Story image

Under the spotlight: The tech security people crunch

09 Oct 17

The tenure of an enterprise Chief Information Security Officer (CISO) is said to be less than two years. A change in that position almost always follows a breach that either compromised customer data, or attracted media attention. It is easy to understand if CISOs are focused on threats, risks and compliance. The recruiting, hiring and retaining of skilled employees is quickly becoming an acute challenge, and, in some cases, a competitive differentiator.

  • The eighth Global Information Security Workforce Study (GISWS), which includes feedback from over 19,000 information security professionals worldwide, projects an information security workforce gap of 1.8 million by 2022. This represents an increase of 20 percent from the 1.5 million worker shortfall forecast by the last study.
  • ISACA predicts there will be a global shortage of two million cyber security professionals by 2019. And one of the most in-demand security roles will be security analysts.

However, the numbers tell only part of the story. Precisely as threat surfaces are increasing – think cloud, mobile, IoT – and cybercriminals get increasingly sophisticated in their tactics, techniques and procedures (TTPs). Unfortunately, the supply of “guardians” hasn’t kept up.

Today, finding the right cybersecurity talent has become a serious problem across all industries. A 2017 Cybersecurity Trends report states lack of skilled security professionals is top of the list of biggest obstacles to stronger cyber security (45%), tied with lack of budget!

Too much data, too little information

The combination of a kinetic threat environment and security staff that are overwhelmed and underfunded is that the scope and sheer quantity of data wears down, if not overwhelms, many security teams.

A recent survey found 40.4 percent of security professionals say that the alerts they receive lack actionable intelligence to investigate, and another 31.9 percent report that they ignore alerts because so many are false positives.

Security automation: ROI for your human capital

Better automation is top of mind for many security professionals, in a survey by ESG Research, 72 percent say analytics and operations are more difficult now than two years ago. However, there is a growing acknowledgment that automation- like artificial intelligence- does not replace the need to invest and focus on the human workforce. 

Rather, better orchestrating tasks to be efficient and automating where possible, frees up teams and individuals to do different types of work often of a higher order, and complex and abstract, and more impactful, work for the organisation.

Much can be done to better orchestrate the existing, routine workflows of security processes. Day-to-day SOC operations that sometimes involve ‘manual’ phone and email communications, filling out operations, compliance and incident reports, even the use of spreadsheets, can be better integrated into an automated workflow.

Applied context and threat intelligence can enable security professionals to more quickly focus on the threats that matter, the real Indicators of Compromise (IoC).

Automatic correlation of threat intelligence with indicators and network activity/business context provides a clear line of sight through the noise of alerts. This increases not only the return on your investments in security technology, but also your human capital. At hand, actionable intelligence empowers security analysts and can help make them feel they are making a difference.

Advanced threat analysis automatically populates investigations with historical and real-time contextual intelligence, which makes a lot better use of your experienced security resources. They can quickly isolate network conversations between hosts and connection points of interest.  

As the analyst follows the breadcrumbs of suspicious or anomalous behaviour, looks for potential lateral movement, this data should be carried forward automatically. Effectively, these recordings can be used to instantiate an investigation or forensics report. They can also be used to show management why certain steps were taken.

Effective enterprise cybersecurity has always been about integrating people, processes and technology to reduce risk. Automating security processes goes hand in hand with leveraging staff more appropriately.

The real benefit of security automation where possible has a powerful people component. This is in precisely how effective automation helps you better leverage the skill sets of security professionals and makes them feel more effective and motivated.

Article by Arabella Hallawell, senior director of Product Marketing, Arbor Networks.

Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Chch crypto-exchange Cryptopia suffers breach
Cryptopia has reportedly experienced a security breach that has taken the entire platform offline – and resulted in ‘significant losses’.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.
Carbon Black: What does cybersecurity have in store for 2019?
Tom Kellerman has shared five insights for the year ahead, including a particularly bold one.
Hands-on review: The Ekster Wallet protects your cards against RFID attacks
For some time now, I’ve been protecting my credit cards with tinfoil. The tinfoil hat does attract a lot of comments, but thanks to Ekster, those days are now happily behind me.
Report on SingHealth breach condemns poor security practices
The 2018 Singapore SingHealth data breach was poorly managed and riddled with vulnerabilities from the start.
Tesla wants people to hack its Model 3
Tesla is offering white hat hackers what could be the chance of a lifetime – the opportunity to hack one of its Model 3 vehicles.