Page 41 - Realcomm13-Final-LR
P. 41
Talent Shortage: Nearly every security team lacks enough authentication (without a second factor) are numbered.
personnel to adequately defend their networks. Tools can only Talent shortage: organizations will work to combine efforts
fill so much of the gap; well-trained, well-equipped individuals to gain economies of scale and work to overcome the talent
are required to successfully defend the networks. A recent shortage. Many attackers use similar TTPs (Tactics, Techniques,
analysis of Bureau of Labor Statistics data showed that over and Procedures) and target similar organizations (similar indus-
209,000 cybersecurity positions are currently unfilled. Analysts try verticals). If you are facing the same adversary as others in
expect the demand for security professionals to increase by your industry, why not combine your efforts to improve your
53% through 2018. collective defense?
“A recent analysis of Bureau of Labor Statistics Organizations can work
Emerging Trends data showed that over 209,000 cybersecurity together to better
Now let’s turn and look at some positions are currently unfilled. Analysts expect the thwart these adversaries.
of the emerging trends, or We saw the financial
things I believe are going to gain demand for security professionals to increase by services sector do this
traction during the remainder of 53% through 2018.” many years ago with the
2017 and into 2018. stand-up of the Financial
HUNT operations are continuing to gain in popularity. Services Information Sharing and Analysis Center (FS-ISAC),
Organizations are realizing that they cannot sit back and wait focused on sharing threat information; and we saw the retail
for their automated, passive network security systems to alert sector follow suit in 2014, when they stood up the Retail Cyber
them to attacks or breaches. It is too late once those systems Intelligence Sharing Center (R-CISC) that includes an ISAC, as well
detect the problem—the attacker has probably already accom- as training and other cybersecurity resources for its members. We
plished their objective. Organizations will begin to engage more are going to see more industries stand up their own cybersecu-
proactively, seeking the attackers in their network to thwart them rity collaborative organizations. Even more so, I believe you may
before they accomplish their goals. This process is evolutionary see some combine their security operations centers (SOC) into a
and takes some time to mature, but a recent survey shows that collaborative SOC that defends multiple organizations simultane-
those organizations that have implemented HUNT approaches ously, especially in light of the talent shortage.
have seen their time to detection improve by 61%. The theme you see in these trends is one of innovation and
Newer defensive tools will continue to move away from the collaboration. The attackers have had the advantage for years—
signature-based approach to more model-driven and behav- they are innovative and keep coming up with new ways to
ior-driven approaches to identify attacks. Frequently, there are breach our networks, whether through technical means or social
activities or behaviors that are ‘abnormal’ that by themselves do engineering. For years, we in the IT or cybersecurity community
not raise the red flag, but provided the right context and analysis, have deployed ‘next-generation’ devices that are really next-gen-
should raise the alarms. This applies to user activity as well as ma- eration in name-only—just another passive solution designed
chine/software activity. To do this at scale will leverage machine to be ‘faster’. Given enough time, the attacker figures out how
learning techniques, as that technology continues to evolve and to circumvent these passive, purely-automated approaches.
improve. Organizational security teams are beginning to realize they have
Two-factor authentication, and alternative forms of authentica- to be proactive, they have to stop blaming the users; they need
tion (for example, behavior-based) will replace password-based to be innovative like the attackers. This requires a fundamental
authentication. Two-factor authentication will become the norm, change in the approach to cybersecurity—the realization that
first for the more standard IT systems, but eventually making its the attacker will get in; a breach will happen. By first accepting
way into IoT and BMS devices. The principal should also apply that fact, you can now innovate new methods to detect and
to physical security within commercial building management catch the adversaries. You have to actually HUNT, you have to
solutions: is the equipment room protected with ‘swipe access’? collaborate with your counterparts in other organizations to
If so, is it swipe-only, or swipe+PIN? In the swipe-only case, yes, leverage new machine learning capabilities, new analysis tech-
it’s more convenient for the user, but you’ve increased your risk niques, and other innovative technologies to identify anomalies
to a lost or stolen access card. Note that the slowest to adopt and prevent the attackers’ objectives. Now you’re being proactive.
multi-factor authentication will be consumer grade devices,
which are driven to lowest price and are designed to ‘just work Eric Stride, a fourteen-year veteran leader in information
out-of-the-box’ but rarely were designed with much (if any) secu- security, including twelve years in the U.S. Air Force and five
rity in mind. This movement will also be driven by customer-de- years at the NSA, serves as Senior Vice President in charge of
mand. If you are managing several commercial buildings, and research and development at root9B. Mr. Stride possesses
you are evaluating commercial IoT solutions to put into place, significant technical and command experience throughout the
then assessing the security of those solutions is necessary; and if cyber security domain. He holds a B.S. in Computer Science
inadequate, go back to the manufacturer and demand that they from the University of Washington and a M.S. in IT Management from Colorado
do better. The days of only supporting username and password Technical University, in addition to multiple certifications.
Realcomm 39
