Cybercrime is a big business that’s on the rise. Companies are spending billions on operations to defend their networks and data. There is a global shortage of 3.4 million cybersecurity professionals per the National Institute of Standards and Technology, which makes the Master of Science (M.S.) in Cybersecurity with Information Assurance – Cyber Operations Emphasis online program from Southern Utah University (SUU) a ticket to high-demand, high-salary positions.
A cyber watchdog based in the United Kingdom estimates nearly 36 billion data breaches were recorded in 2024. One attack on brands around the world, known as MOAB (Mother of All Breaches), accounted for 72% of the total. The United States has yet to reach that level of victimization, according to the FBI. However, hackers are stepping up their game. Between 2019 and 2023, the number of incident complaints nearly doubled, with losses growing to $12.5 billion from $3.5 billion.
What Is Cybersecurity Incident Response?
Incident response comprises a set of roles and responsibilities within cybersecurity, which is a subset of an organization’s overall information assurance (IA). Generally, IA describes an overarching risk-management approach to protecting data confidentiality, integrity and availability. The primary goal of cybersecurity is the development and deployment of firewalls, encryption and breach detection technology to defend systems, networks and data from unauthorized access. A successful hack or event that creates a vulnerability triggers an incident response to identify, investigate, contain, repair and recover from the intrusion.
“Security incidents can range from intentional cyberattacks by hackers or unauthorized users to unintentional violations of IT security policy by legitimate, authorized users,” according to IBM. A survey of security professionals and subject-matter experts conducted by Kaspersky found that accidental violations of organizational security policies by IT staff accounted for one in 10 incidents. Other non-compliance and internal security violations included:
- Using weak, easily hacked passwords
- Accessing unsecured websites
- Accessing data using a personal device
- Transferring data using personal email
A major component of defense against cyberthreats is the employee base at any company. “Alarmingly, respondents admit that, besides the irresponsible behavior already mentioned, 20% of malicious actions were committed by employees for personal gain,” the cybersecurity provider said.
What Are the Components of an Incident Response Plan?
The federal Cybersecurity & Infrastructure Security Agency describes an incident response plan (IRP) for government agencies as a strategy document that details organizational response before, during and after a suspected breach. Its strategy provides a framework for private sector organizations. A plan includes personnel rosters with responsibilities, requires senior leadership approval and sets schedules for review and updates.
The IRP specifies continuous staff training to ensure employees know how to identify suspected attempts to access protected IT systems. The training typically involves unannounced testing of employees to measure how well they respond to a suspected breach attempt. Other ongoing IR activities according to the CISA model can include:
- Anticipate internal email and digital communication failure during a breach
- Print and distribute hard copies of IRP key player contact information
- Select a third-party vendor to investigate potential compromises
- Conduct breach simulation exercises to stress-test the IRP
The IRP also specifies who will lead the response to a breach. The incident response manager directs communication flow, updates stakeholders and delegates tasks. The tech manager is the SME for the IT response and may call in additional internal or third-party support. The third leadership role specified in the IRP is the communications manager who interacts with media, posts approved social platform updates and interacts with external stakeholders.
A formal post-incident review, led by the incident response manager, explains what happened, why it occurred and what leaders must do to optimize defense systems. While the “post-mortem” involves people and technology, the final report documents process improvements and policy and procedure updates. “In an era where cyber threats are ever-evolving, an incident response plan is not a luxury but a necessity,” Allied IT Systems warns.
How Does the SUU MS in Cybersecurity Online Future-Proof Careers?
In a global economy that is increasingly dependent on data, SUU’s M.S. in Cybersecurity online program equips graduates for specialized roles to protect the targeted systems and networks of progressively sophisticated hackers. The curriculum includes courses such as:
- Cybersecurity Policies and Compliance: Students explore risk management frameworks and strategies to identify vulnerabilities.
- Incident Response Preparedness: Students learn the theories and practices behind the development of IRPs.
- Cyber Threat Intelligence I and II: Students gain insights required for senior planning roles in effective security planning.
The program is designed for working professionals seeking to invest in their future while on the job. Students can complete in as few as 11 months with affordable pay-as-you-go tuition.
Learn more about Southern Utah University’s online Master of Science in Cybersecurity with Information Assurance – Cyber Operations Emphasis program.
