Upskill Security Professionals to Prepare for 21st Century Cyber Attacks

Date:   Wednesday , July 13, 2016

FireEye (NASDAQ: FEYE) offers products and services which help stop the latest generation of cyber attacks, such as advanced malware, that easily bypass traditional signature-based defenses and compromise over 95 percent of enterprise networks. The company has a current market capital of $2.71 billion.

While 2015 brought information technology initiatives into mainstream conversations, it was also a time when India witnessed the dangers of digitization first-hand. As organizations became more reliant on internet and other networks, their vulnerability to attacks increase proportionately. These attacks are increasingly becoming public. Last year, FireEye detected a decade-long cyber espionage campaign by a China-based group called APT30, which targeted Southeast Asian organizations including an Indian Aerospace and Defense Company and a leading telecommunications firm. Later in the year, we revealed a spear-phishing campaign, again by Chinese threat actors, targeting organizations with information about diplomatic matters and border disputes. Approximately 70 percent of the victims were in India, with a focus on governmental, diplomatic, scientific and educational organizations.

These were sophisticated operations - well-funded, organized, persistent and tailored to their targets. The resources behind these attacks reveal the stakes. India is fast becoming a strategic target for cyber criminals as it embarks on ambitious projects like Digital India and Smart Cities. Additionally, as India\'s IT exports continue to grow, attackers increasingly use Indian subsidiaries to launch attacks against large multi-national corporations. With the growth of interconnected business operations, the cyber landscape looks more volatile, presenting new security challenges. India\'s growing economy and regional influence are also making it more attractive to attackers. A FireEye report revealed that 38 percent of organizations in India were exposed to targeted advanced persistent attacks in the first half of 2015, a 23 percent increase from the previous report.

While the risks have grown steadily as we become more reliant on technology, no one is calling for a halt to innovations. Instead, we need to focus on improving our defenses, and building capable security talent is crucial in this endeavor.

While this won\'t happen overnight, Indian policy-makers recognize the need. NASSCOM launched a Cyber Security Task Force last year to build India as a global hub for providing cyber security solutions, prepare a cyber security R&D plan and develop a skilled workforce of cyber security experts. The intention is to have a million certified and skilled cyber security professionals in India. This target has doubled from just three years ago; in 2012, the aim was to build 500,000 engineers, thus indicating the growing awareness of cyber risks.

However, what are the attributes required for a security professional? Just like other engineering domains, up-to-date technology skills are critical. One of the reasons that they are in short supply is in their ability to understand human psychology and motivation, and connect the dots to thwart attacks. Attacks are advanced not just because they use advanced technology but because there is a clear motivation, process and structure. And even the most sophisticated technology can\'t beat the human mind.

Security professionals must be able to anticipate potentially dangerous behavior and stay abreast with tactics used by attackers in the global cyber economy. Knowing the threats to one organization is not enough either. They need the depth of intelligence that comes from having been exposed to the successes and failures that attackers have had in penetrating a variety of organizations of all sizes around the world.

Of course in the short term, India won\'t have enough talent to adequately defend our systems. But not every organization needs a large in-house security team. Many organizations, large and small, should consider consuming security as a service that gives them the technology, intelligence and expertise to help defend against attacks.

As Digital India and Make in India increase our potential surface area for advance attacks, cyber security skills will remain in high demand going forward. To fulfill the need, we need experts who can combine core technical skills with an understanding of the motivation of an attacker, knowledge of how the human mind works and a desire to stay updated on the latest techniques. A fresh engineer, no matter how talented, isn\'t likely to have these attributes; but focused training, skills development and exposure to addressing real threats can contribute to raising a million-strong army of Indian security experts.