Cyber Security Featured Article

IT Security Professionals Need Advanced Skills Training to Combat Threats

October 24, 2016
By Special Guest
Tom Gilheany, Product Manager, CISSP, Cisco Systems -

The digital era will lead to changes on a scale that will dwarf the disruption caused by the rise of the commercial Internet during the 1990s.

Businesses and governments are rushing to go digital. They want to find ways to make money and grow from the merging of mobility, big data, cloud, collaboration, and the Internet of Things (IoT).

Enterprises hope to ride the digital train to new markets. Governments prize digitization’s capabilities to transform communities. The same goes for criminal enterprises. Of all the challenges in this vast digital transformation, two are most pressing.

Cybercrime is the first. Human beings, information, and machines are now connected. It is easier for criminals to steal precious data. Such data includes trade secrets, network performance benchmarks and customer behavior patterns. And personal identities, items of national security and private medical records.

The second is the scarcity of advanced security skills. Not enough IT professionals are trained and certified to meet the need for digital security expertise. The Bureau of Labor Statistics predicts that demand for cybersecurity analysts will grow 18 percent by 2024 in the United States alone.

Digital security needs are different

In the digital age, security is a major challenge regardless of what role you hold in the organization. Every facet of IT must be viewed through a security lens.

New technologies are part of the digital era. Among these are software-defined networking (SDN), mobility, enhanced security, flexible access and virtualization. IT departments must also work with the cloud.

Each new technology affects other technologies and brings up new security concerns. For example, an organization must understand today’s security requirements to set up cloud and enhanced access.

Digitization focuses on intelligence and automation software. The old IT security practice of “set it and forget it” doesn’t work anymore. Threats are dynamic, evolving and arriving from anywhere and everywhere.

Online criminals use sophisticated technology and tactics. They do not give up their efforts to hack into networks and steal data. They have surpassed security professionals’ ability to protect the growing amount of data across a rising number of systems and users.

A recently published study was conducted by the Center for Strategic and International Studies (CSIS). The survey polled 775 IT decision makers at organizations in eight countries. An incredible 82 percent reported a shortage of cybersecurity skills.

This situation has a huge impact on any organization’s security capability. It shows up in the dearth of talent in critical roles, pushes costs up to retain talent, and makes it impossible for staff to keep up with changing threats.

Other factors add to the problem. First, the security landscape is more and more complex. A typical enterprise has between 30 and 40 different security vendors in its network. Each part of this patchwork must be updated independently. This raises the chances that an attacker can exploit the weak spots in this piecemeal defense.

Second, cyberattacks are evolving. They are now conducted by cybercrime organizations and government-sponsored agents. The IoT provides new and unforeseen ways to access systems and information by connecting more and different types of devices.

Today more than 10 billion connected devices run 77 billion applications. By 2020, there will be more than 50 billion connected devices and more than 500 billion a decade later. That’s a huge growth potential not only for organizations, but also for criminals. The IoT enables criminals to take control of devices for ransom in addition to stealing data outright.

Training for better IT security

This situation can improve. Organizations can defend themselves against digitization’s new security challenges. The answer is to invest in their people.

Organizations need IT security professionals who can identify malicious acts. They can see the connections between different activities. And they can classify events quickly by separating out false from true positives.

Digital security teams need operations specialists as well as the usual perimeter guards and security architects. Operations specialists watch over IT security systems, detect cyberattacks and gather and analyze evidence. They alos compare information and coordinate responses, and can tell if an intrusion or security-related event has happened or is taking place.

Operations specialists also analyze telemetry data from various feeds used to assemble logs into related chains of events. They sort out relevant chatter taking place during a security event.  Their unique skills improve security teams. They are another defense against new threats.

A new generation of IT security

As cybercriminals diversify their methods, federated security teams become more popular. That’s because attacks and threats now come from outside and inside the organization.

It takes skilled engineers to design thorough detection mechanisms. Analysts and investigators are needed to comb through all information sources to find the needle in the haystack.

As widespread digitization’s security changes become clear, so does the response. Organizations and governments must invest in resources and the right training. They need it to develop networking professionals with the advanced skills to avert the far larger costs of successful cyberattacks.

Looking Ahead

Yesterday’s knowledge and security techniques don’t measure up to the digital era. Network-connected devices generate a huge amount of data every 24 hours. They produce 277 times more data daily than do people. Each day, a new goldmine is ever more enticing to steal. This valuable data is often sensitive, proprietary or confidential.

Organizations must do everything possible to keep this data safe. In addition, IoT controls can be hijacked remotely if hacked, adding a new layer of risk.

While thieves reap big rewards for stealing data, businesses and other entities pay a rising price. The Ponemon Institute looked at 350 companies in 11 countries in 2015. It found that the average consolidated total cost of a data breach is $3.8 million, up 23 percent in just two years.

There are two reasons for this increase. Thieves are better able to steal – or ransom – much more valuable information assets. New, tougher regulatory penalties place additional burdens on IT systems.

Only professionals with advanced skills can keep data, networks and machines safe. They can also securely connect networks, devices and people. More than ever, properly trained and certified professionals are needed to keep IT infrastructure safe, and to deflect ever more nefarious cybersecurity threats.

About the Author

Tom Gilheany is Cisco’s Product Manager for Security Training and Certifications.  He has a diverse background in startups through multinational Fortune 100 companies. Combining over 20 years of product management and technical marketing positions, and over a dozen years in IT and Operations, he has conducted nearly 50 product launches in emerging technologies, cybersecurity, and telecommunications. Tom holds a CISSP, an MBA, and is an active board member of the Silicon Valley Product Management Association and Product Camp Silicon Valley.

Edited by Alicia Young

Article comments powered by Disqus
Free Subscription