July 10, 2019 By Kacy Zurkus 3 min read

The pressure keeps mounting for individuals with cyber skill sets as well as organizations that can’t afford or attract them as employees. At the same time, cybercriminals are consolidating the cyber kill chain by launching attacks more quickly through predefined, weaponized packages, which puts pressure on IT and security teams to find answers in a shorter amount of time but with the same bench of staff.

According to Alert Logic’s “2018 Critical Watch Report,” attackers have expedited the first five stages of the cyber kill chain, creating a “compressed model [that] renders the standard methods of detecting and interrupting an attack ineffective. Instead, the attack response must shift from detect and deny to disrupt, degrade, deceive, or contain.”

Nearly a year later, these predefined, weaponized attacks have only increased and are becoming more popular while security teams face the same hardships resulting from the cybersecurity skills gap. As a result, they are often left burnt out or motivated to look for work elsewhere.

While the cybersecurity skills gap is a years-old challenge, organizations are facing a new conundrum: The cyber kill chain is getting shorter. How can the industry address these dual problems?

Keeping Pace With Cybercriminals

Given the increased commoditization of attack vectors, threat actors are able to do a better job with initial entry and cleaning up after themselves.

“This creates an environment where, if you are going to introduce yourself into that system, you have to be watching things differently,” said Jack Danahy, Alert Logic’s senior vice president of security.

And, despite the decrease in dwell time the industry has witnessed over the past year, Danahy said that’s not really a fair indication of effectively stopping attacks.

“We saw a rise in ransomware, and, by its nature, ransomware doesn’t have a lot of dwell time, so in the aggregate, it created a situation where it seemed as though these attacks were being detected much more quickly,” Danahy said.

As ransomware use has declined, attackers have returned to more traditional data exfiltration attacks, which have gotten a lot more stealthy. The initial attack vector itself is fast, whether it’s through the use of phishing or another social engineering tactic. Once a machine is exploited, attackers can either lay low and slow or exfiltrate data quickly.

“We’ve seen that there is a really rapid path of minutes or hours to initial data exfiltration, but if what I’m looking for is transactional information, I may want to stay for a long time,” Danahy said.

Unfortunately, many security teams, particularly in smaller organizations, aren’t going to have the level of security needed to respond as rapidly as criminals are able to attack.

Train From the Inside Out

A big part of the challenge for many organizations is a lack of skilled security staff. If organizations can’t find the talent outside, they should consider those within the ranks of the broader IT staff who might be candidates for training. Upskilling internally can help take the burden off of already-overworked cybersecurity specialists.

Keeping up with the level of technology adoption is equally problematic given the widening skills gap, particularly as organizations create more multicloud environments that require multiple security teams to fully protect. By identifying what you are able to do well with the staff available, you can start to change the way you think about partitioning security tasks.

Working with trusted partners can provide organizations with a combination of skills that truly enhances overall security posture. As the Alert Logic report put it, “Your chance of winning against attackers increases without adding staff overhead. That’s the power of having an adaptive battle team that focuses on security 24x7x365.”

Despite advancements in technology, however, employees will always play a critical role in stopping attacks at different stages of the cyber kill chain, especially during the delivery phase. Lance Spitzner, director of SANS Security Awareness, recently wrote in a blog post, “To date, the vast majority of organizations and security professionals have taken a technology approach to leveraging kill chain models, ignoring the human side … it is people and not technology that are the first line of defense in detecting and stopping many of these attacks.” Organizations can benefit greatly from the watchful and informed eyes of attentive insiders who know how to identify and report potential threats.

Training employees on social engineering tactics and the ways they can be deceived by people they engage with via email, over the phone, via text or even in person will help them recognize when they are being targeted by malicious actors, giving humans a leg up on technology when it comes to certain types of attacks.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today