As we tend to still see proof of our inability to spot and contain threats each within the personal sector and within the public domains, it’s clear that we tend to area unit falling any behind the curve within the go after effective cybersecurity defense. A recent survey from analyst cluster says that over eighty six of cybersecurity professionals claim their jobs became considerably harder simply since 2017.
The survey identified three main reasons:
- The threat landscape continues to grow more dangerous by the month,
- The threat alert volume has increased beyond any human ability to respond, and
- The shortage of skilled cybersecurity resources, driven not only by the continued flat-lining of new people entering the industry, but mostly by the size of the increased threat.
Many have argued that an answer may be found during an extremely machine-controlled threat intelligence system that would leverage advanced algorithmic prognosticative analytics. But, I even have detected that argument since 2016 and seen little progress in applied AI or milliliter within the cybersecurity domain. None the less the effectiveness of AI and milliliter has been incontestable in varied applications across a broad style of trade sectors instead.
That same survey found that though thirty eighth of organizations have had a cyber threat intelligence program in situ for between 2 and 5 years, several of these organizations still cannot effectively impact the ensuing outputs quickly and systematically. Why?
Because security analysts work in a world of rapidly increasing dependence on digital systems replete with ambiguity and incomplete information, requiring constant focus and a high level of expertise. And this work doesn’t scale.
The more and more dangerous threat landscape is outlined by new and complicated exploits taken from the planet of state sponsored cyber-attacks and increased social engineering attacks taking advantage of the careless proliferation of shared personal information everywhere the net. Personal sector threat actors have sure-fire operating models drawn from public attacks from that to coach and fashion their own exploits, and the way a lot of easier is it to urge Australopithecus afarensis in accounting to fall for a phishing attack once it apparently comes from a fan on Facebook?
And with IoT on the horizon, the threat landscape is only going to get worse, requiring much better and more highly sophisticated threat intelligence systems.
Today’s growing volume of security alerts area unit typically the results of organizations making their cyber threat intelligence programs through an integration with many different cybersecurity tools however still have faith in manual processes to capture, map and interpret the results. The sheer volume of information grows exponentially, and analytical fatigue will arrive early.
The survey found that but half of threat responders aforementioned that they didn’t relied on threat information at all once deciding to require action, and solely regarding 25th aforementioned that they used threat information effectively. Variant alerts lacking context characterizes most secured computing environments currently and therefore the result’s a high level of false positives and lots of incomprehensible true alerts.
The cybersecurity skills shortage issue shows up massive in organizations that have faith in human-centric processes to investigate and answer threats. The analysis indicates that over half of organizations believe they need a “problematic shortage” of skilled professionals, resulting in an increasing work for this employees, junior staff being employed for positions that demand expertise, and an excessive amount of time spent on crisis rectification instead of coaching (some two thirds of pros say they’re too busy to stay up with skills development and training).
This has created such an oversized demand for skilled professionals that one study found nearly half of all cybersecurity professionals were invited to think about a brand new job a minimum of once per week for a considerable increase in pay. The matter is acute with no answer seeable.
Solutions? Not many. We are obviously not going to stop let alone turn the tide on the mounting threat landscape. Given that the threats and volumes of data will continue to increase while the size of the skilled cybersecurity human resource population will continue to decrease in proportion to the size of the threat, it seems obvious (to me) that the only lever we have is increased access to real-time, contextualized and automated threat intelligence.
Useful threat intelligence has to be curated and sourced from business and business threat feeds, closed sources like forums on the dark internet, and in private developed threat reports that are seamlessly integrated into rating and watching systems which will then alert in context with unjust info.
If that resulting contextualized threat data could be customized for different use cases within an organization, it be even more helpful so that threat hunters, incident responders, and risk managers could quickly apply the output to their specific requirements.
A truly helpful threat intelligence answer ought to alter processes like information assortment and filtering which will then scale in accord with the threat landscape versus the human resources trying to agitate the results. this can be wherever AI and ml, IP and vertical search algorithms will play a task in cutting through the crap.
But automation isn’t progressing to be some holy-grail-like cure-all anytime shortly. we’ve seen what happens once man-machine parts are combined to perform higher than either on its own. Chess consultants have found that combining a human’s intuition, the flexibility to browse an opponent, and also the present artistic inspiration, beside a computer’s brute-force ability to study and predict moves innumerable turns before, produces the strongest results. This format, referred to as “freestyle chess” permits even amateur players once assisted by computers to contend and win against chess grandmasters.
The machine-controlled threat information assortment, parsing, filtering, and sorting found in a number of today’s additional advanced Threat Intelligence systems can permit less old cybersecurity professionals to pay longer building their skills rather than burning themselves out functioning on arduous manual processes with useless information. Exhausting the restricted resources you now use with stupid work feels like a very dangerous strategy in lightweight of the present and future cybersecurity skills shortage.
A better strategy might be to invest in a Threat Intelligence solution that can enhance and supplement those resources so that they can focus on actual analysis, response and remediation.
Far too many companies today have come to the realization that an investment like that might have thwarted the breach that resulted in ten-times the expense of an improved approach to threat intelligence.