Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

6/12/2019
02:00 PM
Chris Schueler
Chris Schueler
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

A number of converging factors are changing enterprise cybersecurity, and as a result, we must change the way we approach it.

First, cybercriminals are becoming much better at penetrating organizations using nontechnical means. With social engineering and phishing techniques, they can bypass organizations' increasingly advanced defenses by manipulating insiders to gain access. Research shows that phishing and social engineering were the most common methods of compromise in 2018, serving as the conduit to the initial point of entry in more than 60% of security breaches in both cloud and point-of-sale environments, as well as in 46% of corporate and internal network breaches.

Second, the volume of data in organizations is growing exponentially and is increasingly stored in a more decentralized manner, making it difficult to ensure it's being optimally protected. Research firm IDC predicts the volume of data worldwide will grow tenfold by 2025 to 163 zettabytes, with the majority being created and managed by enterprises. This growth is being driven by the proliferation of artificial intelligence, the Internet of Things, and other machine-to-machine technologies in enterprises across all industries. This increase in new technologies means a larger attack surface, new attack vectors, and more points of vulnerability for organizations to secure.

Amid these challenges, organizations are also facing a global shortage of skilled cybersecurity talent able to address the rapidly evolving threat landscape and manage the myriad of security technologies employed by their organization. The recent (ISC)² Cybersecurity Workforce Study revealed a worker shortage of nearly 3 million for cybersecurity positions around the globe. In the US, it takes organizations an average of three to six months to fill an open security position — leaving businesses and their valuable data vulnerable to increasingly sophisticated threats. 

Nontraditional Skill Sets Could Be the Answer
To address these challenges, organizations must cast a wider net and be open to looking beyond the typical cybersecurity persona to recruit individuals from nontraditional disciplines and backgrounds. One of the biggest faults in our industry is that for far too long we've looked for only a certain, specific type of person to serve as cybersecurity professionals. By doing so, we find ourselves in this workforce shortage and risk developing a groupthink mentality as an industry. Instead, we must look to recruit, mentor, and advance the sharpest minds and individuals who bring a different approach, regardless of their educational background or previous professional experience.

For example, the skill sets we need to hire for are not necessarily technical. Instead, they are characteristics such as curiosity, tenacity, an aptitude for spotting patterns others miss, or an ability to put oneself in the mind of a nefarious person and anticipate what they will do next. Bringing together a collaborative group of people with a wide variety of skills, experience, and education will remain essential for keeping pace with the criminal mind. Some of the nontraditional disciplines that make for excellent additions to top-level cybersecurity teams include:  

  • Data scientists: The growth of enterprise data has made data scientists more important than ever. These individuals are familiar with using machine learning to parse through vast volumes of data to look for usual patterns or anomalies that may indicate a breach.
  • Statisticians: Cybersecurity is not a problem to be solved but a risk to be managed and mitigated. It's no longer a matter of if an attack will occur, but when, and how will we manage it. Statisticians and mathematicians excel at gauging organizational risk tolerance and determining incident probabilities, and their calculations are an increasingly important part of broader enterprise risk management strategies.   
  • Investigators, law enforcement, and military: People with a background in law enforcement, military service, or other types of investigators are experienced threat hunters, able to adopt a black hat mindset, build criminal profiles, and establish modus operandi. They are able to participate in Dark Web communities, conduct reconnaissance investigations, and accurately predict what the enemy will do next.  
  • Liberal arts: Any number of different liberal arts fields can bring value to a cybersecurity team. From communications to psychology, philosophy to sociology, these fields help us understand the human side of the equation, and individuals with a background in the liberal arts naturally leverage creative and abstract thinking to match the minds of black hats.

The Future of Cyber Teams
To contend with adversaries who are becoming more abstract in their attack planning and execution, security teams must blend traditional disciplines (computer science, network engineering, coding, etc.) with nontraditional skills. Some of the most important qualities in the future cybersecurity analyst are critical soft skills — such as curiosity and an ability to handle stress and chaos.

Moreover, diversity on your team is key. Not every individual on your team may think alike, but they're all working toward a shared goal: to protect critical data and organizations that house that data — and that's invaluable. To put up a true fight against adversaries, organizations can't just rely on diverse and cutting-edge technologies. Organizations will need to also put their faith in people with diverse expertise and backgrounds with a common goal and team mindset to survive in this next generation of cyber threats.

Related Content:

Chris Schueler is senior vice president of managed security services at Trustwave where he is responsible for managed security services, the global network of Trustwave Advanced Security Operations Centers and Trustwave SpiderLabs Incident Response. Chris joined Trustwave ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
6/19/2019 | 10:32:25 AM
Variety of skill
When I joined the Malware forensics team, 1'st stint, in 2016, I was one of the few who had built a server from ground up and knew the fiction of a single svchost.exe event.  So skills of a variety are an incredible asset.  Psychology too as some users just want to click on an infected attachment JUST TO SEE what the thing actually does.  Curiosity killed the cat or the network.  
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The security team seem to be taking SiegeWare seriously" 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19594
PUBLISHED: 2019-12-05
reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-19595
PUBLISHED: 2019-12-05
reset/modules/advanced_form_maker_edit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file.
CVE-2019-3690
PUBLISHED: 2019-12-05
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.
CVE-2013-0243
PUBLISHED: 2019-12-05
haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections
CVE-2018-10021
PUBLISHED: 2019-12-05
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate c...