware of their importance. However, if we do not take measures today to support them as well as create a talent funnel that can meet tomorrow’s inevitably larger cyber needs, we will find ourselves unprepared to defend the new digital front line.
We must recognize the nature of incident response as an emergency service for digital intersections and acknowledge the immense pressure and high stress scenarios cyber responders are constantly up against. While we see their sense of service overriding these challenges, businesses–and the cybersecurity industry itself–must put in place sustainable support structures to avoid incident response burnout. That starts with considering incident responders and–the challenges they face–when preparing for cyberattacks, and planning around those resources and conditions.
Governments and private industry must invest more in educating the public about the material and direct importance of cybersecurity, as well as the critical mission of incident responders. To build up the next generation of cyber frontline defenders, people must know this career path even exists. We’re beginning to see more dedicated efforts to help people envision themselves in cyber, like DHS CISA’s “See yourself in cyber” initiative. This must be a collective undertaking that couples education on the diverse disciplines within the field with pathways to cybersecurity training. For example, IBM is collaborating with 20 Historically Black Colleges and Universities to help them establish Cybersecurity Leadership Centers.
Whether they’re kicking cybercriminals off networks behind screens, pulling out plugs in server rooms to stop an uncontrollable spread of attacks, or strategizing in war rooms, incident responders are silently defending our modern way of life–day in and day out. The question is, are we doing enough to support them?
Laurance Dine is the global lead of incident response at IBM X-Force.
The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.
