Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

6/12/2019
02:00 PM
Chris Schueler
Chris Schueler
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

A number of converging factors are changing enterprise cybersecurity, and as a result, we must change the way we approach it.

First, cybercriminals are becoming much better at penetrating organizations using nontechnical means. With social engineering and phishing techniques, they can bypass organizations' increasingly advanced defenses by manipulating insiders to gain access. Research shows that phishing and social engineering were the most common methods of compromise in 2018, serving as the conduit to the initial point of entry in more than 60% of security breaches in both cloud and point-of-sale environments, as well as in 46% of corporate and internal network breaches.

Second, the volume of data in organizations is growing exponentially and is increasingly stored in a more decentralized manner, making it difficult to ensure it's being optimally protected. Research firm IDC predicts the volume of data worldwide will grow tenfold by 2025 to 163 zettabytes, with the majority being created and managed by enterprises. This growth is being driven by the proliferation of artificial intelligence, the Internet of Things, and other machine-to-machine technologies in enterprises across all industries. This increase in new technologies means a larger attack surface, new attack vectors, and more points of vulnerability for organizations to secure.

Amid these challenges, organizations are also facing a global shortage of skilled cybersecurity talent able to address the rapidly evolving threat landscape and manage the myriad of security technologies employed by their organization. The recent (ISC)² Cybersecurity Workforce Study revealed a worker shortage of nearly 3 million for cybersecurity positions around the globe. In the US, it takes organizations an average of three to six months to fill an open security position — leaving businesses and their valuable data vulnerable to increasingly sophisticated threats. 

Nontraditional Skill Sets Could Be the Answer
To address these challenges, organizations must cast a wider net and be open to looking beyond the typical cybersecurity persona to recruit individuals from nontraditional disciplines and backgrounds. One of the biggest faults in our industry is that for far too long we've looked for only a certain, specific type of person to serve as cybersecurity professionals. By doing so, we find ourselves in this workforce shortage and risk developing a groupthink mentality as an industry. Instead, we must look to recruit, mentor, and advance the sharpest minds and individuals who bring a different approach, regardless of their educational background or previous professional experience.

For example, the skill sets we need to hire for are not necessarily technical. Instead, they are characteristics such as curiosity, tenacity, an aptitude for spotting patterns others miss, or an ability to put oneself in the mind of a nefarious person and anticipate what they will do next. Bringing together a collaborative group of people with a wide variety of skills, experience, and education will remain essential for keeping pace with the criminal mind. Some of the nontraditional disciplines that make for excellent additions to top-level cybersecurity teams include:  

  • Data scientists: The growth of enterprise data has made data scientists more important than ever. These individuals are familiar with using machine learning to parse through vast volumes of data to look for usual patterns or anomalies that may indicate a breach.
  • Statisticians: Cybersecurity is not a problem to be solved but a risk to be managed and mitigated. It's no longer a matter of if an attack will occur, but when, and how will we manage it. Statisticians and mathematicians excel at gauging organizational risk tolerance and determining incident probabilities, and their calculations are an increasingly important part of broader enterprise risk management strategies.   
  • Investigators, law enforcement, and military: People with a background in law enforcement, military service, or other types of investigators are experienced threat hunters, able to adopt a black hat mindset, build criminal profiles, and establish modus operandi. They are able to participate in Dark Web communities, conduct reconnaissance investigations, and accurately predict what the enemy will do next.  
  • Liberal arts: Any number of different liberal arts fields can bring value to a cybersecurity team. From communications to psychology, philosophy to sociology, these fields help us understand the human side of the equation, and individuals with a background in the liberal arts naturally leverage creative and abstract thinking to match the minds of black hats.

The Future of Cyber Teams
To contend with adversaries who are becoming more abstract in their attack planning and execution, security teams must blend traditional disciplines (computer science, network engineering, coding, etc.) with nontraditional skills. Some of the most important qualities in the future cybersecurity analyst are critical soft skills — such as curiosity and an ability to handle stress and chaos.

Moreover, diversity on your team is key. Not every individual on your team may think alike, but they're all working toward a shared goal: to protect critical data and organizations that house that data — and that's invaluable. To put up a true fight against adversaries, organizations can't just rely on diverse and cutting-edge technologies. Organizations will need to also put their faith in people with diverse expertise and backgrounds with a common goal and team mindset to survive in this next generation of cyber threats.

Related Content:

Chris Schueler is senior vice president of managed security services at Trustwave where he is responsible for managed security services, the global network of Trustwave Advanced Security Operations Centers and Trustwave SpiderLabs Incident Response. Chris joined Trustwave ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
6/19/2019 | 10:32:25 AM
Variety of skill
When I joined the Malware forensics team, 1'st stint, in 2016, I was one of the few who had built a server from ground up and knew the fiction of a single svchost.exe event.  So skills of a variety are an incredible asset.  Psychology too as some users just want to click on an infected attachment JUST TO SEE what the thing actually does.  Curiosity killed the cat or the network.  
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17552
PUBLISHED: 2019-10-14
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
CVE-2019-17553
PUBLISHED: 2019-10-14
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI.
CVE-2019-17408
PUBLISHED: 2019-10-14
parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
CVE-2019-17545
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-17546
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.