The Invisible Risk Called the Cybersecurity Skills Shortage

Of late, industries are abuzz with the problem they are facing in terms of skill shortage. It seems possible that technologists, engineering students and colleges have still not been able to keep up with the digital transformation journey. Like every other industry, the cybersecurity industry is facing this issue as well.

In the cybersecurity world, it is of utmost importance to think two steps ahead and anticipate moves of hackers to prevent cyberattacks. In an exclusive interview with DataQuest, Shrikant Shitole - Senior Director and Country Head for India at FireEye, talks about Cybersecurity Skills Shortage, latest threats and also tips on how organizations can keep themselves secure.

1. How grave is the problem that is ‘Cybersecurity Skills Shortage’? What are the steps needed to be taken to tackle this issue?

In the ongoing battle to secure organizations from malicious actors that commit crimes through methods such as theft, destruction or data manipulation, frontline defenders are a scarce resource. As the demand for skilled personnel capable of meeting the challenges posed by these threat actors continues to rise, the supply simply cannot keep pace. This talent shortage is India’s biggest cyber security challenge after boards’ complacency.

A growing deficit in information security personnel is expected to dramatically exacerbate the current considerable skills gap over the next five years across the globe. This assertion is supported by industry research data from the National Initiative for Cybersecurity Education (NICE) and insights gained from Mandiant engagements throughout 2017.

Indian organizations can still stay ahead of their attackers by proactively and directly addressing the issue. Artificial Intelligence will eventually help close the talent gap, but that is still years away. Today’s AI technology is heavy on the marketing hype. Until AI is dramatically greater than it is today, we must find other solutions. This can include investing in enhancing their existing capabilities and outsourcing specialized roles.

Enhancement efforts can include process refinement to ensure that internal procedures are as efficient as possible:

• Training for existing personnel to increase their skills and acquire new ones.
• Proactive testing of critical incident response processes through tabletop exercises.
• Automation of overhead processes such as ticket creation that would typically require time and effort that could be spent on investigations and identifying new measures to implement that address any gaps in the organization’s current capabilities.

2. Why are malware attacks like the one we saw in the Cosmos Bank taking place despite so many advancements in the field of cybersecurity landscape?

Indian banks face relentless attacks by cybercriminals and nation-states because they hold valuable assets and information. These attacks are becoming more targeted and sophisticated every year. The cybercriminals continually innovate, whether they are finding new ways to compromise international payments systems, ATMs, or banking customers.

Early this month, FireEye reported a new North Korean state-sponsored financially motivated threat group – APT38 that leveraged individuals to launder money after SWIFT attacks.

Attackers are picking off banks in India and some emerging markets because their security controls are sometimes less mature than banks elsewhere. Over the long run, a bank’s ability to manage these threats effectively can become a competitive advantage. Banks which do not manage these threats effectively are much more likely to face Brand reputation issues, losses.

3. What can banks do to avoid such circumstances in the future?

Many financial organizations aren’t prepared to detect and respond to well-planned cyber-attacks. A large portion of Indian firms still think their firewalls and antivirus will protect them, but today they’re only a minor inconvenience for attackers. We encourage banks to ensure they don’t just cover the basics but that they thoroughly understand the threats they face and can stop those threat actors. This requires actionable threat intelligence.

It is also critical for banks to understand gaps in their security posture, and our Mandiant consultants regularly work in this area. We offer an approach that combines innovative security technologies, world-renowned expertise, and deep threat intelligence capabilities.

FireEye’s technology enables enterprises of all sizes to detect and defend against exploits and advanced targeted attacks that bypass their traditional security measures; as well as combat the shortage of security experts.

4. What must Indian enterprises do to stay one step ahead of the attackers?

While more and more Indian enterprises are recognizing the threat that cyber-attacks can pose to their brand and bottom-line, a lot of these are not sure about the extent they need to be covered and still others are being held back by complacent boards.

Here are a few recommendations for Indian enterprises to detect and defend against cyber-attacks –

1. Ensure someone is accountable for cyber security to your board.
2. Ensure cyber security is sufficiently resourced.
3. Understand compliance is only a minimal baseline that will not guarantee security and does not cover risk.
4. Implement the right technologies. Firewalls, antivirus and other legacy technologies haven’t cut it for years. Can your organization quickly detect advanced targeted attacks which have never been seen before? How quickly can you remediate them? Do you know which groups are likely to attack your firm and why? Do you know which tools, techniques and procedures they are likely to use?
5. Test your security with Red Team operations.
6. Turn to outside experts for threat hunting exercises. Your firm only sees a small slice of the total volume of threats. Third-parties can draw on expertise gleaned from countless clients and their view into the threat landscape has a broader aperture.
7. Start preparing for your cyber risk journey, from detection to response to threat hunting!