Professional Documents
Culture Documents
SYM Perfect Storm Ebook Parts 1 2 AW Online
SYM Perfect Storm Ebook Parts 1 2 AW Online
Ch
gh THI e S
NE r 2
ap
Al S M kill
te
W :T
er
t S ONT Cr
er
h
ie
s
High Alert:
H isis
s
Tackling Cyber Security Overload in 2019
Understand the impact of patchwork defences
and start your journey to reduced complexity
Inside this edition of High Alert
Exclusive new research conducted on behalf of Symantec highlights the challenge that CISOs and
security leaders face in trying to find, attract and retain cyber security professionals. Existing talent
struggles to keep pace with the rapidly-evolving technology landscape, the supply of talent is far Contents
outstripped by demand – and salaries are rocketing. Without a radical rethink, organisations
1
are simply not going to be able to scale their cybersecurity teams.
Perfect Storm:
It’s time for change. Cyber Security Now
4
state of cyber security in 2019 – and what you can
do to regain the initiative.1 • High Alert Chapter 3: After the Breach The Security Environment
of the Future: Why Digital
Across four chapters, we’ll explore a different cyber • High Alert Chapter 4: The Security Environment Transformation is
security topic. Combining insights, analysis and of the Future
recommendations, you’ll learn how your organisation a Huge Opportunity
can master cyber security for the cloud generation: Alongside new intelligence and analysis, you’ll learn
protecting your reputation, sustaining customer how cyber security industry leader Symantec offers Summary and Next Steps
trust, guarding against financial penalties, and an alternative approach to help you cut through
balancing budgets and resources. today’s cyber security chaos.
1 Research conducted by Symantec in collaboration with Goldsmiths, University of London and research consultancy Thread. Surveys were distributed in Winter
2018/19 to 3,045 individuals across France, Germany and the UK. Quantitative study figures for Germany and France are from Censuswide; UK figures from
YouGov. See back page for more information
1 Perfect Storm:
Cyber Security Now
Cyber attacks are more sophisticated and capable than ever before. For most of the population major
breaches and exploits are the stuff of news headlines. But for cyber security professionals, today’s Even just the anticipation of stress
aggressive threat landscape is a daily reality. Their mission? Addressing seemingly endless attacks from can impact cognitive function
an increasingly professional, well-funded, highly motivated and experienced array of adversaries. throughout the day. A study from Penn
State showed those who woke up feeling
As cyber security professionals work to face down this
evolving threat landscape, they do so short of qualified
Cyber security: as though the day ahead would be
stressful experienced problems with
personnel and in the face of wide gaps in strategic and the psychological impact working memory; a function which helps
operational information sharing. For cyber security
decision makers, these challenges are felt at a deeply A career in cyber security requires focus, extreme attention people learn and retain information even
individual and personal level. to detail, creative problem solving and rational decision- when they’re distracted. Researchers say
making in high-pressure scenarios. But with increasing the anticipation of stress impacts
regulation, better-equipped attackers, growing complexity cognition, even if a stressful event
of the digital estate and thousands of alerts going off
does not occur.
at the same time, security leaders are overloaded.
This overload can have a serious impact on their ability Penn State ‘Experiencing a Stressful Day
to make sound decisions.
May Lower Cognitive Abilities Throughout
Sensory overload, fatigue and stress impair memory2, the Day.’ Neuroscience News, 3 July 2018.
disrupt rational thinking and negatively impact every
cognitive function we have3. Studies show that when
you’re stressed, signals in the brain associated with factual
2. “ Stressed Memories: How Acute Stress Affects Memory Formation
memories weaken, while areas in the brain associated with in Humans”. Journal of Neuroscience. & Peavy, 12 August 2009.
emotions strengthen4. Whilst the human brain is adept at “Effects of Chronic Stress on Memory Decline in Cognitively Normal
and Mildly Impaired Older Adults”. American Journal of Psychiatry.
