Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/3/2017
10:30 AM
Tony Gauda
Tony Gauda
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

4 Ways the Next Generation of Security Is Changing

The CISO's job will get easier because of trends in the industry. Here's how.

Today, 66% of companies don't have enough cybersecurity personnel on staff, with that skills gap widening to a shortage of 1.8 million information security workers by 2022, predicts a new study from (ISC)2. With the number of data breaches also increasing at a record pace, something must change. Will it be automation technology, advanced tools, or more training? Regardless, the next generation of security will be staffed by less-experienced people empowered to do the jobs previously only experienced analysts could do — because it's necessary.

Here are the four ways I see the security analyst role, and the forces around it, evolving. For the CISO, it means your job is going to be a whole lot easier, too.

Security teams will become more diverse. The analyst position will evolve to diversify — and that’s a good thing. I believe that our thinking around the role of a security analyst hasn't been right. We have a talent gap, in part, because we have a narrow understanding of what a security professional needs to be. There are many elements that play into a security program, and it's not all about technical acumen. As an industry, we tend to get fixated on the latest ransomware or zero-day exploit, so it's easy to see why many assume you need extensive, technical skills to make meaningful contributions in the information security world.

However, the effectiveness of the vast majority of today's security teams has a lot more to do with getting basic security controls and best practices in place, and partnering effectively with the rest of the business. A security pro needs to collaborate with other departments, implement security training programs, manage third-party risk, put effective password policies in place, and more. These junior security analysts need to evolve to become better communicators and advocates — because today, many of the attacks on an organization are internal. Whether it's due to bad actors or just lack of education, a recent Verizon breach report found that more than 7% of users who receive phishing emails fall for them. This is preventable, and it's up to the security team to make that happen.

Security technology will become simpler. Today it's easy to become overwhelmed by information. Security professionals are tasked with more and more events around all possible nefarious activity. According to industry research, a mere 4% of alerts are investigated by security teams due to the massive amount of alert activity on the whole. There's no question that security analytics need to move toward simplicity — whether it's using more contextual alerting, "conversational English" nomenclature improving the user experience, or implementing machine-learning tools to intelligently sift through massive amounts of information. Alert fatigue needs to become a thing of the past for all analysts. I'm sure we're all tired of it by now.

Security strategies will centralize around data. There are two forces that demonstrate my point. First is the reality that breaking news on a weekly basis surrounds enormous data leaks — just recently, Equifax, Yahoo, the Securities and Exchange, and Sonic — and a stunning lack of clarity around the extent and scope of data that has been compromised in each case.

The second force is the European Union's General Data Protection Regulation. Organizations have not mapped out their data, and they're struggling now to comply with EU regulations. As a result, enterprises are making moves to locate, classify, and understand who's accessing their data and where it's being stored, and utilizing more advanced frameworks for data monitoring and controls. This data transparency is no longer a nice-to-have, particularly given impending regulatory deadlines. A heavier focus on data governance in itself will make analysts' jobs less complex than they've been before.

Automated technology will play a larger role. Every year there's a different hot buzzword in security — in 2017, it's automation. So it won't come as a surprise that to keep up with more senior analysts, less-experienced analysts may need to employ security technology that has a higher level of automation. Related to my first point, automated technology has the potential to close some of the talent gap problem. Although we've been pretty far away from realistically achieving that until now, that will change in 2018. This type of technology has finally advanced to the point where it works.

What I've discussed represents just four of the many ways that the next generation of security as a whole is changing, along with the role and responsibilities of security teams, as a result. With a combination of technological advancements and smart human intervention, we're moving in the right direction to even the playing field against attackers — and the next generation of security pros will be the ones who see that through.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry's most knowledgeable IT security experts. Check out the INsecurity agenda here.

Tony Gauda is a serial entrepreneur with a deep history in security, storage, and SaaS businesses. Tony holds several issued patents and previously invented the convergent encryption and core technology for Bitcasa. As the CEO of ThinAir, Tony has invented information ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19037
PUBLISHED: 2019-11-21
ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero.
CVE-2019-19036
PUBLISHED: 2019-11-21
btrfs_root_node in fs/btrfs/ctree.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because rcu_dereference(root->node) can be zero.
CVE-2019-19039
PUBLISHED: 2019-11-21
__btrfs_free_extent in fs/btrfs/extent-tree.c in the Linux kernel through 5.3.12 calls btrfs_print_leaf in a certain ENOENT case, which allows local users to obtain potentially sensitive information about register values via the dmesg program.
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.