12
The Malta Independent | Thursday 21 May 2015
Challenges to timely incident response
A
new survey found that security professionals are inundated with security incidents, averaging 78 investigations per organisation in the last year, with 28% of those incidents involving targeted attacks – one of the most dangerous and potentially damaging forms of cyber-attacks. This was revealed in a new report, Tackling Attack Detection and Incident Response, from Enterprise Strategy Group (ESG), commissioned by Intel Security which examines organisations’ security strategies, cyber-attack environment, incident response challenges and needs. According to the IT and security professionals surveyed, better detection tools, better analysis tools, and more training on how to deal with incident response issues are the top ways to improve the efficiency and effectiveness of the information security staff. “When it comes to incident detection and response, time has an ominous correlation to potential damage,” said Jon Oltsik, senior principal analyst at ESG. “The longer it takes an organisation to identify, investigate, and respond to a cyber-attack, the more likely it is that their actions won’t be enough to preclude a costly breach of sensitive data. With this in mind, CISOs should remember that collecting and processing attack data is a means toward action — improving threat detection and response effectiveness and efficiency.” Better Integration Nearly 80% of the people surveyed believe the lack of integration and communication between security tools creates bottlenecks and interferes with their ability to detect and respond to security threats. Real-time, comprehensive
visibility is especially important for rapid response to targeted attacks, and 37% called for tighter integration between security intelligence and IT operations tools. In addition, the top timeconsuming tasks involved scoping and taking action to minimise the impact of an attack, activities that can be accelerated by integration of tools. These responses suggest that the very common patchwork architectures of dozens of individual security products have created numerous silos of tools, consoles, processes and reports that prove very time consuming to use. These architectures are creating ever greater volumes of attack data that drown out relevant indicators of attack. Better Comprehension Security professionals surveyed claim that real-time security visibility suffers from limited understanding of user behaviour and network, application, and host behaviour. While the top four types of data collected are network-related, and 30% collect user activity data, it’s clear that data capture isn’t sufficient. Users need more help to contextualise the data to understand what behaviour is worrisome. This gap may explain why nearly half (47%) of organisations said determining the impact or scope of a security incident was particularly time consuming. Better Analytics Users understand they need help to evolve from simply collecting volumes of security event and threat intelligence data to more effectively making sense of the data and using it to detect and assess incidents. 58% said they need better detection tools, (such as static and dynamic analysis tools with cloud-based intelligence to analyse files for intent).
53% say they need better analysis tools for turning security data into actionable intelligence. Onethird (33%) called for better tools to baseline normal system behaviour so teams can detect variances faster. Better Expertise People who took the survey admitted to a lack of knowledge of the threat landscape and security investigation skills, suggesting that even better visibility through technical integration or analytical capabilities will be inadequate if incident response teams cannot make sense of the information they see. For instance, only 45% of respondents consider themselves very knowledgeable about malware obfuscation techniques, and 40% called for more training to improve cybersecurity knowledge and skills. Automation to Enhance Action The volume of investigations and limited resources and skills contributed to a strong desire among respondents for help with incident detection and response. 42% re-
ported that taking action to minimise the impact of an attack was one of their most time-consuming tasks. 27% would like better automated analytics from security intelligence tools to speed real-time comprehension; while 15% want automation of processes to free up staff for more important duties. “Just as the medical profession must deliver heart-attack patients to the hospital within a ‘golden hour’ to maximise likelihood of survival, the security industry must work towards reducing the time it takes organisations to detect and deflect attacks, before damage is inflicted,” said Chris Young, General Manager at Intel Security. “This requires that we ask and answer tough questions on what is failing us, and evolve our thinking around how we do security.” The ESG believes that there is a hidden story within the Intel Security research that hints at best practices and lessons learned. This data strongly suggests that CISOs: • Create a tightly-integrated enterprise security technology architecture: CISOs must replace individual security point tools
