The Rise of the Threat Hunter

Written by

We all know that cybersecurity attacks can be devastating. The very idea of a breach is enough to make security analysts break out in a cold sweat, and with good reason. Indeed, two-thirds of large UK businesses have been hit by an attack in the past twelve months, highlighting that this epidemic is as widespread as it is serious.

Equally troubling, however, is that over two-thirds of businesses are notified of these attacks by a third party. This means that businesses are not discovering breaches on their own, and instead must rely on others to tell them they have been compromised.

Needless to say, this approach means that more time will lapse during a breach, leaving the business vulnerable for longer, with the costs difficult to comprehend, let alone estimate.

Damage control

The key to tackling security breaches is to realize that prevention, or incident response, isn’t a sufficient security strategy. In 2017, the amount of cyber-attacks will likely go up because the volume of sensitive data being collected is increasing. The value of a breach means that not only are attacks becoming more regular, but also more sophisticated.

How then can businesses tackle this? Well, to turn to an often-used idiom: attack is the best form of defense. Being proactive, sniffing out threats, and improving detection and response times is vital in the ongoing fight against cyber-attacks. A mix of prevention and response is the ideal strategy.

To ensure this, businesses must turn to a specialist—someone who can think like a criminal, but use this insight for good, rather than nefarious means. This role is known as a “threat hunter” and is set to play a more prominent part in businesses’ strategies.

Catching criminals

A threat hunter does more than just sound cool (though they definitely do that)—they look for any exploitable chinks in the armor of a business. By actually thinking like a criminal and adopting an “attacker mentality,” threat hunters can identify signs of weakness and follow them to a logical conclusion.

Another way of describing a threat hunter is a dedicated internal penetration tester, as opposed to a third-party, or external penetration testers. This proactivity helps businesses stay one step ahead of the cybercriminal, with the threat hunter identifying any potential problems before a criminal can actually act upon them. The success of threat hunters means that, if you work in IT, you’ve probably already heard of them.

In fact, more and more businesses are looking to dedicate resources to ensuring a threat hunter is on their side. While the role of the threat hunter is yet to go truly mainstream, 2017 will likely see that change, as data breaches become even more rampant and businesses’ hands are forced, opting for a strategy that helps tackle a problem that could cost them millions.

In 2014, a security confidence survey by SolarWinds found that 84 percent of respondents reported that their organizations had experienced an attack, with 35 percent reporting that it took at least one month to discover. This illustrates the importance of a sound security strategy, and why the threat hunter is set to play an even greater role in 2017.

Finding your threat hunter

Now, how do you find your elusive threat hunter? First, you need someone with a wide range of experience—the more a person knows about the network, applications, servers, and security methodologies, the better. If said person doesn’t know each of the multiple components involved in an attack, then, they are not the threat hunter you are looking for.

This means that it can be a real challenge for organizations looking for a threat hunter, as finding the right person, with the vast skillset needed to do the job, isn’t easy. The threat hunter is also not usually a viable option for an SMB, whose limited budgets wouldn’t allow for this advanced capability.

That said, large organizations would certainly find the recruitment worth the time, as once you find the right person for the job, the benefits are plentiful.

If a business can identify attacks before they happen, instead of after the fact, they can prevent real damage and better prepare for future attacks. With a lack of monitoring as one of the main reasons that breaches happen, it’s vital that monitoring should be implemented as part of a company’s security strategy. Then, by bringing in a threat hunter to complement this strategy, your organization is better placed to weed out any potentially dangerous activity.

While it does come down to the business in question, it seems highly likely that the skills a threat hunter offers will be in high demand as security breaches continue to proliferate. 2017 may be the year of data breaches, but it’ll also be the year of the threat hunter.

What’s hot on Infosecurity Magazine?