There is a common theme among public and private organizations from across the globe: there just aren’t enough cybersecurity professionals with the skills to defend organizations against the advanced attackers intent on executing their mission. The U.S. Cyber Command is in the process of filling 5,000 vacant security jobs, while the rest of the federal government will soon need to fill 10,000 cybersecurity positions. At the state level, a 2015 study by the National Association of State Chief Information Officers (NASCIO) paints a frightening picture for the public sector, but a rosy one for the bad guys:
- 86% of states are having difficulty recruiting new employees to fill vacant IT positions
- A shortage of qualified candidates for state IT positions is hindering 66% of states from achieving strategic IT initiatives
- Security is a skill that represents the greatest challenge in attracting and retaining IT employees
This is a huge challenge for both the public and private sectors globally to overcome, and cyber adversaries and criminals are taking full advantage. An organization can buy the best security tools and build the world’s grandest Security Operations Center (SOC), but without an adequate workforce with the proper skills to design, deploy, integrate, and operate, they will have a tough time making the most of their investments. In light of the recent OPM news around theft of government employee personally identifiable information (PII), this also could have a negative impact on the recruitment of new skilled cyber defenders into the government.
Many large organizations have invested in their security infrastructure and staffing, but retaining their workforce has proven difficult. For many government organizations, this challenge can also be a risk to Continuity Of Operations (COOP) with respect to the cyber security workforce. With such a global shortage of skilled cybersecurity professionals, retention is a tremendous challenge. And once an organization experiences attrition within its security team, it becomes more than a Human Resources problem. Losing a skilled member of the cybersecurity workforce introduces the organization to greater risk, including: lost knowledge of what systems/data are most important; a deep understanding of the internal processes, degradation of cyber analysis skills; incident response abilities and speed; 24/7 monitoring; and others. Several other impacts rarely accounted for are depicted in Figure 1.
Adopting an adaptive defense model and partnering with a threat management organization, like FireEye as a Service, is one way to mitigate this non-traditional risk during times of workforce attrition or turnover.
FireEye as a Service
FireEye as a Service combines the technology, expertise, and intelligence to find attackers at any stage of the attack. Within one hour of confirmed compromise, it provides the incident-level context, tools and support to quickly respond and contain an attack.
- Top security experts: Our threat assessment experts monitor enterprise systems around the clock, examining the enterprise and hunting for signs of compromise. When a potential compromise is detected, the team investigates to confirm. We deliver a detailed, actionable report within one hour of confirmation, and serve as advisors until the incident is resolved.
- Investigative tactics and technologies: The team employs an arsenal of proprietary technologies and methodologies to investigate system artifacts, perform full-packet capture, conduct netflow analysis, reverse-engineer malware, and inspect emails to detect Indicators of Compromise (IOC).
- Context and risk assessment: FireEye as a Service has exceptional insight into threat actor tactics, modus operandi, and geo-political context. Our knowledge is gleaned from front-line incident response work since 2004, extensive intelligence research, and 100,000+ hours of incident response activity every year. The team draws upon this deep pool of intelligence to detect threats, characterize risk level, and provide incident-specific context and recommendations.
- Rapid response and containment: FireEye provides validated compromise reports through a secure web portal, along with technical advice, contextual intelligence, and the ability to automatically contain compromised devices with the HX endpoint technology. We also provide FireEye Intelligence, and when a more comprehensive investigation is necessary, the team can pivot to remote live response or send a team of incident response professionals on-site.
Acquiring cutting edge security tools is only part of the solution; maximizing this investment operationally with workforce is the key to successfully defending your information and networks. Most governments struggle with quickly adopting and implementing cutting-edge cyber defense capabilities. That typically leaves them outgunned when it comes to meeting cyber threats, and with breaches becoming more prevalent and more likely, governments can’t afford to hope the problem of attrition will just go away or hope the adversaries allow them enough time to fully train and qualify their cyber security workforce. A reliable course of action to close the gaps is a must.