How Attack-signal Intelligence Can Stop Cybersecurity Talent Drain

How Attack-signal Intelligence Can Stop Cybersecurity Talent Drain

If you are a UAE-based business leader, then you know, without my telling you: we are under attack. Cybersecurity — the thing you used to leave to nameless backroom techies — is now a boardroom priority.

The CISO is in more meetings than ever, and while you may not have fully grasped what they were talking about when they used phrases like technology sprawl, lack of full-stack observability, and shadow IT. You certainly understood the media headlines about more and more attacks. You understood ransomware because you understood its financial impact. And you understood that you needed your backroom nerds to emerge from their hidey-holes and fight, not just for some arbitrary notion of cyber-hygiene, but for the bottom line.

However, what if your call to arms brought forth no soldiers because they had been so long in the trenches without relief that they had left the battlefield? This scenario may be closer than you think. Some reports show a third of UAE cybersecurity teams experiencing a surge in absenteeism following an attack and 46% of professionals intend a job change within the next two years. This is burnout writ large and will rapidly lead to organisations under siege with nobody to act in their defence.

Global data from Vectra reveals 72% of security professionals suspect they have been breached but lack the means to confirm it. “Lack of observability”, remember? We now have more vulnerable endpoints because of people working from home. IT and security teams have lost policing authority over the devices employees use when they log onto a corporate network. Meanwhile, attackers have upped their game and become more sophisticated, which means the rules your defenders use to thwart them have become more complicated and require more work to get right. Assuming you have not managed to hoover up a vast cybersecurity talent pool despite the regional skills gap (the global shortfall now stands at around 3.4 million), your team will be small and overwhelmed. Hence, burnout.

Tackling tedium

Professional burnout in cybersecurity is not a mysterious phenomenon. It is well understood that as the attack surface has ballooned and attack methods have evolved, alert fatigue — the exhaustion that arises from repeatedly chasing down red flags only to find nothing — has intensified. Cybersecurity professionals are much like other employees. They want challenges. And the challenge does not mean working hard; it means having the opportunity to work smart and add value. Tedium leads to a lack of focus. Mistakes follow. Then comes cost. I suspect, at this point, I have your attention.

What every business leader needs is a cyber-frontline that is stable. That means keeping the people you have because they know your environment — which can be half the battle when a real attack occurs. But because skills gaps cannot be plugged overnight, the quickest path to resilience is through methodology and tools. This is where our old friend artificial intelligence (AI) comes in. AI can deliver signal clarity, which means security teams are armed with the information they need to solve a problem rather than trying to find one in vain.

Let us be clear. This AI is the real thing. It has enough attack-signal intelligence to think like a threat actor and reliably identify its methods in real time. It is familiar with both the local infrastructure and the global threat landscape. Like all good AI, it is an extension of the team and is able to contextually assess the anomalies it finds against what is critical to the organisation it serves. And like all true AI, it does all this out of the box without the incessant need for human tuning.

Augmentation, not replacement

To clarify, we are not replacing the cybersecurity team; we are augmenting it with another team member — a digital one that has “processes massive quantities of data at scale” at the top of its resume. Once on board, this team member will take care of all the exasperating tasks that were causing burnout and it will do them without complaint and without sleep. Its human colleagues will apply their own creative intelligence to answer questions such as “How long should we wait before we let our adversary know that they have been discovered?” and determine the next steps regarding remediation.

You will note that everyone in this augmented team — both digital and human — is doing what they do best. This leads to greater job satisfaction for human talent and lower attrition rates. But it also leads to greater accuracy in the identification of threats, greater effectiveness in their mitigation, and therefore a lower likelihood of a costly incident.

There is a trend among cybersecurity vendors to coax CISOs into procuring more and more tools. Much as more police on the streets do not necessarily mean less crime, over-tooling has a little track record of success. More tools mean more complexity and more work for cybersecurity staff, and they rarely club together to deliver a clearer view of the technology stack. Instead, they bog and fog — bog teams down in more configuration and tuning and fog up the landscape so there is less chance of seeing the true threats.

Favourite things

Asset visibility, control, and signal clarity. These are a few of a cybersecurity professional’s favourite things. Attack-signal intelligence is capable of prioritising threats, so security analysts spend more time using their human intelligence and less time on mindless monotony like alert triage, tool maintenance, and policy tuning. Vendors must look for ways to safeguard the security analyst’s well-being. If they do not, they are simply not serving their customers. Because as helpful as modern tools are, they do not hold a candle to human ingenuity. Attackers have proven they have that ingenuity on their side. We must ensure we do not lose it from ours.

If you liked reading this, you might like our other stories
How Enterprises Can Scale AI Sustainability In 2023
How To Modernise Your Mainframe And Capitalise On Your Data