many things, dealing with vast quantities of information
15 September 2009
and alerts can hamper our cognitive function5. The more
3. E
veryday Stress Can Shut Down the Brain’s Chief Command Centre,
information and alerts we receive, the more numb we Scientific American, April 2012
become to them. 4. O
ur Brain on Stress: Forgetful & Emotional, psych central, 8 July 2018
5. The Overflowing Brain: Information Overload and the Limits of Working
Memory, By Torkel Klingberg, Oxford University Press, 2009
1 2 3 4 SUMMARY
A Perfect Storm: Cyber Security Now
leaders view their industry and their workloads? How do Security leaders are overwhelmed. Two thirds of cyber- European average
they see the threat landscape changing? And how well security decision makers (65%) feel they are being put in 85%
equipped do they feel to deal with bad actors infiltrating a position where they are set up for failure. Additionally,
81% 82% report feeling 'burnt out'
81%
their networks? 82% report feeling ‘burnt out’, 63% think about leaving the 75%
industry, and 64% think about quitting their job (figure 1). 67% 65% feel set up for failure
In collaboration with Dr. Chris Brauer and Goldsmiths, 54%
University of London, Symantec surveyed over 3,000 But the overwhelming workload and pressure of the role 68%
security decision makers across three countries – France, doesn’t seem to deter them from the mission. Most security
64% 64% think about quitting their job
60%
Germany and the UK. The aim was to gain real insights leaders appear to be adrenaline junkies; fully immersed
66%
from those at the coalface. in their work, and its potential to make a difference, even 72%
63% have considered leaving the
cybersecurity industry
51%
when it’s stressful (92%). Security leaders tend to be
The picture painted will be both poignant and familiar France Germany UK
motivated by high-pressure situations and find their 0% 20% 40% 60% 80% 100%
to readers within these roles, but it also raises an
work environment thrilling, even though it’s challenging
important fact: the industry cannot afford to continue
(figure 2).
like this.
European average
93%
92% are thrilled by their work
92%
environment
Stress dramatically impacts our ability to make good decisions. It impairs your memory, disrupts 89%
rational thinking and negatively impacts every cognitive function you have. In an industry like 91%
92%
92% are fully immersed in their work,
even when it’s stressful
cyber-security, which requires focus, creative thinking, attention to detail and rational decisions 92%
in high pressure scenarios – stress can be crippling. Highly stressed workers are far more likely 91%
90%
90% feel motivated by high pressure
situations
to be disengaged and ultimately quit. In an industry already suffering a skills shortage, this kind 89%
1 2 3 4 SUMMARY
A Perfect Storm: Cyber Security Now
1. Increasing regulation Figure 3: Cyber security’s technology challenges 4. The ever-present skills gap
The leading source of strain for cyber security leaders is Four in every five (80%) reported that insufficient skills
European average
government regulation. Four in five (86%) reported that in their workforce is causing increased pressure. In many
mounting regulation, such as GDPR and the NIS Directive, 88% 82% Increasing amount of threats cases, the existing base of experienced cyber security
90% resulting in too many security alerts to
was increasing pressure in their role. Two in five reported 69% deal with professionals has been ‘outdated’ by the rise of cloud
concerns that they would be held personally liable for and mobile. Almost half (48%) of respondents believe
a data breach. 86% 82% Having to secure too much data attackers now have the skills advantage over the defenders
flowing into / out of too many places
91%
(size of estate to defend is too vast)
(figures 3 & 4).
70%
2. Attackers gaining ground These challenges are not only adding to the stress felt
85%
79% Having to manage too many cyber by security professionals (figure 5), they are also making
The second biggest issue is the rise of the adversary and 89%
defense products / vendors
62% it more difficult for them to keep their business safe.
an increasing volume of threats and alerts. The level of
sophistication, motivation and organisation in cyber-crime 0% 20% 40% 60% 80% 100% France Germany UK
89%
80% Slow adoption of new
technologies in the business causing
66%
new attack vectors to open up
The size and complexity of the estate defended is 47%
a question of scale – the attack surface is expanding. 0% 20% 40% 60% 80% 100% France Germany UK 0% 20% 40% 60% 80% France Germany UK
1 2 3 4 SUMMARY
A Perfect Storm: Cyber Security Now
European average
77% have made an assessment they
77%
are not totally confident in
77%
0% 20% 40% 60% 80% 100% France Germany UK Quantity certainly isn’t the answer when it comes to
security services. But if the answer lies in quality, many
security leaders feel under-resourced and ill-equipped to
provide it (figure 8) – particularly with attackers becoming
increasingly savvy.
1 2 3 4 SUMMARY
A Perfect Storm: Cyber Security Now
Now what?
