July 10, 2019 By Kacy Zurkus 3 min read

The pressure keeps mounting for individuals with cyber skill sets as well as organizations that can’t afford or attract them as employees. At the same time, cybercriminals are consolidating the cyber kill chain by launching attacks more quickly through predefined, weaponized packages, which puts pressure on IT and security teams to find answers in a shorter amount of time but with the same bench of staff.

According to Alert Logic’s “2018 Critical Watch Report,” attackers have expedited the first five stages of the cyber kill chain, creating a “compressed model [that] renders the standard methods of detecting and interrupting an attack ineffective. Instead, the attack response must shift from detect and deny to disrupt, degrade, deceive, or contain.”

Nearly a year later, these predefined, weaponized attacks have only increased and are becoming more popular while security teams face the same hardships resulting from the cybersecurity skills gap. As a result, they are often left burnt out or motivated to look for work elsewhere.

While the cybersecurity skills gap is a years-old challenge, organizations are facing a new conundrum: The cyber kill chain is getting shorter. How can the industry address these dual problems?

Keeping Pace With Cybercriminals

Given the increased commoditization of attack vectors, threat actors are able to do a better job with initial entry and cleaning up after themselves.

“This creates an environment where, if you are going to introduce yourself into that system, you have to be watching things differently,” said Jack Danahy, Alert Logic’s senior vice president of security.

And, despite the decrease in dwell time the industry has witnessed over the past year, Danahy said that’s not really a fair indication of effectively stopping attacks.

“We saw a rise in ransomware, and, by its nature, ransomware doesn’t have a lot of dwell time, so in the aggregate, it created a situation where it seemed as though these attacks were being detected much more quickly,” Danahy said.

As ransomware use has declined, attackers have returned to more traditional data exfiltration attacks, which have gotten a lot more stealthy. The initial attack vector itself is fast, whether it’s through the use of phishing or another social engineering tactic. Once a machine is exploited, attackers can either lay low and slow or exfiltrate data quickly.

“We’ve seen that there is a really rapid path of minutes or hours to initial data exfiltration, but if what I’m looking for is transactional information, I may want to stay for a long time,” Danahy said.

Unfortunately, many security teams, particularly in smaller organizations, aren’t going to have the level of security needed to respond as rapidly as criminals are able to attack.

Train From the Inside Out

A big part of the challenge for many organizations is a lack of skilled security staff. If organizations can’t find the talent outside, they should consider those within the ranks of the broader IT staff who might be candidates for training. Upskilling internally can help take the burden off of already-overworked cybersecurity specialists.

Keeping up with the level of technology adoption is equally problematic given the widening skills gap, particularly as organizations create more multicloud environments that require multiple security teams to fully protect. By identifying what you are able to do well with the staff available, you can start to change the way you think about partitioning security tasks.

Working with trusted partners can provide organizations with a combination of skills that truly enhances overall security posture. As the Alert Logic report put it, “Your chance of winning against attackers increases without adding staff overhead. That’s the power of having an adaptive battle team that focuses on security 24x7x365.”

Despite advancements in technology, however, employees will always play a critical role in stopping attacks at different stages of the cyber kill chain, especially during the delivery phase. Lance Spitzner, director of SANS Security Awareness, recently wrote in a blog post, “To date, the vast majority of organizations and security professionals have taken a technology approach to leveraging kill chain models, ignoring the human side … it is people and not technology that are the first line of defense in detecting and stopping many of these attacks.” Organizations can benefit greatly from the watchful and informed eyes of attentive insiders who know how to identify and report potential threats.

Training employees on social engineering tactics and the ways they can be deceived by people they engage with via email, over the phone, via text or even in person will help them recognize when they are being targeted by malicious actors, giving humans a leg up on technology when it comes to certain types of attacks.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today