“Cybersecurity leaders recognize that stronger recruitment alone will not solve the problem, so many are looking for ways to build a talent pipeline outside of traditional recruiting and HR processes,” says Michael Smith, CTO, Neustar Security Services in an exclusive interview with ITSecurityWire.
ITSW Bureau: The Denial of Service Attacks (DDoS) are growing at an increasing rate. What steps do you suggest CISOs should take to address these? How can they maintain the online presence of the organization while simultaneously reducing the threat of theft?
Michael Smith: One of the most important things that CISOs can do to begin addressing their risk of cyber-attack, whether it be in the form of DDoS or anything else, is to review the defense technologies they have in place to protect their infrastructure. The ideal situation is that a business has tools that support a Defense in Depth (DiD) approach so that potential attackers must attempt to chain together vulnerabilities to have an impact, rather than simply exploiting individual vulnerable points.
CISOs that want consistent DiD protection should look for three things from their cybersecurity partners: availability, scalable capacity, and comprehensive security features in a single platform or product. This could be a web application firewall (WAF) that also has built-in DDoS mitigation, is backed by the constantly available infrastructure, and has multiple points of presence (POPs) for global load balancing. Not only does this help manage threats effectively, but it can also bring other business benefits. For example, a CIO might not subsequently need to invest in load balancing hardware when the security solution has that functionality built-in.
ITSW Bureau: The shortage of skilled cybersecurity professionals is a growing concern for most organizations, especially with the rise of sophisticated attacks. What steps do you recommend to organizations to deal with this cybersecurity talent shortage?
Michael Smith: There has been some indication recently that, after years of the cybersecurity skills shortage afflicting the market, the gap is starting to shrink. However, although more new talent is starting to come through, there are still millions of open cybersecurity jobs globally according to (ISC)2. The recent UK Government cybersecurity skills in the UK labor market 2022 report also showed that almost half of cyber sector companies felt that job applicants lacked the technical skills required.
Cybersecurity leaders recognize that stronger recruitment alone will not solve the problem, so many are looking for ways to build a talent pipeline outside of traditional recruiting and HR processes. Many leaders in highly technical fields, like CISOs, are becoming more creative and hands-on in finding and attracting talent. This ranges from actively networking in their daily lives to getting directly involved with regional security organizations, conferences, and mentorship programs. In essence, CISOs are becoming de facto recruiters.
For organizations to be successful in cybersecurity talent recruitment without taking part in a salary ‘arms race’, they’ll need to get creative and patient. More organizations should work to find talent from parallel fields with transferrable skills and an eagerness to learn, then upskill and help them develop over time within the company.
ITSW Bureau: For today’s working model that is constantly switching between hybrid and remote work models, how can the security teams ensure the cybersecurity of their respective platforms?
Michael Smith: The boom in hybrid and remote working has exposed a gap in how IT teams typically purchase products, which is prioritizing functionality over security. This was particularly prominent during the IT service rush at the start of the pandemic. Now, companies are working backward, in a sense, to work in network security. There are a couple of actions security teams can take to shore up their systems, chief among them being identity management.
Identity Access Management, or functionality like Single Sign-On, is typically available in most SaaS services. Most have plugins that allow businesses to choose their own identity provider, which should have strong encryption. Coupled with two-factor authentication, this can be fairly robust — which is important, as SaaS applications have become key targets for attackers in light of the increased identity management held there.
With remote and hybrid work models, there is also a need for security teams to assess the security of their cloud providers. In part, this can involve working with a third-party company that can help evaluate a business’s implementation and ensure that best practice and hardening guidelines are being followed.
Alongside this, security teams should understand what logging and alerting is offered by a vendor. Most providers should be logging events such as new account creation, changes to an account’s administrative privileges or changes to security configurations. Each of these events are auditable and valuable to security monitoring operations. Businesses should take steps to get a copy of these logs from providers and aggregate them into ongoing security monitoring.
ITSW Bureau: What trends do you expect to see in the DDoS attack space? How do you suggest organizations to keep up and tackle them?
Michael Smith: An interesting trend that we’re seeing in the DDoS attack space is a growth in application DDoS, or Layer 7 DDoS, attacks. These exploit vulnerabilities in the web applications themselves to overwhelm a server’s resources with application requests, and can be more difficult to identify because they don’t rely on a high network volume. They’re typically low or medium-volume attacks. Businesses can mitigate these kinds of attacks with a WAF, and it’s becoming increasingly important to do so.
For DDoS attacks in general, we’re seeing the scale and size of attacks continuing to increase in line with network bandwidth and size. Attackers have the ability to compromise multiple endpoints — such as IoT devices, servers, mobile phones, desktops — and, due to increased bandwidth per device, they can launch more attack traffic. Organizations can keep ahead of these attacks by ensuring their security providers have the infrastructure to manage.
Security providers need to ensure that their infrastructure is able to provide enough capacity and mitigation for multiple customers and multiple large-scale attacks simultaneously. One of the largest recorded attacks we’ve seen was 1.2 Terabits per second, so the infrastructure must be able to withstand attacks that are several magnitudes larger. A growing number of businesses want always-on DDoS mitigation, which necessitates security providers that can deliver reliable protection — even if they were mitigating multiple attacks at once.
Michael Smith is Neustar’s Field CTO and is responsible for the organization’s overall products and services strategy including product management, security operations, and customer support.
With over 30 years of experience in cybersecurity, IT, and intelligence, he has managed high-profile incidents such as the wave of DDoS attacks against major U.S. banks in 2012 and 2013 and attacks by e-commerce account takeover gangs, as well as security monitoring for large online events such as the Olympics and World Cups.