In an increasingly broad and capable threat landscape, how With these capabilities, it becomes far easier to hand
do cyber security leaders move out of a state of personal selected functions off to managed services. In an industry
overload? The answer lies in moving from a reactive and with a severe skills shortage, an integrated platform The current patchwork approach
fragmented model, to a consolidated and strategic one. enables cyber security professionals to minimise mundane to security tooling and strategy
Yet to invest the time, energy and resource into defining tasks in favour of adding more value through proactive, is creating more problems than it solves.
and executing against a cyber security vision, they must higher level of work. There is so much daily noise that it’s near
first regain control of the finite human resources such
impossible to work out what is most
an approach would free up.
A pathway to protection important. Meanwhile the overlaps and
One of the biggest factors at play here is the overhead that
There is much for you to consider as part of this approach,
chinks between defensive systems present
goes into managing a patchwork of IT security vendors
but four of the most fundamental elements are: hackers with new opportunities for exploit.
across a vast, rapidly evolving IT estate. A patchwork The volume of alerts, the constant patching,
approach to cyber defence creates vulnerabilities and • Mature and consolidate cyber defences by adopting and rapid emergence of new threat vectors,
overburdens cyber security teams. a platform approach, automating key processes
are absorbing the attention of security
and compliance
This tension is underpinning a push towards simplicity professionals, leaving little time
and integration across the industry; fewer vendors, less • Educate the business on the threat landscape, and for a more strategic approach.
complexity, and more centralised management. With this demonstrate how cyber security can become a business
transformation, the cyber security industry is entering the and transformation enabler Darren Thomson, CTO EMEA, Symantec.
platform era.
• Be both pragmatic and bias conscious in your efforts
An open standards security platform, such as Symantec’s to overcome the skills gap – recruit and up-skill a diverse
integrated cyber defence (ICD) platform, gives a modern range of talent to tackle the multiple challenges you face
foundation on which to build. It integrates security data Watch the High Alert Summit webinar
feeds, cutting duplication, improving accuracy and • Define your organisation’s risk posture, securing buy
speeding decision making. With the ICD platform, security in and ‘sign-off’ from specific business departments Join Darren Thomson and Dr Chris Brauer,
leaders can add new security solutions as required and the board. Director of Innovation at Goldsmiths, University of
(typically cloud-centric ones such as CASB and cloud London, as they analyse the High Alert Chapter 1
workload protection) and feel safe in the knowledge they With skilled talent, the right processes and tools, it is findings and recommend how to reduce your own
will integrate quickly and easily into the ICD platform. possible to evolve your roles from overloaded and reactive, cyber security complexity.
The ICD platform’s automation capabilities mean that new to confident and strategic. In subsequent chapters of
solutions won’t require time-intensive manual patching this research series, we’ll explore some of these key
factors in how you can work towards overcoming this REGISTER FOR THE WEBINAR NOW
and maintenance, or the manual integration of new data
sources into reporting and compliance workflows. state of overload.
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
Dr Steve Purser, Head of Core Operations, ENISA, former financial sector CISO.
IT security leaders feel overworked and behind the According to IDC’s recent Western Europe Security Survey6,
curve compared to their criminal competition. There are 97% of European enterprises agree there’s a security skills
many factors contributing to this – regulation, growing shortage, which is having a negative impact.
technological complexity, increasingly skilled and well-
equipped hackers. It’s a remarkable statistic. It means only 3% of enterprises
in Europe believe the industry has the requisite talent to
However, one of the single biggest issues compounding deliver on its mandate – to ensure business integrity and
this perception is a long-standing one: The Talent Gap. protect sensitive company, customer and shareholder
data. According to the 2018 (ISC)2 Cybersecurity Workforce
Study7, there’s a shortfall of around 142,000 cybersecurity 6. Western Europe Managed Security Services Forecast, ICD, 2017-2021
professionals across EMEA – a significant shortage. 7. https://www.isc2.org/Research/Workforce-Study
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
European average
If cyber security professionals are feeling overworked,
45%
stressed and see themselves falling behind in their
37% say their team cannot manage
44%
current workloads own skillset, it is hardly surprising that around two
23%
thirds are considering changing their role or leaving
51% 45% say technological change is
48% happening too quickly for their the profession altogether. For employers the battle
37% business to adapt isn’t simply recruitment, but retention too.
47%
46% say their team is too busy to
51%
keep up with skills development Figure 10: The security skills arms race
39%
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
Alternative strategies
As we will see in next month’s Chapter Three: After the IDC points to a four-step model:
Breach, cyber security professionals could also do much
more to learn from one another than is currently the case.
