Endpoint
11/3/2017
10:30 AM
Tony Gauda
Tony Gauda
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

4 Ways the Next Generation of Security Is Changing

The CISO's job will get easier because of trends in the industry. Here's how.

Today, 66% of companies don't have enough cybersecurity personnel on staff, with that skills gap widening to a shortage of 1.8 million information security workers by 2022, predicts a new study from (ISC)2. With the number of data breaches also increasing at a record pace, something must change. Will it be automation technology, advanced tools, or more training? Regardless, the next generation of security will be staffed by less-experienced people empowered to do the jobs previously only experienced analysts could do — because it's necessary.

Here are the four ways I see the security analyst role, and the forces around it, evolving. For the CISO, it means your job is going to be a whole lot easier, too.

Security teams will become more diverse. The analyst position will evolve to diversify — and that’s a good thing. I believe that our thinking around the role of a security analyst hasn't been right. We have a talent gap, in part, because we have a narrow understanding of what a security professional needs to be. There are many elements that play into a security program, and it's not all about technical acumen. As an industry, we tend to get fixated on the latest ransomware or zero-day exploit, so it's easy to see why many assume you need extensive, technical skills to make meaningful contributions in the information security world.

However, the effectiveness of the vast majority of today's security teams has a lot more to do with getting basic security controls and best practices in place, and partnering effectively with the rest of the business. A security pro needs to collaborate with other departments, implement security training programs, manage third-party risk, put effective password policies in place, and more. These junior security analysts need to evolve to become better communicators and advocates — because today, many of the attacks on an organization are internal. Whether it's due to bad actors or just lack of education, a recent Verizon breach report found that more than 7% of users who receive phishing emails fall for them. This is preventable, and it's up to the security team to make that happen.

Security technology will become simpler. Today it's easy to become overwhelmed by information. Security professionals are tasked with more and more events around all possible nefarious activity. According to industry research, a mere 4% of alerts are investigated by security teams due to the massive amount of alert activity on the whole. There's no question that security analytics need to move toward simplicity — whether it's using more contextual alerting, "conversational English" nomenclature improving the user experience, or implementing machine-learning tools to intelligently sift through massive amounts of information. Alert fatigue needs to become a thing of the past for all analysts. I'm sure we're all tired of it by now.

Security strategies will centralize around data. There are two forces that demonstrate my point. First is the reality that breaking news on a weekly basis surrounds enormous data leaks — just recently, Equifax, Yahoo, the Securities and Exchange, and Sonic — and a stunning lack of clarity around the extent and scope of data that has been compromised in each case.

The second force is the European Union's General Data Protection Regulation. Organizations have not mapped out their data, and they're struggling now to comply with EU regulations. As a result, enterprises are making moves to locate, classify, and understand who's accessing their data and where it's being stored, and utilizing more advanced frameworks for data monitoring and controls. This data transparency is no longer a nice-to-have, particularly given impending regulatory deadlines. A heavier focus on data governance in itself will make analysts' jobs less complex than they've been before.

Automated technology will play a larger role. Every year there's a different hot buzzword in security — in 2017, it's automation. So it won't come as a surprise that to keep up with more senior analysts, less-experienced analysts may need to employ security technology that has a higher level of automation. Related to my first point, automated technology has the potential to close some of the talent gap problem. Although we've been pretty far away from realistically achieving that until now, that will change in 2018. This type of technology has finally advanced to the point where it works.

What I've discussed represents just four of the many ways that the next generation of security as a whole is changing, along with the role and responsibilities of security teams, as a result. With a combination of technological advancements and smart human intervention, we're moving in the right direction to even the playing field against attackers — and the next generation of security pros will be the ones who see that through.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry's most knowledgeable IT security experts. Check out the INsecurity agenda here.

Tony Gauda is a serial entrepreneur with a deep history in security, storage, and SaaS businesses. Tony holds several issued patents and previously invented the convergent encryption and core technology for Bitcasa. As the CEO of ThinAir, Tony has invented information ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.