with an integrated security architecture. This strategy works to improve the sharing of attack information and cross-enterprise visibility into user, endpoint, and network behaviour, not to mention more effective, coordinated responses. • Anchor their cybersecurity strategy with strong analytics, moving from volume to value: Cybersecurity strategies must be based upon strong security analytics. This means collecting, processing, and analysing massive amounts of internal (i.e., logs, flows, packets, endpoint forensics, static/dynamic malware analysis, organisational intelligence (i.e., user behavior, business behaviour, etc.)) and external data (i.e., threat intelligence, vulnerability notifications, etc.). • Automate incident detection and response whenever possible: Because organisations will always struggle to keep up with the most recent attack techniques, CISOs must commit to more automation such as advanced malware analytics, intelligent algorithms, machine learning, and the consumption of threat intelligence to compare internal behavior with incidents of compromise (IoCs) and tactics, techniques, and procedures (TTPs) used by cyber-adversaries. • Commit to continuous cybersecurity education: CISOs should require ongoing cyber-education for their security teams, including an annual series of courses that provide individual professionals more depth of understanding of threats and best practices for efficient and effective incident response. To view the full Intel Security report, visit: http://bit.ly/1GlM2KJ
1 in 3 employers will not interview applicants who they can’t find online
A
voiding a professional online presence may be hurting your chances of finding a new job. More than one third of employers (35%) say they are less likely to interview job candidates if they are unable to find information about that person online, according to CareerBuilder’s annual social media recruitment survey. Moreover, the study reaffirms that the majority of employers use social networks to screen candidates and that 35% of them have sent friend requests or followed candidates that have private accounts; most are granted permission. The national survey was conducted on behalf of CareerBuilder by Harris Poll earlier this year and included a representative sample of more than 2,000 full-time, U.S. hiring and human resources managers across industries and company sizes. Social media recruitment on the rise 52% of employers use social networking sites to research job candidates, up significantly from 43% last year and 39% in 2013. “Researching candidates via social
media and other online sources has transformed from an emerging trend to a staple of online recruitment,” said Rosemary Haefner, chief human resources officer at CareerBuilder. “In a competitive job market, recruiters are looking for all the information they can find that might help them make decisions. Rather than go off the grid, job seekers should make their professional persona visible online, and ensure any information that could dissuade prospective employers is made private or removed.” Haefner points out that most recruiters aren’t intentionally looking for negatives. Six in ten (60%), in fact, are “looking for information that supports their qualifications for the job,” according to the survey. For some occupations, this could include a professional portfolio. 56% of recruiters want to see if the candidate has a professional online persona, 37% want to see what other people are posting about the candidate, and 21% admit they’re looking for reasons not to hire the candidate. Additionally, 51% of hiring managers use search engines to research candidates. Social media recruitment by
industry Hiring managers in information technology and financial services are the most likely to use social networks to screen candidates; retail had the lowest share. • Information Technology: 76% • Financial Services: 64% • Sales: 61% • Professional & Business Services: 54% • Manufacturing: 49% • Health Care: 49% • Retail: 46% Hiring managers sending friend requests 35% of employers who screen via social networks have requested to “be a friend” or follow candidates that have private accounts. Of that group, 80% say they’ve been granted permission. Content can help and hurt job prospects Depending on what hiring managers find, candidates’ online information can help or hurt their odds of getting a job. 48% of hiring managers who screen candidates via social networks said they’ve found information that caused them not to
hire a candidate – down slightly from 51% last year. The following are the top pieces of content that turned off employers: • Provocative or inappropriate photographs – 46% • Information about candidate drinking or using drugs – 40% • Candidate bad-mouthed previous company or fellow employee – 34% • Poor communication skills – 30% • Discriminatory comments related to race, religion, gender, etc. – 29% About one-third (32%), however, found information that caused them to hire a candidate, including: • Candidate’s background infor-
• • • •
mation supported job qualifications – 42% Candidate’s personality came across as good fit with company culture – 38% Candidate’s site conveyed a professional image – 38% Candidate had great communication skills – 37% Candidate was creative – 36%
Script flipped A separate survey found that some savvy job seekers are using social media to their own benefit. One in seven (15%) workers check out hiring managers on social media, with 38% of that group seeking to directly interact with the individual.
