July 10, 2019 By Kacy Zurkus 3 min read

The pressure keeps mounting for individuals with cyber skill sets as well as organizations that can’t afford or attract them as employees. At the same time, cybercriminals are consolidating the cyber kill chain by launching attacks more quickly through predefined, weaponized packages, which puts pressure on IT and security teams to find answers in a shorter amount of time but with the same bench of staff.

According to Alert Logic’s “2018 Critical Watch Report,” attackers have expedited the first five stages of the cyber kill chain, creating a “compressed model [that] renders the standard methods of detecting and interrupting an attack ineffective. Instead, the attack response must shift from detect and deny to disrupt, degrade, deceive, or contain.”

Nearly a year later, these predefined, weaponized attacks have only increased and are becoming more popular while security teams face the same hardships resulting from the cybersecurity skills gap. As a result, they are often left burnt out or motivated to look for work elsewhere.

While the cybersecurity skills gap is a years-old challenge, organizations are facing a new conundrum: The cyber kill chain is getting shorter. How can the industry address these dual problems?

Keeping Pace With Cybercriminals

Given the increased commoditization of attack vectors, threat actors are able to do a better job with initial entry and cleaning up after themselves.

“This creates an environment where, if you are going to introduce yourself into that system, you have to be watching things differently,” said Jack Danahy, Alert Logic’s senior vice president of security.

And, despite the decrease in dwell time the industry has witnessed over the past year, Danahy said that’s not really a fair indication of effectively stopping attacks.

“We saw a rise in ransomware, and, by its nature, ransomware doesn’t have a lot of dwell time, so in the aggregate, it created a situation where it seemed as though these attacks were being detected much more quickly,” Danahy said.

As ransomware use has declined, attackers have returned to more traditional data exfiltration attacks, which have gotten a lot more stealthy. The initial attack vector itself is fast, whether it’s through the use of phishing or another social engineering tactic. Once a machine is exploited, attackers can either lay low and slow or exfiltrate data quickly.

“We’ve seen that there is a really rapid path of minutes or hours to initial data exfiltration, but if what I’m looking for is transactional information, I may want to stay for a long time,” Danahy said.

Unfortunately, many security teams, particularly in smaller organizations, aren’t going to have the level of security needed to respond as rapidly as criminals are able to attack.

Train From the Inside Out

A big part of the challenge for many organizations is a lack of skilled security staff. If organizations can’t find the talent outside, they should consider those within the ranks of the broader IT staff who might be candidates for training. Upskilling internally can help take the burden off of already-overworked cybersecurity specialists.

Keeping up with the level of technology adoption is equally problematic given the widening skills gap, particularly as organizations create more multicloud environments that require multiple security teams to fully protect. By identifying what you are able to do well with the staff available, you can start to change the way you think about partitioning security tasks.

Working with trusted partners can provide organizations with a combination of skills that truly enhances overall security posture. As the Alert Logic report put it, “Your chance of winning against attackers increases without adding staff overhead. That’s the power of having an adaptive battle team that focuses on security 24x7x365.”

Despite advancements in technology, however, employees will always play a critical role in stopping attacks at different stages of the cyber kill chain, especially during the delivery phase. Lance Spitzner, director of SANS Security Awareness, recently wrote in a blog post, “To date, the vast majority of organizations and security professionals have taken a technology approach to leveraging kill chain models, ignoring the human side … it is people and not technology that are the first line of defense in detecting and stopping many of these attacks.” Organizations can benefit greatly from the watchful and informed eyes of attentive insiders who know how to identify and report potential threats.

Training employees on social engineering tactics and the ways they can be deceived by people they engage with via email, over the phone, via text or even in person will help them recognize when they are being targeted by malicious actors, giving humans a leg up on technology when it comes to certain types of attacks.

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today