There’s only so much technology can do to protect against cyberattacks. Even the most sophisticated software is limited to known threats.
“Some new threats will inevitably break through from time to time, and, when they do, every second counts,” says Guy Coles, Sales Director at Privasec Governance and Information Security Partners. “The sooner you identify a breach, the more likely you are to contain the damage.”
In many larger companies, cybersecurity analysts provide the last line of defence. They respond to alerts from security systems, investigate each one manually and, where necessary, minimise the fallout.
“When you spend your days reviewing data on a screen, it can be difficult to maintain focus,” says Kate Healy, Principal Cyber Security Consultant at Aleron. “But this is also stressful because you’re under a lot of pressure to pick up every threat.”
A recent Ponemon Institute study found that, in a typical week, respondents received an average of almost 17,000 malware alerts.
“Even if a company had 20 dedicated cybersecurity analysts, each one would have to review about 150 alerts every day,” says Kumar Saurabh, CEO and co-founder of security intelligence automation platform LogicHub. “If this leaves them feeling overwhelmed and fatigued, they’re much more likely to miss a breach.”
The combination of monotony and pressure can also lead to low job satisfaction and high rates of attrition. This is not only very expensive, but replacements could also be hard to find.
There is already a worldwide skills gap and, according to the eighth ‘Global Information Security Workforce Study’ conducted by the Center for Cyber Safety and Education (ISC)2, this will widen to a 1.8 million shortfall in qualified workers by 2022.
Saurabh suggests automating as much of the routine workflow as possible. “This use of automation would leave analysts free to focus on investigating and solving real problems,” he says.
Cyber criminals can use the personal information CEOS share on social media to create convincing spear phishing email
Advances in two specific technologies have made this possible.
“Data analytics platforms are processing more information faster,” says Healy.
“This provides greater insight into abnormal behaviour, which may signal a security incident. At the same time, machine learning has introduced the ability for security systems to ‘learn’ the behaviour of an organisation and so reduce the number of false-positive alerts.”
Varying the analysts’ responsibilities can help to keep them engaged. “Instead of maintaining a separate team for investigations, you could rotate staff between investigations, operations, penetration testing and engineering,” Healy continues. “This also gives you a larger pool of resources in the event of a crisis and provides a development path for career progression.”
The culture of the organisation can also play a vital role in maintaining security. “Transparency is very important. The information technology team should have a clear understanding of where management is taking the business,” says Coles. “Loyalty is built on inclusion and feeling that your contribution is recognised.”
There is also the matter of resources. “A breach can cripple an organisation,” Coles continues. “For example, the container shipping company Maersk estimates their recent cyberattack will cost them US$300 million in lost revenue. Yet we often come across frustrated security teams who feel they’re taking a pocket knife to a gunfight. CEOs must think about the possible consequences of an uncontained breach and make sure their people have the budget they need to do their job effectively.”
Strengthening weak links
However efficient the security analysts may be, some vulnerabilities are beyond their control. “Insider threat is one of the biggest concerns for all organisations,” says Nigel Phair, Director of the Centre for Internet Safety at the University of Canberra. “We all respect our staff and assume they will do the right thing, but roughly one in five cyberattacks against an organisation arises from inside.”
Even more damage is caused unintentionally. The ‘2017 Verizon Data Breach Investigations Report’ found that 66 per cent of malware was installed via malicious email attachments, and that 81 per cent of hacking-related breaches leveraged weak or stolen passwords. And these risks extend to the very top of the tree.
“CEOs have a responsibility for the ongoing functioning of their organisation and also for their own brand,” says Phair. “This is often under cyberattack through spear phishing – malicious emails that appear to come from trustworthy sources – so business leaders need to be very wary of the data they post relating to both their corporate and their personal activities.”
Ongoing education is vital to ensure that everyone is on the lookout for, and can recognise, suspicious activity. But mistakes happen and Coles argues that these should never be treated as a punishable offence.
“Again, it comes down to nipping problems in the bud,” he says. “Whether it’s a sales assistant who clicked on a malicious email attachment or a cybersecurity analyst who missed a breach, they should feel confident they will be rewarded for owning up immediately so that the damage can be contained.”