Working in security can be difficult, but it’s important
- 19 November, 2018 12:08
It’s time to be honest with ourselves – security can be a difficult industry to be in. In-house and third party cybersecurity experts have a ton of responsibilities and work in a hard-to-understand field with lots of real world consequences. Outsiders, even within our organisations, don’t necessarily understand what we do. When everything is running smoothly, everyone forgets about us in the background, but as soon as something goes wrong, we’re the ones the blame falls on. It’s fair to say, in a lot of ways, security sucks, but it is great in many other ways.
We need to have each other’s backs
State-sponsored attacks, ransomware, fake news, and targeted misinformation are all tools of war in the age of information and all organisations, no matter what field they are in, hold data that facilitates it.
Many attacks aren’t even reported by the press or known by outsiders. The average time it takes to identify a data breach is 191 days, and to contain it is 66 days, according to the Ponemon Institute and IBM Security’s 2017 Cost of Data Breach Study.
In Australia, thethat it was notified of 245 data breaches between July and September under the Notifiable Data Breaches scheme. 57% of those were attributed to malicious or criminal attacks. If all of those breaches took 66 days to contain, that’s a lot of sensitive information that’s fallen into the wrong hands.
The security industry can be the proverbial pack of sheep surrounded by wolves and coyotes. To give you an understanding of the magnitude of wolves that are after us, Australia’s peak science body, CSIRO, recently revealed it had thwarted ain just 30 days.
This is exactly why security professionals all stick together, even if they are from rival firms. You’ll often find that a security officer at a rival company will let others know when they encountered a weird virus and offer to send samples or compare case studies, as it’s an us against the wolves mentality. The balance of power in the equation is so off when we’re protecting data; everything we can do to help each other helps the common good. If we don’t stick together, things can go wrong quickly and the consequences can be huge.
Managing workplace processes
For security teams, a big part of the challenge is simply being overwhelmed and fielding all methods of how data could be breached, from human error to malicious attacks. Workflow management is the worst part of cybersecurity. We’re always struggling to allocate resources between detection capabilities and operational capabilities to find the right blend of defensive and offensive posturing.
There isn’t enough time to log and respond to every single incident. Signals get lost in the noise or are misdirected. A DDoS attack can overwhelm detection tools and defensive resources and while we are responding to this, malware, phishing, or rootkit find their way in. You’re looking for a needle in the haystack, and there’s no guarantee you will find it before the damage occurs.
According to the recent OAIC report, user credentials being compromised through phishing attacks was a key source of data breaches, and 37% of breaches were due to human error. Fielding against both requires automation of time-consuming uncomplicated tasks to free us to focus on better implementing preventative measures in these areas.
Getting one step ahead
At the end of the day, we’re only human and there will be incidents where employees accidentally open a phishing email as they become more sophisticated and passwords will continue to be compromised. It’s our job to ensure they are educated and prevented from doing so or to make technology changes. Assuming it will keep happening, we need to ensure our organisations are more secure.
Criminals and hackers aren’t unstoppable. If their target has robust defences, or is more hassle to infiltrate than it’s worth, then odds are that they’ll move on to another target. Little things like obsessively tracking software patches, detecting irregular login patterns, and making it easy to report phishing attacks go a long way.
The workplace is ever-changing and multi-cloud environments mean it’s easy to pass the blame for attacks. Employees continue to use their own devices and find their own solutions to IT problems, meaning security and IT need to ensure they are in constant communication as new areas for attack come to fruition every day.
Ensure you keep the lines of communication going with fellow security professionals, continue identifying signals and anomalies that matter in the endless data noise, and advocate for security experts everywhere. Getting in front of the challenge makes all the difference, and security doesn’t have to suck.