1. Rationalisation 3. Automation
Sharing the right information, at the appropriate time and
in the right way, could go a long way to helping more staff As highlighted in Chapter One: Perfect Automation can help address
upskill effectively. Storm, the cyber security estate has the security skills gap at two levels.
become incredibly complex and can easily First, an integrated security platform
Still, even with the luxury of a realistic budget for training – by correlating, cross-checking and
contain more than 100 different point
in place, a gap of 142,000 cyber security professionals prioritising data across multiple security products
solutions from a huge mix of vendors. Consolidating that
in EMEA means most companies are still going to struggle – can reduce the volume of alerts and highlight those
estate, or using a cyber security platform to integrate it,
to find people to hire. that really matter. In addition to reducing the volume
both improves security and reduces the time taken to
manage it manually. of alerts analysts have to contend with, it can support
Organisations therefore need to find complementary
workflow to automate reporting and compliance; the key
alternatives that can help free up time for skills
An integrated cyber defence platform can also de-duplicate challenge for cybersecurity professionals identified in
development and ease the recruitment burden.
alerts from multiple systems. Freeing up existing security Chapter One: Perfect Storm. This relieves mundane manual
professionals’ time like this can ease the need to recruit administrative tasks, enabling time-pressed cyber security
and improve retention. If staff are less overworked and professionals to focus on higher value activities.
more in control of their time, they’re more capable of
focusing on their own professional development. Second, machine learning and artificial intelligence can
change the game entirely. Symantec Targeted Attack
Analytics (TAA), for example, enables vast telemetry
2. Embedded security data lakes and exposes attack patterns occurring in the
Cloud and mobility are rewriting customer environment. TAA takes a holistic view of the
the way data is captured, stored and customer’s company and their industry to determine the
managed. Modern cyber security is source, scope and impact of an attack in just a matter of
designed to operate around cloud-centric hours. The manual equivalent would not only take months,
computing and can itself be delivered as a cloud service. it would also be unfeasible for most organisations to fund.
Security which is embedded within the main control
points – web, email, network and endpoint – gives far
greater control, goes unnoticed by end-users, and is
a step towards a ‘set and forget’ security infrastructure.
Being ‘in the sinew’ like this means less manual
management is required.
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
4. Externalisation
Given the talent gap, it is no surprise
that Managed Security Services is the
fastest growing segment of IDC’s
European Security Forecast8. Conventional Security monitoring, threat intelligence and response needs strength and depth in people,
wisdom is to ‘get the house in order’ before looking processes and technology.
to externalise a service (this work itself might use third
party support) as a typical patchwork environment is We already manage the world’s largest civilian threat intelligence network, operating six SOCs
difficult to hand over to a managed service provider. and nine response centres. It’s a global infrastructure and level of specialisation that few end-user
When the security estate is ‘in good order’, threat organisations could ever match.
intelligence, security monitoring, endpoint detection
and response are some of the most attractive areas to
Having this breadth of experience and development opportunity makes it easier to attract
externalise, as they are technically demanding and require and retain top talent than it is for a company that does not have security as its core business.
many of the most sought-after skills. Externalisation
helps to address other significant challenges. These
include operating the security estate 24x7x365, providing
sufficient resources to monitor the global threat landscape,
and the complexity of analysing high volumes of network Duncan Evans, EMEA Director, Managed Security Services, Symantec.
data to identify direct concerns and relay them back to the
organisation. Identifying and responding to incidents can
also require other specialist skills and a certain level of
tradecraft, which comes from outside the typical corporate
cyber security environment – such as military or law
enforcement.
8. W
estern Europe Managed Security Services Forecast, ICD, 2017-2021
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
Now what?
Taking steps to reduce the complexity of cyber security, the
use of cloud-delivered security, increased automation and
smart deployment of managed services can all help to deliver
There are several ways to address the skills gap. Hiring an experienced interim to do some
improved rates of staff retention. This is because, in addition
to lowering the overall workload, it removes the more of the heavy lifting or lead a transformation programme can relieve a huge amount of pressure
mundane, repetitive and low-value tasks from security teams’ while you focus on building the team. It’s a buyer’s market, so you have to have an attractive
workloads. As a result, it enables staff to focus on more proposition. Ask yourself if your environment is putting potential recruits off, or if there’s
rewarding, higher value work – which can only help firms in unconscious bias in your recruitment process.
the fierce competition to attract, and keep, top talent.
