Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

6/12/2019
02:00 PM
Chris Schueler
Chris Schueler
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

A number of converging factors are changing enterprise cybersecurity, and as a result, we must change the way we approach it.

First, cybercriminals are becoming much better at penetrating organizations using nontechnical means. With social engineering and phishing techniques, they can bypass organizations' increasingly advanced defenses by manipulating insiders to gain access. Research shows that phishing and social engineering were the most common methods of compromise in 2018, serving as the conduit to the initial point of entry in more than 60% of security breaches in both cloud and point-of-sale environments, as well as in 46% of corporate and internal network breaches.

Second, the volume of data in organizations is growing exponentially and is increasingly stored in a more decentralized manner, making it difficult to ensure it's being optimally protected. Research firm IDC predicts the volume of data worldwide will grow tenfold by 2025 to 163 zettabytes, with the majority being created and managed by enterprises. This growth is being driven by the proliferation of artificial intelligence, the Internet of Things, and other machine-to-machine technologies in enterprises across all industries. This increase in new technologies means a larger attack surface, new attack vectors, and more points of vulnerability for organizations to secure.

Amid these challenges, organizations are also facing a global shortage of skilled cybersecurity talent able to address the rapidly evolving threat landscape and manage the myriad of security technologies employed by their organization. The recent (ISC)² Cybersecurity Workforce Study revealed a worker shortage of nearly 3 million for cybersecurity positions around the globe. In the US, it takes organizations an average of three to six months to fill an open security position — leaving businesses and their valuable data vulnerable to increasingly sophisticated threats. 

Nontraditional Skill Sets Could Be the Answer
To address these challenges, organizations must cast a wider net and be open to looking beyond the typical cybersecurity persona to recruit individuals from nontraditional disciplines and backgrounds. One of the biggest faults in our industry is that for far too long we've looked for only a certain, specific type of person to serve as cybersecurity professionals. By doing so, we find ourselves in this workforce shortage and risk developing a groupthink mentality as an industry. Instead, we must look to recruit, mentor, and advance the sharpest minds and individuals who bring a different approach, regardless of their educational background or previous professional experience.

For example, the skill sets we need to hire for are not necessarily technical. Instead, they are characteristics such as curiosity, tenacity, an aptitude for spotting patterns others miss, or an ability to put oneself in the mind of a nefarious person and anticipate what they will do next. Bringing together a collaborative group of people with a wide variety of skills, experience, and education will remain essential for keeping pace with the criminal mind. Some of the nontraditional disciplines that make for excellent additions to top-level cybersecurity teams include:  

  • Data scientists: The growth of enterprise data has made data scientists more important than ever. These individuals are familiar with using machine learning to parse through vast volumes of data to look for usual patterns or anomalies that may indicate a breach.
  • Statisticians: Cybersecurity is not a problem to be solved but a risk to be managed and mitigated. It's no longer a matter of if an attack will occur, but when, and how will we manage it. Statisticians and mathematicians excel at gauging organizational risk tolerance and determining incident probabilities, and their calculations are an increasingly important part of broader enterprise risk management strategies.   
  • Investigators, law enforcement, and military: People with a background in law enforcement, military service, or other types of investigators are experienced threat hunters, able to adopt a black hat mindset, build criminal profiles, and establish modus operandi. They are able to participate in Dark Web communities, conduct reconnaissance investigations, and accurately predict what the enemy will do next.  
  • Liberal arts: Any number of different liberal arts fields can bring value to a cybersecurity team. From communications to psychology, philosophy to sociology, these fields help us understand the human side of the equation, and individuals with a background in the liberal arts naturally leverage creative and abstract thinking to match the minds of black hats.

The Future of Cyber Teams
To contend with adversaries who are becoming more abstract in their attack planning and execution, security teams must blend traditional disciplines (computer science, network engineering, coding, etc.) with nontraditional skills. Some of the most important qualities in the future cybersecurity analyst are critical soft skills — such as curiosity and an ability to handle stress and chaos.

Moreover, diversity on your team is key. Not every individual on your team may think alike, but they're all working toward a shared goal: to protect critical data and organizations that house that data — and that's invaluable. To put up a true fight against adversaries, organizations can't just rely on diverse and cutting-edge technologies. Organizations will need to also put their faith in people with diverse expertise and backgrounds with a common goal and team mindset to survive in this next generation of cyber threats.

Related Content:

Chris Schueler is senior vice president of managed security services at Trustwave where he is responsible for managed security services, the global network of Trustwave Advanced Security Operations Centers and Trustwave SpiderLabs Incident Response. Chris joined Trustwave ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
6/19/2019 | 10:32:25 AM
Variety of skill
When I joined the Malware forensics team, 1'st stint, in 2016, I was one of the few who had built a server from ground up and knew the fiction of a single svchost.exe event.  So skills of a variety are an incredible asset.  Psychology too as some users just want to click on an infected attachment JUST TO SEE what the thing actually does.  Curiosity killed the cat or the network.  
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17210
PUBLISHED: 2019-07-20
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level permissions can bypass t...
CVE-2019-12934
PUBLISHED: 2019-07-20
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljs_additional_css parameter.
CVE-2019-9229
PUBLISHED: 2019-07-20
An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A to F7.20A.251. An internal interface exposed to the link-local address 169.254.254.253 allows attackers in the local network to access multiple quagga VTYs. Attackers can...
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.