Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/3/2017
10:30 AM
Tony Gauda
Tony Gauda
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

4 Ways the Next Generation of Security Is Changing

The CISO's job will get easier because of trends in the industry. Here's how.

Today, 66% of companies don't have enough cybersecurity personnel on staff, with that skills gap widening to a shortage of 1.8 million information security workers by 2022, predicts a new study from (ISC)2. With the number of data breaches also increasing at a record pace, something must change. Will it be automation technology, advanced tools, or more training? Regardless, the next generation of security will be staffed by less-experienced people empowered to do the jobs previously only experienced analysts could do — because it's necessary.

Here are the four ways I see the security analyst role, and the forces around it, evolving. For the CISO, it means your job is going to be a whole lot easier, too.

Security teams will become more diverse. The analyst position will evolve to diversify — and that’s a good thing. I believe that our thinking around the role of a security analyst hasn't been right. We have a talent gap, in part, because we have a narrow understanding of what a security professional needs to be. There are many elements that play into a security program, and it's not all about technical acumen. As an industry, we tend to get fixated on the latest ransomware or zero-day exploit, so it's easy to see why many assume you need extensive, technical skills to make meaningful contributions in the information security world.

However, the effectiveness of the vast majority of today's security teams has a lot more to do with getting basic security controls and best practices in place, and partnering effectively with the rest of the business. A security pro needs to collaborate with other departments, implement security training programs, manage third-party risk, put effective password policies in place, and more. These junior security analysts need to evolve to become better communicators and advocates — because today, many of the attacks on an organization are internal. Whether it's due to bad actors or just lack of education, a recent Verizon breach report found that more than 7% of users who receive phishing emails fall for them. This is preventable, and it's up to the security team to make that happen.

Security technology will become simpler. Today it's easy to become overwhelmed by information. Security professionals are tasked with more and more events around all possible nefarious activity. According to industry research, a mere 4% of alerts are investigated by security teams due to the massive amount of alert activity on the whole. There's no question that security analytics need to move toward simplicity — whether it's using more contextual alerting, "conversational English" nomenclature improving the user experience, or implementing machine-learning tools to intelligently sift through massive amounts of information. Alert fatigue needs to become a thing of the past for all analysts. I'm sure we're all tired of it by now.

Security strategies will centralize around data. There are two forces that demonstrate my point. First is the reality that breaking news on a weekly basis surrounds enormous data leaks — just recently, Equifax, Yahoo, the Securities and Exchange, and Sonic — and a stunning lack of clarity around the extent and scope of data that has been compromised in each case.

The second force is the European Union's General Data Protection Regulation. Organizations have not mapped out their data, and they're struggling now to comply with EU regulations. As a result, enterprises are making moves to locate, classify, and understand who's accessing their data and where it's being stored, and utilizing more advanced frameworks for data monitoring and controls. This data transparency is no longer a nice-to-have, particularly given impending regulatory deadlines. A heavier focus on data governance in itself will make analysts' jobs less complex than they've been before.

Automated technology will play a larger role. Every year there's a different hot buzzword in security — in 2017, it's automation. So it won't come as a surprise that to keep up with more senior analysts, less-experienced analysts may need to employ security technology that has a higher level of automation. Related to my first point, automated technology has the potential to close some of the talent gap problem. Although we've been pretty far away from realistically achieving that until now, that will change in 2018. This type of technology has finally advanced to the point where it works.

What I've discussed represents just four of the many ways that the next generation of security as a whole is changing, along with the role and responsibilities of security teams, as a result. With a combination of technological advancements and smart human intervention, we're moving in the right direction to even the playing field against attackers — and the next generation of security pros will be the ones who see that through.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry's most knowledgeable IT security experts. Check out the INsecurity agenda here.

Tony Gauda is a serial entrepreneur with a deep history in security, storage, and SaaS businesses. Tony holds several issued patents and previously invented the convergent encryption and core technology for Bitcasa. As the CEO of ThinAir, Tony has invented information ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7843
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7846
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper error handling vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7847
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Improper Restriction of XML External Entity Reference ('XXE') vulnerability. Successful exploitation could lead to Arbitrary read access to the file system in the context of the current user.
CVE-2019-7848
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7850
PUBLISHED: 2019-07-18
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.