Cybersecurity threats are evolving rapidly as recent headlines demonstrate in stark terms. This New York Times story draws the parallels between the WannaCry attack and the more recent attack that went global after starting in Ukraine. A similar tool set was used in the second attack, but the story points out that the Ukraine attack appeared to have avoided the “kill switch” in the code that mitigated harm from WannaCry. Whether the hackers are related or not, the second group learned from the WannaCry experience.
A more recent New York Times story also suggests that hackers are using developing economies as sandboxes to see how their hacks perform as they develop their skills for larger, more secure targets. This story also indicates that individual pieces of malware are evolving via artificial intelligence as they probe for vulnerabilities or learn to hide within IT systems.
Bottom line: The cyberthreat environment is evolving quickly and on several vectors at once and the evidence is in the morning paper or a push notification on your phone.
This rapid evolution is happening at a time when qualified cybersecurity experts are in short supply as we recently documented in a report prepared by Enterprise Strategy Group. When asked where a “problematic shortage of existing skills” was located in their IT organizations, respondents indicated cybersecurity as the number one area (over other critical IT areas such as app development, IT architecture and data analysis). Put simply, cybersecurity is a discipline in its own right and there aren’t enough people with the core skills, the tools to drive innovation and the ability to stay a step ahead of the bad guys for all the potential targets out there. Something needs to change to make the most of the experts we have.
The ESG paper discusses the rise of Managed Security Services Providers (MSSP). By creating a concentrated team of experts and tools, MSSPs can drive their own rapid evolution environment to stay ahead of cyber threats. The report includes a case study so you can see how this MSSP approach works.
This article was originally published in Forbes Voice on August 3, 2017. https://www.forbes.com/sites/centurylink/2017/08/03/where-are-all-the-cybersecurity-experts/#ce251ce2acc2