The Cyber Skills Shortage and the Need for Forensic Automation

Last year was a banner year for cybercrime. According to the Online Trust Alliance (OTA), the number of cybersecurity incidents nearly doubled from the previous year, with about 160,000 breaches reported. Given how many breaches go unreported, the actual number could be much higher. Malware continues to plague organizations globally. Fileless malware, living off the land attacks, enhanced evasion techniques, malware custom designed to infiltrate banks and POS systems – all these and more have become virtually regular fare in the world of cyber security.

The Wannamine campaign that began in early February is courtesy of the Shadow Brokers. The gift that keeps on giving, has gifted us with nation state attack tools repurposed to steal data, intelligence and money – in this case modified to mine cryptocurrency.

These events play out against a cyber risk landscape unrecognized outside of the security industry. A landscape bereft of sufficient professionals trained to handle such events.

In short, there is a growing shortage of skilled specialists in the cyber security domain.

A study done by Intel Corp. found that there is a shortage of cybersecurity industry professionals in France, Germany, Australia, the U.K., the USA, Japan and Israel. Other research identifies the same problem in Japan, Mexico and India.

A 2016 skills gap analysis from ISACA estimated a global shortage of 2 million skilled cybersecurity professionals by 2019, with the number of unfilled cyber security jobs predicted to reach 3.5 million by 2021.

ISACA reports that more than 1 in 4 companies that the time to fill priority cybersecurity and information security positions can be six months or longer.

EMEA and Beyond

Regionally things can be understood in more concrete and specific terms. Currently in Europe almost one-third of cybersecurity job openings remain unfilled. India alone will require 1 million cyber security experts by 2020 to meet the demands of it’s rapid growth.

Australia in particular is feeling the pressure, and is possibly the hardest hit by the skills shortage. CIO magazine reports that 88 percent of Aussie IT decision makers believe there is a shortage of cybersecurity skills both in their organization and within the nation.

This trend looks set to continue through the near to medium term, as it is experience over education that makes for the best cyber security professionals.

What is business meant to do in the meantime? As attacks continue to both evolve and to increase, the security of assets cannot be left unattended. Enter automation.

Automation is the one possible avenue for under-resourced enterprises to begin to address cyber security in a meaningful way. Wherever security operational tasks can be automated, it reduces the need for specialized resources, decreases the overall burden on staff and helps organizations make the best use of existing resources.

Automating the hunt for malware and persistent threats

Infocyte uses Forensic State Analysis (FSA) to hunt for malware and persistent threats (APTs) that are residing undetected on endpoints. The platform’s forensics-based automated approach to  is based on the presumption that endpoints are compromised and seeks to validate their forensic state. The automation inherent in FSA enables users to effectively deploy rapidly, dynamically and at scale.

Infocyte HUNT:

  1. Combines forensic automation and memory analysis techniques tailored to detect malware that is running or scheduled to run.
  2. Using a forensic approach, obtains a snapshot of the current state of the endpoint, independent of the host OS.
  3.  Produces easy to understand intelligence and reports that  conclusively validate endpoints as compromised or not compromised, greatly reducing the skillset required to hunt while retaining extreme value for senior level incident responders.

Hunting malware and persistent threats with Infocyte HUNT provides a snapshot of the current state of endpoints, with scans using dissolvable agents to examine both volatile and non-volatile memory and obtain actionable intelligence in minutes.

Infocyte HUNT has a low learning curve, thanks to the ease of its use. The tool has ben designed for IT administrators, network administrators, and security professionals to use with virtually no training, while retaining value for senior level analysts.

What this means is that under-resourced IT departments can quickly, efficiently, and effectively hunt for malware. Scans can be run as often as desired, shrinking dwell time and delivering both control and peace of mind.  This is a critical and key function, given the industry reality that an increasing proportion of enterprises will fall into this category.

For enterprises lucky enough to have and keep highly skilled resources, these resources can be freed up to focus on incident response, remediation, and the constant and ongoing efforts to improve defenses.

Simply put, using Infocyte HUNT takes the pressure off of overtaxed IT departments, especially those that can’t source expert candidates.  Even for the vanishing breed of enterprise with fully robust cybersecurity teams, Infocyte HUNT speeds and simplifies incident response. Whether junior IT administrators or skilled experts, users of HUNT have a tool that allows them to control dwell time by rapidly and comprehensively scanning endpoints and finding malware, so that the remediation can begin.

Cybersecurity is Everybody’s Business Now

Last year saw cybersecurity reach boardroom agendas. The fallout of attacks on companies from Target and Sony Pictures to Equifax has thrust more corporate bosses to the front line of cybersecurity issues. It’s become a C level priority now, not relegated to IT and considered a specialized function.  In addition, this year will witness GDPR and other initiatives be instituted, meaning new regulations and penalties for breaches in industries ranging from retail to critical infrastructure, only upping the ante and adding further pressure on enterprises to find solutions.

However, it does fall to IT departments to find and implement solutions, whether they face a dearth of cybersecurity skills or not. Every IT worker, every technology worker, needs to participate in the security effort – protecting and defending apps, data, devices, infrastructure and people. The only viable way to accomplish this is with the automation of security, to whatever degree possible.

The forensic automation of Infocyte HUNT can be leveraged to validate endpoints exponentially  faster than manual methods using traditional security monitoring and incident response solutions that require experts to use effectively. This is a tool that belongs in everyone’s hands.

Learn more about Forensic State Analysis and how Infocyte automates the hunt, turning users into malware hunters.