The conversation around allegations that Russian hackers stole data and thousands of emails from the Democratic National party during the ramp up to the recent election is only escalating. Whether this claim is proven, it certainly shines a spotlight on the emerging types of nation-state and other malicious threats faced by businesses, individuals and even governments. We had almost become accustomed to hearing about hacks of financial institutions, retailers and even Fortune 500 companies, but these recent allegations take the need for truly actionable intelligence to a whole new level.
The question is what can the information security industry do to manage this ever-changing threat environment? Industry experts have been pondering this same question. And as they formulate their answers, it’s having an effect on the type of information security professionals being hired and how they spend their time and apply their expertise.
While the shortage of cybersecurity staff continues, many enterprises are now looking for less volume and for more specialization. Cyber-attacks are coming from all over the globe and are aimed at endpoints and users all across the enterprise. And in many cases, the cybersecurity generalist can only take things so far. Companies need specialists who know their environment and who are well-versed in the threats aimed at that environment. That approach is what recently led a leading automobile manufacturer to develop a specialized division to concentrate on vehicle cybersecurity for their next generation of vehicles.
This “threats everywhere” environment is leading to another shift we can expect to see in the coming year: the use of Business Risk Intelligence (BRI) across multiple business units of the company. BRI takes the intelligence gathered from the cyber domain and relates it to the many business functions that make up the enterprise. And in doing so helps educate the leaders of those business units on the security threats they face and helps alleviate the burden of identifying, preventing, and reacting to those threats. This approach truly turns cyber intelligence into a tool for making better decisions all across the company.
And while today’s security information and event management products offer lots of automation, companies are recognizing that there is now more than ever a need for “eyes on the glass.” Companies are starting to realize – or realizing once again – that as cyber threats gain in frequency and sophistication, it really is the human analyst who can cull down security events to effectively gauge the ongoing threats to the organization. And they’re beginning to hire those “eyes on the glass” type of security folks.
As you can imagine, all this specialization and manpower really does impact the budget as the budget gets larger and larger to keep pace with the increasing threat environment. One way companies are attempting to keep their budget in check is to automate as many security operations as possible. In most cases, in-house automation must be done by in-house personnel so companies are hiring more dedicated developers to handle security automation.
On the flip side of all this are the companies working to develop security products. They know that the threat is evolving, security departments are often under-staffed, and understanding their product is the key to a sale. So they’ve begun to hire the traditional threat intelligence analyst and to put them to work as a sales engineer or solutions architect. Their role is to help prospects understand their security product and how best to use the product to have an impact on their company. I guess you could say we’ve come full circle when the analysts who were in need of the product are now helping to sell the product.
It’s hard to imagine a cybersecurity threat more intriguing and potentially having more impact than the alleged hack by the Russian government. But the one thing the last 10 years have shown me is that the threat landscape is continually changing and that most likely will not change any time soon. And in order to win this game of security cat and mouse, companies must continue to assess their hiring practices and tweak them to keep pace with the hackers of companies, individuals and now governments.