13
The Malta Independent | Thursday 21 May 2015
Roderick Spiteri
Roderick Spiteri is Marketing and Communications Manager at MITA and editor of Malta Independent ICT feature
The Malta Independent ICT Feature
A
s a country we rank very high on the availability of eGovernment services but then rank below average on their usage and take-up. MITA together with a number of partners has embarked on a project to encourage more citizens and businesses to make use of eGovernment services. Amongst others it has partnered with the Danish agency for digitalisation because the vast majority of the
Danish population uses eGovernment services. One of the reasons is that in recent years Denmark adopted a ‘digital by default’ approach which saw various government-related transactions go online. Studies show that security professionals are being kept busy all year round with security incidents – the average is of 1.5 incidents per week and more than a quarter of these incidents are one of the most dangerous forms of cyber threats. The study by ESG
also suggests several best practices and lessons learnt on how security professionals can protect their organisations better. Recent studies have shown that the majority of HR professionals look at the social media profiles of candidates who apply for a job with their company. Now, a new study found that the majority of them look for information that supports that the candidate actually has an online persona and that he or she is fit for the job.
More shocking is the finding that one in every five have admitted that they look at social media profiles to search for reasons not to hire the candidate. All ICT Features are available on www.mita.gov.mt/ictfeature
Leveraging technology for a better public administration
L
ast week MITA hosted a workshop for key decision makers within Government and discussed the strategy ahead in leveraging technology for simplification of public administration and the provisioning of the next generation of eGovernment service. The workshop, part of the Public Services Online project launched earlier this year, was addressed by Hon José Herrera Parliamentary Secretary for Competitiveness and Economic Growth and Mr Tony Sultana MITA Executive Chairman. The project, co-financed through the European Social Funds, is coordinated by MITA together with other stakeholders including CDRT, various Ministries and Digitaliseringsstyrelsen (the Danish Government Digital Agency). During the workshop representatives from Digitaliseringsstyrelsen shared their experiences of how Denmark managed to top the EU charts with regards to eGovernment take-up with some 84% of the Danish population making use of eGovernment services. In Malta the situation is that whilst we rank first in supply and availability of eServices, demand and use requires further effort and resources. MITA’s Head of Strategy and Business Department, Mr Emanuel Darmanin, said that the project ties with the Digital Malta National Digital Strategy. In the area of Digital Government the strategy puts forward a number of objectives; including the need to simplify existing public services, promote further take-up of eGovernment services, make services available via mobile devices, increase engagement and participation and extend Government transparency and eDemocracy. Mr Darmanin explained how the Public Services Online project is based on three pillars. The first component is an up-skilling programme to a number of Government employees who provide assistance and services to the community. This training is currently underway and by the end of the project it is estimated that more than 400 public officers
educate citizens and business on the various e-services available with adequate resources on how these services can be used. For more information about the Public Services Online Project please visit gov.mt
would have been provided the necessary training. MITA took a train-the-trainer approach so that participants will be able to share their knowledge with their colleagues. The second component of the project is a market research with the aims of finding the reasons that are negatively impacting the take-up of eServices, to enable Government to plan and design using citizen-centric feedback and also to identify ways that can encourage citizens and businesses to use the e-services. A qualitative and quantitative survey via 24 focus groups and a telephone survey with some 1,500 participants. Sarah Farrugia, Project Leader, provided some preliminary highlights from the market research. Initial results show that citizens think that traditional services (i.e. those available from Ministries and Departments) are overly bureaucratic and require them to take time off from work and also include an element of frustration because of traffic and parking issues. They also said that despite
the fact that such over-thecounter services lack consistency (approx 80%) some still prefer such face-to-face encounters as they believe that sometimes this leads to better end results. The study also found that those who use eGovernment services think that they are convenient, efficient and easy to use. Some of the recommendations put forward from the research are that Government departments should extend their visiting hours to include Saturdays (approx 88%) and that Government should ensure that data sharing is a reality amongst different entities (approx 81%) as this will reduce bureaucracy (approx 94%). Citizens also agreed that there should be more awareness on the range of e-services available and provided with step-by-step guidelines on how to use these services. They also proposed that Government services should have a consistent look and feel and use simpler language. The third component of the project will be a promotional campaign to raise awareness and