News of the FireEye security breach shook the cybersecurity industry last week, proving that even the most skilled cybersecurity operations can face attack. Then came the news of the SolarWinds breach affecting the highest levels of the US government. While the cyber world debates the reasons for the attacks and the response, business leaders should take this moment to evaluate the strength of their cybersecurity program, especially in light of added stresses on teams due to Covid-19 workplace changes. It’s not just about whether you have the right tools in place. You need the right people to address emerging threats, too. If your cybersecurity team is overworked, or you have unfilled red team or threat hunter positions, you’re leaving your company vulnerable.
FireEye, a $3.5 billion cybersecurity company that has identified some of the most elaborate and sophisticated hacking operations in the world, announced on Dec. 8 it had experienced a cybersecurity breach of their top cybersecurity tools which used “novel techniques” to gain access. In a statement FireEye said:
Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. Our number one priority is working to strengthen the security of our customers and the broader community. We hope that by sharing the details of our investigation, the entire community will be better equipped to fight and defeat cyber attacks.
Since then, reports have revealed this breach was part of a larger hacking and espionage effort including SolarWinds security software and top government agencies, including the Department of Treasury.
Speculation will likely continue for weeks, and it has left many in the industry wondering, if this could happen to FireEye, which has some of the top tools in the industry for detecting threats, would my security team have detected this or similar activity?
“It really reinforces the importance of people in cyber,” said Dom Glavach, Chief Security Strategist at CyberSN. “An adversary compromised the supply chain then leveraged this to gain access to high profile networks, highlighting that we do not necessarily have a tools problem. You need strategy, you need tools, and most importantly, you need people.”
Chief information security officers and cybersecurity managers are likely evaluating or purchasing new tools and downloading indicators of compromise now to protect against similar threats, and they must also make sure they have the right people in place to identify those threats. After all, cybersecurity is a people versus people game, Glavach said. Adversaries have proven they have the funding, the drive to innovate, and the ability to hone their tactics, techniques, and procedures to successfully gain access to high-profile companies. It will take tools, strategy, and people to fight these sophisticated threats.
No company is ever going to be 100% protected from attack, and a good cybersecurity team with the right members in place can better prevent, detect and recover cyber attacks earlier, reducing the damage they might cause.
Good leadership and a clear cybersecurity strategy are the basis for a strong cyber program. Frequent turnover in the CISO position or lack of buy-in from executives on how the strategy should be implemented can leave a company vulnerable on multiple fronts. You might be able to keep a cyber team running without a clear strategy in the short term, and eventually, you will run out of steam.
Next, filling or adding positions on the offensive side should be your top priority. Here are three areas that are essential to nearly every size company today.
We all know how hard it is to recruit cybersecurity professionals. Here’s how you can recruit and hire the cyber talent you need quickly.
Ping people in your professional and social networks who work in the cybersecurity industry and ask them for referrals. Do they know a threat hunter who’s looking for a change? If you’ve been searching for more than six weeks, you need to be proactive to identify candidates.
Do you have an employee referral program? Make it higher for anyone who refers one of these key cyber hires. The holidays are here and people are looking for extra money—give them the incentive to reach out to friends with a significant bounty.
Do you have multiple cybersecurity positions open right now? It’s time to adjust your hiring plan to prioritize cyber roles on the offense side. If you planned to hire for other positions this year, take that money and switch to these threat-hunting positions.
When you decide it’s time to get outside help to fill cybersecurity roles, pick an agency that knows the cybersecurity industry and what to look for. Maybe you’ve used an agency in the past, or your human resources department has a firm it prefers—unless they specialize in cybersecurity, the service is unlikely to get you the candidates you’re looking for or save you time.
As one of the few staffing agencies that specialize in cybersecurity, we’ve talked to many clients about their frustration with traditional staffing agencies and recruiters who don’t know what it takes to fill essential roles. When it comes to filling positions quickly, you should go with the experts. They can offer different levels of service based on your needs and budget.
If your company doesn’t have the resources to hire a staffing agency to do the work for you, try going where cybersecurity professions are actively looking for jobs. CyberSN’s proprietary platform, KnowMore, is a place where cyber pros can post resumes confidentially, allowing companies to review based on skills. Companies can also use the platform to create better job descriptions that tell savvy professionals your company knows exactly what it’s looking for.
The threats revealed by the FireEye and SolarWinds breaches highlight the importance of having a well-rounded security program in place. Tools are vital, and without the leadership combined with proper staffing, your strategy will be less effective and can leave your data needlessly vulnerable. As you review your cybersecurity operation in the coming weeks, ask yourself, do I have the right people for the job? If not, it’s time to go find them.