Managing the threat of thieves stealing a company’s confidential data is a vastly different battle to the one being waged even five years ago. Today, attacks are multifaceted, more automated, more sophisticated, and require everyone to be aware of who the criminals are. Although the threat management tools and techniques available to chief information security officers (CISOs) have also improved, this still leaves much to do.
CISOs in CEB’s networks are focused on three shifts in particular at the moment.
Attacks are multifaceted and coordinated: Attacks are no longer limited to just the cyber world. A single hacktivist group can easily launch a website defacement, a physical protest, and a negative social media campaign simultaneously.
Information security teams, however, collect intelligence on their adversaries in a series of “silos,” typically focusing solely on technical threat intelligence. To address the multifaceted threats of today, information security teams should work with other functions to combine intelligence and gain a more holistic view of attackers.
Attacks are often automated and occur faster than the speed of human response: Automated attacks are on the rise and more sophisticated than ever before. Traditionally, threat detection technology creates alerts at the time of the attack, which initiates a manual response process.
However, by the time information security teams respond, attackers have most likely already caused a lot of damage. Progressive CISOs are using leading indicators to create alerts before the attack happens and automating the more common incident responses for low tier incidents.
Advancements in threat management tools are enabling automation of low-value activities: Even in today’s tech laden world, many security operations center analysts are still faced with the mundane task of “eye-on-glass” routine monitoring (i.e., stuck watching a screen).
As advancements in threat management tools enable more automation, analysts’ roles will need to shift from low value and repeatable activities, such as tier 1 monitoring, to more complex ones like designing algorithms for machine learning tools.