If you had told me 20 years ago that today I’d be charged with making sure that grocery stores remain stocked, public transportation schedules are running, and gas pumps are full, I’d be very confused as to what line of work I ended up in.
All those years ago, I had the same job I do today, as a digital forensic and cybersecurity incident responder. Back then, I focused on keeping corporate and consumer data from falling into bad actors’ hands. Concerns for physical implications were non-existent. Today, there’s a common trait connecting these seemingly disparate experiences to each other: they all rely on (digital and physical) network connections to operate. And those networks are under attack from the same cybercriminals that were stealing credit card data 20 years ago.
The stakes have changed drastically when it comes to cyberattacks. I’ve fended off thousands of cyberattacks over the years, from my service in the United States Air Force to defending clients of telecommunication giants and now leading and training the next generation of cyber frontline responders–and I’m telling you that change has and will continue to impact us all, potentially at a scale we can’t comprehend.
The physical and digital worlds are merging, and cyber threats are now crossing over into the “real world.” It’s no longer just about keeping data from falling into the wrong hands or credit card data being stolen. Cyberattacks today are engineered to achieve physical disruption and operational downtime, usually targeting the world’s critical services: The FBI revealed that in 2021, 14 of 16 critical infrastructure sectors were attacked with ransomware.
It’s happening before our eyes, it just hasn’t “hit us” yet. In 2022, a ransomware attack resulted in interrupting services at hundreds of gas stations in Germany. The U.K. recently thwarted an attack on its transportation links. Cyber has grown into a staple tool used during warfare, although we have yet to see its full extent materialize.
As threats evolve, so is what’s being asked of those defending against them. Today failing to hold the line against cyberattacks can have a material impact on the economy and access to essential day-to-day services for citizens.
But that’s not the only thing at stake…
As cyber incidents quickly multiply, what’s worrisome is that the men and women with the skills to defend against them are still in very short supply worldwide. A recent global study found that it’s common for 68% of incident responders to have to defend against two or more attacks simultaneously. Inevitably, many businesses are left without manpower in the face of a cyber crisis.
Simply put, incident responders are outnumbered.
Even so, they are still showing up, often overwhelmed, pushing through a considerable mental strain according to the data. In fact, disruptive attacks like ransomware have exacerbated the pressure and psychological demands of cyber frontline responders. Many are seeking out mental health assistance because of the very nature of responding to cyberattacks.
The world is becoming increasingly reliant on these teams, even if it’s still largely unaware of their importance. However, if we do not take measures today to support them as well as create a talent funnel that can meet tomorrow’s inevitably larger cyber needs, we will find ourselves unprepared to defend the new digital front line.
We must recognize the nature of incident response as an emergency service for digital intersections and acknowledge the immense pressure and high stress scenarios cyber responders are constantly up against. While we see their sense of service overriding these challenges, businesses–and the cybersecurity industry itself–must put in place sustainable support structures to avoid incident response burnout. That starts with considering incident responders and–the challenges they face–when preparing for cyberattacks, and planning around those resources and conditions.
Governments and private industry must invest more in educating the public about the material and direct importance of cybersecurity, as well as the critical mission of incident responders. To build up the next generation of cyber frontline defenders, people must know this career path even exists. We’re beginning to see more dedicated efforts to help people envision themselves in cyber, like DHS CISA’s “See yourself in cyber” initiative. This must be a collective undertaking that couples education on the diverse disciplines within the field with pathways to cybersecurity training. For example, IBM is collaborating with 20 Historically Black Colleges and Universities to help them establish Cybersecurity Leadership Centers.
Whether they’re kicking cybercriminals off networks behind screens, pulling out plugs in server rooms to stop an uncontrollable spread of attacks, or strategizing in war rooms, incident responders are silently defending our modern way of life–day in and day out. The question is, are we doing enough to support them?
Laurance Dine is the global lead of incident response at IBM X-Force.
The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.
More must-read commentary published by Fortune:
Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.