At the start of this year, Infosecurity conducted its second State of Cybersecurity Report. This determined 31 distinct trends in cybersecurity that respondents believed were driving the industry. Among the top findings, we found that problems with technology, configuration and detection were a major issues for practitioners.
Following on from the publication of this report, Infosecurity launched a second piece of research, engaging with students, people on work placements and those starting out their careers in cybersecurity to find out how these trends affected them. Over the next couple of months, Infosecurity will bring you the results of this research and for this article, considering the problems with detection, we asked those surveyed if they would be ready to deal with malware threats from the work they have done.
All responses were given anonymously. For this question we collected 52 responses and 33 responded with a “positive” remark. For those responding positively, there were a number of responses that determined that this would be possible “with the right team” while the detection of malware was also identified as something that could be done.
There was a general belief that “these attacks are not going away” and “there will always be more to be done in these spaces,” while one respondent said that they would be able to respond after an attack “but covering all the bases to prevent an attack is open-ended and probably an impossible task.” This does fit with a general theme of focusing less on advanced attacks, and more on the more consistent threats, as they can be more damaging.
There was also a theme of people being able to detect and deal with an attack, but requiring the right training. One respondent said that they “would be ready to deal with these threats but only because I have studied these topics and malware in my own time” as “what I have been taught would not have prepared me.” Another said that to do this work would require the right certifications to be prepared, as “unless you can have someone inform you about a thief you’re not going to understand what exactly to look for.” The debate on certifications has gone on for some time, whilst training can be done in your own time if you're prepared to put the effort in.
One person was mixed, saying that while they do not feel ready to deal with this yet, as they progress they “hope to find [their] feet within this industry.”
Another person claimed to be “partially ready” as they were aware of the threats, and the precautions to take while dealing with those kinds of threats. “I try to reverse engineer some of the Trojans I find to improve my knowledge on the architecture of the malware - but I have never worked on any ransomware, I have to gain some more skill on that.”
Knowing what to look for was also a theme, as one respondent said that detection has “become more routine day to day background operation,” but it is a mistake to “always be chasing the newest and existing threat vectors.” Another person agreed, saying that “there is always the unknown unknown's that you cannot prepare for.” Security labs report thousands of samples being collected every day, is it time that these were more widely shared for investigation?
What about those who were negative? Well the consensus was that it came down to lack of experience. There was one cited a lack of practical work experience, while several of the 19 “negatives” cited a lack of exposure and training to these areas.
One person believed that they could explain the threat, and the effects to the relevant stakeholders, and would feel confident detailing how many computers are affected. “For removal, I'm nowhere near skilled enough to write a removal program and would ask a security provider for support,” they said.
In terms of experience, one respondent did say that “lab work is the best way for students or anyone to truly learn how malware infects a system and how it operates after that,” while another said that they would be “prepared for escalation” but not to detect, contain and neutralize cyber-attacks, leaving them to take time outside of work to learn these skills.
Among the positives, two respondents cited the wider problem of what causes the threats. This included “99% of these attacks are the result of negligent security practices, the remaining 1% are more targeted corporate espionage” which was more of a challenge to mitigate, while another said that “most errors are human errors.”
There is a wider positivity here that attacks and threats could be “dealt with” to some extent. While there was evidence in the responses that people are working on application security, incident response or even penetration testing, one respondent said that while endpoint security is becoming more automated, “it will be some time before it is fully eradicated, due to the innate usage of legacy systems within the financial sector.”
Maybe there is a bright future for detection and configuration capabilities with the day-to-day security job, but maybe this should serve as a call for better training in the common tasks of the SOC.