Cybersecurity defenses are under unprecedented levels of attack. From old malware foes and newer types, such as ransomware, to sophisticated advanced threats and state-sponsored cyberattacks, breaches are, sadly, now an everyday reality.
It's an ever-changing landscape that organizations face. Take the McAfee Labs 2018 Threat Predictions report. Among its forecasts are an escalating arms race in machine learning as adversaries ramp up their use of artificial intelligence and also a move by cybercriminals to apply ransomware technologies beyond extortion of individuals to higher-value cyber-sabotage and disruption of organizations.
In the face of these threats, what are the key tools and strategies required to fight back? What are the characteristics and capabilities of those cybersecurity organizations that are better equipped to deal with these threats? Based on findings of a recent survey we conducted, I believe the answer lies in job satisfaction of cybersecurity employees, automation and gamification.
1. Job Satisfaction of cybersecurity employees
Retaining staff is clearly key in the current climate of a cybersecurity skills shortage and a growing threat landscape. Some organizations believe the only way to win the cybersecurity game is by throwing more people at the problem. Yet this seems unrealistic when many organizations still fall short of addressing the requirements of the market.
Given the high levels of staff churn at many organizations, it is more important than ever for senior managers and HR departments to consider alternative methods to plug this cybersecurity skills gap. In addition to better pay, opportunities for promotion and development and flexible working hours, one key factor in retaining cybersecurity employees is the type of work they are engaged in.
ccording to findings from the survey, the cybersecurity activities that provide respondents with the greatest level of enjoyment are threat hunting/finding vulnerabilities (55%), resolving threats (55%) and preventing threats entering the network (54%). It's perhaps no surprise that such types of cybersecurity work appeal to many security staff, with 21% of security professionals saying a threat hunter position either in their current organization or elsewhere is a career aspiration.
By pairing human intelligence with automated tasks and putting human-machine teaming in practice, automated programs handle basic security protocols while practitioners have their time freed up to proactively address unknown threats. This not only improves the organizations' cybersecurity posture but as detailed above, is a key driver for higher employee satisfaction.
At its core, there are essentially three pillars to an effective automation strategy:
Integrating detection and response systems is an essential part of automating the cybersecurity environment to help employees deal with the volume of information and identify the pieces that matter.
Security information and event management (SIEM)
A SIEM product has continuous access to a data feed from across the cybersecurity estate. It analyzes areas such as DNS data, perimeter firewalls and VPN traffic. It can be configured to identify suspicious patterns or activities on the network and carry out immediate automated historical analysis. This not only aids detection but can speed up incident response times, potentially mitigating the damage to data and systems from any breach.
In relation to cybersecurity, machine learning is changing the game within corporate environments, by managing massive amounts of data. Although some actions may need to be managed through human intervention, machine learning can take care of much of the easy and predictable work. For example, it can be used to set correlation rules to make the same review decisions you make on a routine basis, and then set alarms, create watch lists, or use scripts to package and forward data. With machine learning, you can automate advanced classification and scoping and prioritization of security events, making it possible to perform both predictive and prescriptive analytics.
3. Use of Gamification
Gamification, the concept of applying elements of game-playing to non-game activities, is growing in importance as a tool to help drive a higher performing cybersecurity organization. Within organizations that hold gamification exercises, hackathons, capture-the-flag, red team-blue team or bug bounty programs are the most common, and almost all (96%) of those organizations that use gamification in the workplace report seeing benefits.
However, there is huge room for improvement in the use of gamification as a tool to win the cybersecurity game. One area of improvement, in terms of talent, might lie outside the typical cybersecurity hiring profile, in a generation entering the workforce who have been brought up on video and computer games. Gamers quickly learn to continually look for clues, tools and weapons in their quest for success. And they develop persistence, endurance, observation and logic. This is supported by the survey, which suggests that gamers have many of the core skills that cybersecurity threat hunters of the future will need. 78% of respondents say the current generation entering the workforce-who have been raised playing video games-are stronger candidates for cybersecurity roles than traditional hires.
Just as taxes and death are often said to be the only two certainties in life, a growing cybersecurity threat landscape and a skills shortage are ever-present challenges for IT organizations. There is cause for optimism, however. Most organizations have plenty of room for improvement in tackling these challenges. In short, there are ways to fight back-concerted efforts to increase job satisfaction, automation in the Security Operations Center (SOC) and gamification in the workplace are key to beating cybercriminals at their own game.
By Tarek Jundi, managing director, Middle East & Turkey, McAfee