By: Cami Ragano
May 8, 2021
Bits and Bytes — The Benefits of Just-in-Time Cybersecurity Training
By: Cami Ragano
May 8, 2021
Time is not on the side of cybersecurity teams. As noted by CSO Online, 63% of companies said their data “was potentially compromised within the last 12 months due to a hardware- or silicon-level security breach,” and recent predictions suggest that in 2021, ransomware frequency will ramp up with a new attack happening every 11 seconds.
As a result, it is not enough for infosec professionals to stay the course; they require ways to outpace current security threats and prepare for the next wave of potential attacks. Just-in-time training frameworks offer a targeted approach to cybersecurity defense that prioritizes actionable insight and equips IT professionals to handle whatever.
The Clock is Ticking
Managing security threats is time sensitive. While it is undoubtedly true that threats such as COVID-based phishing campaigns, cookie-hijacking attacks, and crypto-mining malware can act quickly to destabilize current networks, there is another side to the story: Persistence.
Consider that in 2020, it took companies an average of 280 days to identify and contain a breach. That is nearly a year of attackers having free rein across critical networks, systems, and services. During this time, attackers can conduct thorough reconnaissance, create permanent backdoors, and establish a presence in every corner of a network or system.
In practice, this combination of slow buildup and fast attacks creates a scenario where IT professionals must be prepared to respond, no matter the threat, the origin, and no matter the intent. Put, when it comes to cybersecurity, the clock is always ticking.
Fast-tracking the Framework
IT security certifications provide one of the best ways for professionals to increase their knowledge, verify their expertise and take the fight against cyber attackers. The challenge? Many in-depth courses — such as CISSP, CISA, and CISM — require a significant time commitment on the part of IT staff. And while this is time well-spent, it also means that during a week- or month-long course, the staff must split their attention between managing current security measures and ensuring they have completed all elements of their qualification courses.
The MITRE ATT&CK framework takes a different approach to cybersecurity training. By creating a globally accessible knowledge base tied to real-world threat observations and tactics, MITRE offers a just-in-time model that prioritizes current and critical information that teams can use right now to defend digital infrastructures.
Evolving insider threat landscapes offer a relevant example. Even in the vast majority of cases, where insider security issues are accidental rather than malicious, their outcome is the same: Business networks are put at risk. By understanding the most common vectors for insider attacks (opening malicious email attachments, visiting compromised websites, or sharing information across insecure apps), teams are more equipped to handle threats as they occur instead of after the damage is done. MITRE helps fast-track the defensive process with actionable information on evolving techniques such as account discovery, man-in-the-middle attacks, OS credential dumping, and even two-factor authentication interception.
Taking a Bite out of Cyber Threats
In addition to time constraints, many companies also face a shortfall in cybersecurity skills, with 66% of infosec professionals highlighting the difficulty of retaining cybersecurity talent and 80% saying they feel inadequately prepared to defend their organization.
The common conundrum? Training. Sixty-eight percent of security professionals said they do not believe their organization provides the right training, creating an under-skilled, under-confident environment that lends itself to talent poaching from more agile and adaptable enterprises.
To help bridge this gap, MITRE has taken a different approach to infosec training. Instead of pulling IT professionals away from their jobs and teams for weeks at a time for certification (or recertification), the MITRE ATT&CK framework focuses on “bite-sized” courses designed to help IT staff pick up new and relevant skills daily. These include techniques to defend against evolving reconnaissance efforts, privilege escalation attacks, lateral movement threats, and data exfiltration techniques.
It is worth noting that the bite-sized nature of MITRE training should not be confused with simplicity; evaluations are to challenge learners and demonstrate that they thoroughly understand evolving threat techniques. Pairing this smaller-scale approach with rigorous evaluation makes it possible for companies to target security concerns relevant to their industry and market vertical, rather than opting for more generalized — and potentially less effective — defensive frameworks.
Staying the Course
Effective cybersecurity is not a sprint or a marathon; it is a continually shifting combination of both. As a result, infosec teams need both the long-term benefits of traditional security certifications paired with the right-now relevance of bite-sized and actionable training to improve immediate response, enhance remediation efforts, and reduce total risk.