These talked-about trends span not only the progress made, but also the cybersecurity challenges that still lie ahead.
In the past year, cyber security has truly broken through and become not just a boardroom issue but also a dinner table topic. From ransom ware attacks to election tampering, we have been fed a steady diet of explosive front page stories that have shaken the public’s sense of online security.
In this article, I will take a look at some of the key trends dominating the discourse among those of us defending digital assets.
- Tool fatigue is setting in.
The fractured cyber security industry seems to produce a new “must have” tool every six months or so. Between “next generation” this to “advanced threat” that, it is all a security leader can do to keep up with the latest terminology, let alone evaluate the effectiveness of new tools.
To be sure, there are some incredible new security tools that, if implemented and managed properly, can add tremendous value. The problem is that none of them are “set it and forget it”—they require on-going tuning and monitoring. In addition, alerts must be escalated properly, and the different products must not conflict with each other. Many companies have invested in tools that are supposed to enhance their security posture only to find themselves buried in alerts and alarms with no reasonable way to triage and prioritize response efforts. This can actually make an organization less secure as security resources are consumed responding to false positives and working to stem the flow of alerts.
Having better tools is important, but focusing too narrowly on technological approaches to security can detract from the essential, proactive work of developing a comprehensive incident response plan and cultivating a security culture across the organization. It is imperative to establish security priorities first, and then select the tools that will best support those priorities, making sure you have the qualified staff to manage the tools effectively. Too many companies still approach the issue of security the other way around—selecting products first, and then determining their security priorities based on what those tools can do. Not only does this lead companies to buy products they don’t need, it leads to gaps in security protection.
- The need for legal and security to converge will intensify.
Given the massive security breaches that have dominated headlines of late—think Yahoo, the SWIFT banking system and the Democratic National Committee—it is clear that cyber threats pose an existential threat to organizations in every sector and are not just an IT issue. The fallout can be enormous. In addition to the loss of data and/or intellectual property, there are the prospects of expensive penalties and drawn-out lawsuits, brand damage and lost business, and the undermining of customer loyalty.
Boards and C-level executives are finally coming to grips with the potential magnitude of cyber risk, and legal teams are now expected to work hand in hand with IT to mitigate that risk and manage response. In-house counsel and the legal department are increasingly required to provide guidance that is informed by a much-deeper understanding of the technology landscape.
However, time and again we have seen incident response teams operating without guidance from counsel and without the benefit of attorney client privilege and work product protection for their work. Exacerbating the issue is the continuing shortage of lawyers competent to advice on these issues. The fact is, even the lawyers that have mastered the legal landscape do not have sufficient technology experience, and those who wish to specialize in this area struggle to find appropriate training options.
The field of cyber security is also extremely dynamic, and a lapse in training of more than a few months can render a skill set dangerously out-dated. If legal and security are to converge, it isn’t necessary for lawyers to suddenly become cyber experts, but a basic understanding of the key technology concepts inherent in cyber security is crucial. It is imperative that companies—and law schools—invest in more formalized and on-going training opportunities for lawyers.
- Machine learning will play a larger role in cyber security.
Most security experts today will acknowledge that it is almost impossible to keep hackers out of a network. Research also indicates that insider threats account for a substantial number of today’s data breaches. These two facts combined have created the need for a rethink on IT security, with user behaviour analytics (UBA) emerging as a potentially powerful new weapon in the cyber security arsenal.
UBA performs real-time monitoring, correlation and analysis of event data and activity-logging that digital systems routinely record as a matter of course. Through a combination of powerful computer systems, advanced applied mathematical models and business and behavioural intelligence to analyse the data, UBA detects anomalous activity that would otherwise go undetected, and alerts security professionals to potential issues to investigate.
In addition, powerful new advanced malware detection tools have arisen to address the widening gaps left by traditional antivirus tools. These new systems are using machine learning to identify previously unknown threats and other indicators of compromise. UBA and artificial intelligence alone are not a cure-all for cybercrime, and such systems come with their own set of management and tuning issues, but machine learning has the potential to play a vital role in helping security stay one step ahead.
- There will continue to be a shortage of specialized talent.
The role of chief information security officer (CISO) is increasingly important, and demand for individuals with the skillset is high. However, qualified candidates are very limited in supply. The simple fact is that demand has grown exponentially faster than the ability to train a sufficient base of qualified candidates. That combined with the fact that it is an intensely high pressure role—too many companies still struggle to understand how systemic cyberattacks can be—and as such, CISO’s are expected to meet an almost impossible standard.
There is no quick solution to this shortage. Beyond the senior roles, companies are also struggling to fill mid-level and junior positions with qualified staff. As an alternative approach, some companies, particularly in the middle-market, are making a push towards relying on outside managed detection and response service providers who can create a steady and consistent bedrock upon which to build an internal security function. While it is not advisable or even possible to transfer all the burden of managing security to a third party, outsourcing certain aspects of security program management can dramatically reduce staffing challenges as well as help control software and hardware expenditures by utilizing cloud-based platforms and tools.
06 March, 2017