In the past year, cybersecurity has truly broken through and become not just a boardroom issue but also a dinner table topic. From ransomware attacks to election tampering, we have been fed a steady diet of explosive front page stories that have shaken the public’s sense of online security.
In this article, I will take a look at some of the key trends dominating the discourse among those of us defending digital assets.
1. Tool fatigue is setting in.
The fractured cybersecurity industry seems to produce a new “must have” tool every six months or so. Between “next generation” this to “advanced threat” that, it is all a security leader can do to keep up with the latest terminology, let alone evaluate the effectiveness of new tools.
To be sure, there are some incredible new security tools that, if implemented and managed properly, can add tremendous value. The problem is that none of them are “set it and forget it” — they require ongoing tuning and monitoring. In addition, alerts must be escalated properly, and the different products must not conflict with each other. Many companies have invested in tools that are supposed to enhance their security posture only to find themselves buried in alerts and alarms with no reasonable way to triage and prioritize response efforts. This can actually make an organization less secure as security resources are consumed responding to false positives and working to stem the flow of alerts.
Having better tools is important, but focusing too narrowly on technological approaches to security can detract from the essential, proactive work of developing a comprehensive incident response plan and cultivating a security culture across the organization. It is imperative to establish security priorities first, then select the tools that will best support those priorities, making sure you have the qualified staff to manage the tools effectively. Too many companies still approach the issue of security the other way around — selecting products first, and then determining their security priorities based on what those tools can do. Not only does this lead companies to buy products they don’t need, it leads to gaps in security protection.
2. The need for legal and security to converge will intensify.
Given the massive security breaches that have dominated headlines of late — think Yahoo, the SWIFT banking system and the Democratic National Committee — it is clear that cyber threats pose an existential threat to organizations in every sector, and are not just an IT issue. The fallout can be enormous. In addition to the loss of data or intellectual property, there are the prospects of expensive penalties and drawn-out lawsuits, brand damage and lost business, and the undermining of customer loyalty.
Boards and C-level executives are finally coming to grips with the potential magnitude of cyber risk, and legal teams are now expected to work hand in hand with IT to mitigate that risk and manage response. In-house counsel and the legal department are increasingly required to provide guidance that is informed by a much deeper understanding of the technology landscape.
However, time and again we have seen incident response teams operating without guidance from counsel and without the benefit of attorney client privilege. Exacerbating the issue is the continuing shortage of lawyers competent to advise on these issues. The fact is, even the lawyers that have mastered the legal landscape do not have sufficient technology experience, and those who wish to specialize in this area struggle to find appropriate training options.
The field of cybersecurity is also extremely dynamic, and a lapse in training of more than a few months can render a skill set dangerously outdated. If legal and security are to converge, it isn’t necessary for lawyers to suddenly become cyber experts, but a basic understanding of the key technology concepts inherent in cybersecurity is crucial. It is imperative that companies invest in more formalized and ongoing training opportunities for lawyers.
3. Machine learning will play a larger role in cybersecurity.
Most security experts today will acknowledge that it is almost impossible to keep hackers out of a network. Research also indicates that insider threats account for a substantial number of today’s data breaches. These two facts combined have created the need for a rethink on IT security, with user behavior analytics (UBA) emerging as a potentially powerful new weapon in the cybersecurity arsenal.
UBA performs real-time monitoring, correlation and analysis of event data and activity logging that digital systems routinely record as a matter of course. Through a combination of powerful computer systems, advanced applied mathematical models and business and behavioral intelligence to analyze the data, UBA detects anomalous activity that would otherwise go undetected, and alerts security professionals to potential issues to investigate.
In addition, powerful new advanced malware detection tools have arisen to address the widening gaps left by traditional antivirus tools. These new systems are using machine learning to identify previously unknown threats and other indicators of compromise. UBA and artificial intelligence alone are not a cure-all for cybercrime, and such systems come with their own set of management and tuning issues, but machine learning has the potential to play a vital role in helping security stay one step ahead.
4. There will continue to be a shortage of specialized talent.
The role of chief information security officer (CISO) is increasingly important, and demand for individuals with the skill set is high. However, qualified candidates are very limited in supply. The simple fact is that demand has grown exponentially faster than the ability to train a sufficient base of qualified candidates. That combined with the fact that it is an intensely high-pressure role — too many companies still struggle to understand how systemic cyberattacks can be — and as such, CISO’s are expected to meet an almost impossible standard.
There is no quick solution to this shortage. Beyond the senior roles, companies are also struggling to fill mid-level and junior positions with qualified staff. As an alternative approach, some companies, particularly in the middle-market, are making a push toward relying on outside managed detection and response service providers who can create a steady and consistent bedrock upon which to build an internal security function. While it is not advisable or even possible to transfer all the burden of managing security to a third party, outsourcing certain aspects of security program management can dramatically reduce staffing challenges as well as help control software and hardware expenditures by utilizing cloud-based platforms and tools.
Automation of security tasks has also proven appealing to many organizations. While the automation of security services, specifically, relying on sophisticated technology tools for detection and tier 1 response as well as blocking known threats, may seem like a more affordable solution, it is not without risk. It is possible that automated detection systems could escalate a flood of false positives, wasting security team time at best and overwhelming it at worst. Of greater concern is that no existing automation tool can substitute for human judgement when an incident does occur. For now, a skilled security professional remains a crucial component in tackling cyberattacks.
5. Cybersecurity experts are rethinking security in the cloud.
When companies opt for a “name brand” cloud service provider, there is an assumption that the security will be first rate. Unfortunately, this is not always the case and it is incumbent on companies to prioritize security when using the cloud, not only to avoid information leakage and potential hacks, but also to ensure they remain compliant. For example, the biggest risk to data in the cloud is not an external cyberattack, but rather a compromised account that allows a hacker to obtain authorized access to the data. Companies must ensure that their employees understand the importance of protecting their credentials and where possible enable two-factor authentication.
Another factor to consider is the importance of keeping an inventory of data stored in the cloud; it is all too easy to lose track of what is there. While this can be complex and time-consuming, it is critical. At any time, a company can be called upon to retrieve or analyze data stored in the cloud, in response to litigation, a compliance request or a security incident. It is vital, both from a legal and compliance perspective, to be able to access that data quickly.
Innovation in the security space is thriving with machine learning, analytics and artificial intelligence offering much in the way of promise. However, there is still much to be done, particularly in terms of human resources which remain vital in the fight against cyber threats, from the lack of qualified CISOs to a dearth of lawyers with an adequate understanding of cybersecurity and its complexities.
There are no easy solutions. Tackling cybersecurity requires commitment and investment in the right tools but also the right training.
— Read How Cutting Costs Hurts Technology on ThinkAdvisor.