At Guidance Software, we’re honored to train and work alongside information security teams inside numerous global corporations and government agencies. This gives us an ideal vantage point from which to learn and incorporate the latest intelligence on attack methods and best-practices for incident response. So here’s a look at what we’ve gleaned from this year’s barrage of cyber-attacks.
Where to Invest Resources in the High-Profile Breach Era
One benefit of this awareness has been an increased investment in security. We believe that this investment should not solely be spent on tools, simply adding to the layers of security many companies already have in place, but it should also focus on making sure the right people with the right skills are able to properly leverage the technologies already in place. These large breaches have highlighted the need not just for a tactical incident response plan, but also for a corporate incident management strategy that includes understanding, identifying, and protecting key assets long before an incident is identified.
Finally, these incidents have reiterated the importance of practicing and enforcing basics like patch management, password enforcement, and employee security awareness.
Growing and Retaining Security Staff through Targeted Training
In 2015, corporations are going to need a two-pronged approach in order to grow and retain a team of effective incident responders: They will need to invest in specialized training for established security professionals and to provide incident response fundamentals and tools training for less advanced team members.
With a widely reported shortage of security professionals and a broad set of skills required to handle the range of attack techniques, teams need to have and continually build a diverse set of skills—more skills than just one person can master. Allowing senior members to focus on advanced skills like reverse-engineering or memory forensics encourages retention through greater engagement and prevents burnout by allowing senior team members time off the front lines to recharge.
On the other side, developing the skills of less experienced professionals, possibly existing IT staff, allows you to leverage their existing IT knowledge, including their ability to understand your unique network or assets—the IT “ecosystem.”
In addition, corporations can address training needs by supporting “time off” from regular duties for security professionals to train either offsite, through remote learning, or through self-study during business hours.
Sharing Threat IntelligenceFinally, building up an understanding of your environment and identifying trends outside of the norm that may indicate a specific technique in the act of being played out in your network is a large trend in the industry. To build up a repository of these trends, security professionals need to have a way to share intelligence about patterns or attack types to others in their industry or trusted security groups. Attending training with other security professionals is one way to help build these relationships.
Comments? What’s working well inside your organization? We welcome discussion in the section below, whether on this topic or on one you would like to see us write about here in the blog.
Ashley Hernandez and John Lukach are long-time instructors in cybersecurity, e-discovery, and forensics at Guidance Software.