Amid so much talk of automation, artificial intelligence (AI) and machine learning, what emerged from this year’s RSA Conference was actually the importance of the human element.
There was significant discussion around the democratization of cyber security. This is no longer a practice limited to technical professionals trained in computer science. Today it’s important for both technical and non-technical people to implement cyber security measures. As security has become more accessibly integrated into everyday activities—think users of the iPhone’s home button for fingerprint-based multifactor authentication—the simplicity is yielding a “frictionless” (to use an RSA buzzword) experience. It’s become cyber security for all.
For government agencies, this shift toward a common language for identifying and documenting known threats is clear in the growing adoption of federalized frameworks that many agencies and commercial organizations alike are feeding into. In turn, those frameworks are growing stronger and becoming de facto standards for identifying threats, their origins and their tactics, techniques and procedures (TTPs). From there, decision-makers are able to map to technical and/or vendor-provided solutions with the most attack-specific efficacy.
A prime example is the growing employment of MITRE’s ATT&CK framework, through which many organizations are sharing information about TTPs and how different types of attacks are affecting different types of institutions, such as banking or healthcare. The framework helps create a clearer picture of how attackers are using certain techniques against specific types of organizations—and how to defend accordingly.
The framework helps to define an evolving and increasingly popular approach to cyber security: breach-and-attack simulations. These simulations, run based on real-world and theoretical scenarios informed by the MITRE ATT&CK framework, test the efficacy of endpoint solutions as well as network security and internal infrastructure. The growing use of these simulations, including in the government, complements tools like Iron Bow’s comprehensive vulnerability assessments and standards-based methods for characterizing and identifying threats. Security companies are now tying that information together and providing actionable intelligence on threat vectors and attack indicators.
All of this is unfolding amid possibly the most human element of today’s cyber operations: the pervasive lack of skilled practitioners to hunt threats and maintain network visibility. This talent gap is further widened by the rapid development of new cyber security products and features that can overload human capacity. At RSA there was a distinct uptick in vendors and third parties providing managed security, effectively outsourcing cyber threat detection and response in settings such as security operations centers (SOCs), where analysts are in high demand and low supply. This approach provides SOCs with more sophisticated, mature security teams that can leverage network visibility to analyze, manage, monitor and respond to threats, helping better ensure best practices get implemented.
In an era where automation and AI are front and center in most cyber security and IT discussions, as RSA demonstrated, it still comes down to people and the human element. From our personal and collective experiences to the sharing of lessons learned and expansion of defenses, people remain central to effective cyber security.
For more information on how Iron Bow can help boost your cyber security, visit our website.