Think carefully about what you have to offer, because you will have something distinctive
Modern integrated cyber defence platforms have a role
which will be right for someone – this could be as simple as creating a part time role,
in addressing the skills crisis because they help save time
– and security leaders can use this extra capacity to focus job share or flexibility in terms of location.
on skills development for themselves and their team.
At Savanti we’ve had great success in hiring candidates who are returning to work following time
But clearly there is still a core need to secure budget off to raise young children. Provided you create the right environment and are prepared to try new
to invest in cyber security professionals and, even then, approaches, there is talent out there. A diversity of mindsets and backgrounds strengthens the team;
there is the challenge of recruitment. whether a psychologist, a marketer, someone from HR, risk or legal. You can try a secondment
The clear message from the Symantec CISO Forum was to see if there’s a good fit. The key is to find smart people with transferable skills and train
to ensure ‘no stone is left unturned’ in addressing the them up. Build a pipeline of talent.
skills gap – which is a chronic, systemic issue that will
take years to resolve. So any technology which can
provide an edge in the shorter term should be welcome,
while the benefits of longer-term initiatives take time
to manifest. Richard Brinson, CEO Savanti, and former CISO at Unilever, RS Components and Sainsbury’s.
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
A similarly rigorous, conscientious approach should Having a well thought out security
be taken when scouring for talent. A recognition and User behaviour 37%
architecture and an agreed set of
celebration of diversity is not only ethical, it is plain old Organisational politics/lack of
attention to information security 22% robust procedures, which have been
common (and business) sense. Phishing 19% properly tested – are all things that can
The 2018 (ISC) Cybersecurity Workforce Study reports
2
Accurate, timely processing
of security events
19% reduce stress. Ultimately, if you do your job
that only 24% of the workforce is female, which suggests Endpoint security 18% correctly, put the flags where they’re
there’s an immediate scope to consciously recruit from Compliance – related costs/ 18% supposed to be, and you communicate
requirements
a larger pool of candidates. Similarly there are many well – whatever happens, you’re
Cloud security 17%
people with high potential, and at least some requisite
Lack of budget 17% not in the firing line.
skills, to be found outside the more renowned universities
from which corporates tend to recruit. It should also be Keeping up with new technology 17%
Dr Steve Purser, Head of Core Operations,
recognised that some of the most important cyber security Application security 14%
roles are not technical.
ENISA, former financial sector CISO.
Third-party/supplier security 14%
End-user behaviour, from lack of awareness to wilful Staffing information security 12%
amount of work (figure 12) while phishing is currently Data loss/theft 11%
the biggest external threat. One Symantec CISO Forum
Malicious software (malware) 9%
delegate shared her experience of hiring a psychologist
Firewall/edge network security 7%
into the security team. Following a number of initiatives –
such as praising those who raised a potential threat, to test Other 4%
phishing emails and ‘external email’ warnings – the firm’s 0% 5% 10% 15% 20% 25% 30% 35% 40%
phishing simulation click rate dropped from 27% to 8% in
just 12 months. That’s a single recruit, with no technical Source: 451 Research, Voice of the Enterprise: Information Security,
skills, that both improved the firm’s security posture and Organizational Dynamics 2018
1 2 3 4 SUMMARY
The Skills Crisis: Tackling the Critical Gap
1 2 3 4 SUMMARY
Summary
and Next Steps
If you want your organisation to reduce cyber security complexity, and enjoy proactive, holistic protection
with a reduced management burden, it’s easy to get started with Symantec Integrated Cyber Defense.
We’ll work with your cyber security specialists and partners to complement, streamline and ultimately
transform your existing security infrastructure at a pace that suits your organisation.
1 2 3 4 SUMMARY
About the Research
The High Alert research study was conducted by Symantec in collaboration with Dr Chris Brauer, Director of Innovation,
Goldsmiths, University of London and research consultancy Thread. The research was directed by Dr Chris Brauer and
Dr Jennifer Barth and led by Sean Duggan. The German and French figures for the quantitative study are from Censuswide;
the UK figures are from YouGov.
Survey fieldwork was undertaken in Winter 2018/19. The research used quantitative methods to measure, define and
distinguish the experiences of cyber-security professionals in leadership roles in three countries: France, Germany and
the UK. The survey was distributed to 3,045 individuals across France (1,002 respondents), Germany (1,003 respondents)
and the UK (1,040 respondents) in middle or upper leadership roles, with decision making involvement in cyber security.
Copyright ©2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks
of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.