By Brandon Dixon, VP of Product, RiskIQ
We now live in a digital age in which everyone, and everything, is connected and interwoven. With each passing year, the virtual society that’s evolved on the Internet becomes more entwined with the real one, changing the way we engage socially, find and procure our goods and services and acquire information and knowledge. Growth and innovation opportunities abound for organisations eager to secure their rightful place in this digital world by increasing visibility and accessibility to customers and driving down operational costs.
However, there is an underbelly to this digital society – those individuals and groups whose moral compass points in a different direction. As in the real world, they threaten businesses and consumers that interact on the internet, as well as the viability of the virtual society itself by taking advantage of the vastness and anonymity of the Internet to avoid getting caught. Unfortunately, the skills of those tasked with protecting this borderless online space are lagging behind those of the threat actors seeking to exploit it.
Unlike in the physical world, where owners of a brick and mortar store could address a sharp increase in threats to their business, theft for example, by ramping up spending on security – hiring a security guard, upgrading the surveillance system and training employees to be more vigilant – those in the online realm invest in security with far less confidence. According to a state of the industry survey conducted by RiskIQ last year, organisations are ramping up spending in the hopes of battling rapidly-escalating threats to their digital presence, ie all their websites, mail servers, social landing pages and mobile apps, but are coming up short in their ability to prevent hacks and data breaches.
The culprit for this shortfall is a troubling shortage of skilled staff that can help stem the tide of these threats. Overwhelmed by the scale and tenacity of threat campaigns run by experienced operators who leverage vast swaths of digital infrastructure like domains, IP addresses and compromised assets, security teams are struggling to put the right people, processes and systems in place, despite increasing spend on cybersecurity on average.
In fact, amidst the seemingly weekly occurrence of high-profile data breaches, recent research shows that the shortage of cybersecurity talent has become a global crisis. According to Cybersecurity Ventures, there will be 3.5 million open cybersecurity jobs by 2021. ESG’s annual global survey of the state of IT, once again identified cybersecurity as the most significant area with 51% of respondents claiming their organisation had a problematic shortage.
Without the right tools and training to use them, a lack of experienced staff to monitor and protect organisations from threat campaigns such as malvertising, phishing and state-sponsored attacks will only get worse as businesses continue to expand their digital presence in the pursuit of growing their business.
Tackling this shortage head-on is crucial. Getting young people interested in the field and its rewarding work (not to mention alluring compensation) through education initiatives is vital – as is government agencies, regulatory bodies and academia providing universal standards for businesses and opportunities for young people to acquire the skills needed to enter the field. However, this will take time – time we, as an industry, don’t have.
For now, the goal should be empowering the professionals who have already answered the call by arming them with technology that acts like a digital ‘mech suit’ that supercharges their output so that their organisations have the chance to thrive in digital channels despite this skills gap. Technology that combines advanced internet data reconnaissance and analytics acts as a force multiplier that enables fewer, less-skilled employees to expedite investigations, understand digital attack surfaces, assess risk and take action against threats with the skill and efficiency of a much larger and more experienced group.
Data
The Internet is full of digital assets that can be discovered and interrogated; SSL certificates, WHOIS data, mobile apps, social media accounts, domains, web and analytics trackers and all the other components that make up the web pages we see every day. The security industry has also been collecting data on Internet activity for many years, such as Passive DNS data that can show us how things were at a given point in time. When aggregated, these data sets can be used by security professionals and threat analysts to connect the dots between threat infrastructure and understand the attack vectors and patterns used by attackers.
Automation
When machines surface noteworthy events, analysts review and validate them, with both humans and machines applying experience and knowledge so that all subsequent events inform a broader set of analysts, speeds up the determination process and helps create a repeatable process the team can provide to a comprehensive set of data. It also cultivates in-house expertise through tribal knowledge – if a junior employee hasn’t seen a particular type of threat, how can they identify it?
Machine learning
We live in a data-driven society, in which humans really can’t go it alone. With some work, machine learning can be used to leverage your employees’ knowledge and abilities to fill a necessary gap in experience. As these analytics capabilities become more tuned and confident over time, it can automatically detect threats like phishing pages, imposters and scams. In instances where the platform is less confident in its correlation or decision, humans can step in to review and confirm or dismiss events and detections.