Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

6/12/2019
02:00 PM
Chris Schueler
Chris Schueler
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Tomorrow's Cybersecurity Analyst Is Not Who You Think

Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.

A number of converging factors are changing enterprise cybersecurity, and as a result, we must change the way we approach it.

First, cybercriminals are becoming much better at penetrating organizations using nontechnical means. With social engineering and phishing techniques, they can bypass organizations' increasingly advanced defenses by manipulating insiders to gain access. Research shows that phishing and social engineering were the most common methods of compromise in 2018, serving as the conduit to the initial point of entry in more than 60% of security breaches in both cloud and point-of-sale environments, as well as in 46% of corporate and internal network breaches.

Second, the volume of data in organizations is growing exponentially and is increasingly stored in a more decentralized manner, making it difficult to ensure it's being optimally protected. Research firm IDC predicts the volume of data worldwide will grow tenfold by 2025 to 163 zettabytes, with the majority being created and managed by enterprises. This growth is being driven by the proliferation of artificial intelligence, the Internet of Things, and other machine-to-machine technologies in enterprises across all industries. This increase in new technologies means a larger attack surface, new attack vectors, and more points of vulnerability for organizations to secure.

Amid these challenges, organizations are also facing a global shortage of skilled cybersecurity talent able to address the rapidly evolving threat landscape and manage the myriad of security technologies employed by their organization. The recent (ISC)² Cybersecurity Workforce Study revealed a worker shortage of nearly 3 million for cybersecurity positions around the globe. In the US, it takes organizations an average of three to six months to fill an open security position — leaving businesses and their valuable data vulnerable to increasingly sophisticated threats. 

Nontraditional Skill Sets Could Be the Answer
To address these challenges, organizations must cast a wider net and be open to looking beyond the typical cybersecurity persona to recruit individuals from nontraditional disciplines and backgrounds. One of the biggest faults in our industry is that for far too long we've looked for only a certain, specific type of person to serve as cybersecurity professionals. By doing so, we find ourselves in this workforce shortage and risk developing a groupthink mentality as an industry. Instead, we must look to recruit, mentor, and advance the sharpest minds and individuals who bring a different approach, regardless of their educational background or previous professional experience.

For example, the skill sets we need to hire for are not necessarily technical. Instead, they are characteristics such as curiosity, tenacity, an aptitude for spotting patterns others miss, or an ability to put oneself in the mind of a nefarious person and anticipate what they will do next. Bringing together a collaborative group of people with a wide variety of skills, experience, and education will remain essential for keeping pace with the criminal mind. Some of the nontraditional disciplines that make for excellent additions to top-level cybersecurity teams include:  

  • Data scientists: The growth of enterprise data has made data scientists more important than ever. These individuals are familiar with using machine learning to parse through vast volumes of data to look for usual patterns or anomalies that may indicate a breach.
  • Statisticians: Cybersecurity is not a problem to be solved but a risk to be managed and mitigated. It's no longer a matter of if an attack will occur, but when, and how will we manage it. Statisticians and mathematicians excel at gauging organizational risk tolerance and determining incident probabilities, and their calculations are an increasingly important part of broader enterprise risk management strategies.   
  • Investigators, law enforcement, and military: People with a background in law enforcement, military service, or other types of investigators are experienced threat hunters, able to adopt a black hat mindset, build criminal profiles, and establish modus operandi. They are able to participate in Dark Web communities, conduct reconnaissance investigations, and accurately predict what the enemy will do next.  
  • Liberal arts: Any number of different liberal arts fields can bring value to a cybersecurity team. From communications to psychology, philosophy to sociology, these fields help us understand the human side of the equation, and individuals with a background in the liberal arts naturally leverage creative and abstract thinking to match the minds of black hats.

The Future of Cyber Teams
To contend with adversaries who are becoming more abstract in their attack planning and execution, security teams must blend traditional disciplines (computer science, network engineering, coding, etc.) with nontraditional skills. Some of the most important qualities in the future cybersecurity analyst are critical soft skills — such as curiosity and an ability to handle stress and chaos.

Moreover, diversity on your team is key. Not every individual on your team may think alike, but they're all working toward a shared goal: to protect critical data and organizations that house that data — and that's invaluable. To put up a true fight against adversaries, organizations can't just rely on diverse and cutting-edge technologies. Organizations will need to also put their faith in people with diverse expertise and backgrounds with a common goal and team mindset to survive in this next generation of cyber threats.

Related Content:

Chris Schueler is senior vice president of managed security services at Trustwave, where he is responsible for managed security services and the global network of Trustwave security operations centers. Chris joined Trustwave from IBM where he held multiple roles ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
6/19/2019 | 10:32:25 AM
Variety of skill
When I joined the Malware forensics team, 1'st stint, in 2016, I was one of the few who had built a server from ground up and knew the fiction of a single svchost.exe event.  So skills of a variety are an incredible asset.  Psychology too as some users just want to click on an infected attachment JUST TO SEE what the thing actually does.  Curiosity killed the cat or the network.  
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Considerations for Seamless CCPA Compliance
Anurag Kahol, CTO, Bitglass,  7/2/2020
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  7/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12421
PUBLISHED: 2020-07-09
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 6...
CVE-2020-12422
PUBLISHED: 2020-07-09
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
CVE-2020-12423
PUBLISHED: 2020-07-09
When the Windows DLL "webauthn.dll" was missing from the Operating System, and a malicious one was placed in a folder in the user's %PATH%, Firefox may have loaded the DLL, leading to arbitrary code execution. *Note: This issue only affects the Windows operating system; other operating sys...
CVE-2020-12425
PUBLISHED: 2020-07-09
Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78.
CVE-2020-12426
PUBLISHED: 2020-07-09
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.