Fighting Cybercrime Requires More than Just Tools

Government agencies are moving in the right direction by automating manual processes and employing more modern tools like next-generation firewalls, intrusion detection systems and behavioral analytics —but that’s not enough. While these steps are critical, they’re just part of the solution.

Without sufficiently experienced and well-trained staff, agencies are likely to miss warning signs of impending attacks. When attacks are identified, they may fail to effectively respond. While having trained, experience security personnel might seem obvious, there’s much more to it than that.

In some cases, there simply aren’t enough trained security professionals for agencies to hire. According to an August, 2015 report from the SANS Institute, 66 percent of organizations, which included many government agencies, said the reason they didn’t have an effective incident response process was because of a skills shortage.

In many cases, the solution is to provide the appropriate training to existing personnel—not only training those tasked with monitoring cyberincidents, but also training other employees on security awareness. However, a survey from Enterprise Management Associates found 56 percent of employees generally receive no security awareness training. Failing to educate users on how to spot suspicious activity means more are likely to fall for spear phishing or social engineering attacks.

Training is Critical

Besides user awareness training, it’s critical to ensure agencies have enough technology staff trained in how to spot anomalies and use the tools provided to detect and remediate incidents. The first step is ensuring there is enough staff dedicated to incident response in the first place.

That’s not always the case. A report from FireEye found 55 percent of organizations don’t have a formal incident response team. An effective incident response team should include team members with formal training in incident detection, malware analysis, threat intelligence, forensics and breach management.

Security staff that is directly responsible for incident response should definitely be trained on how to quickly identify and respond to likely attacks. The training should be more than a one hour lesson or online tutorial. It should include hands-on exercises and periodic refreshers. Even with appropriate training, the overall shortage of skilled cybersecurity professionals, combined with tight budgets, leads many agencies to either outsource the entire incident response process or proceed with a combination of in-house and outsourced professionals.

Including skilled outside experts is good for more than meeting budgets and checking boxes. As that is the outsourcer’s area of expertise, external personnel are more likely to be up to date on the latest security threats and remediation techniques. Experienced incident response service providers have deep expertise developed over time, maintain profiles of key attack groups, and use tools that help automate investigative tasks and enable experts to quickly evaluate network traffic and host-based artifacts.