Need for multi-talented security team

Based on the current attack vectors that are taking place, we need defense teams that are multi-talented.

Attacks are no longer simple and scatter gun, like the Nigerian scam. The principle behind this type of attack is launch a hundreds of thousands attacks and hope that just a very few stick. Grammar was poor, yet overall was and sadly still is very, very effective.

Today we see more highly targeted attacks, emails targeted to specific companies and/or individuals in a company. The classic is a fake email from the CFO “Our upcoming SOX audit and what you need to know, about the company future” What employee is not going to want to click on a similar email with a malware infected PDF. After all how many employees are going to know what the true financial statements will look like?

Even after years of security awareness training, some employees might still click on the Nigerian scam email. However, the malware financial statement, would probably get a very high click rate. After all it is targeted, and from an internal source the CFO.  What is worse, hundreds of organization are going to see the Nigerian scam, and they all will be working on a solution. Whereas, the malware financials, it is only going to be seen by a very few companies.

We need a multi-talented multi-skilled team, capable of monitoring, checking, analyzing the data while in motion. We need a team of Security, Technical, Forensic, Software and Systems experts to work together. Forensic teaches us to hunt, look and analyze and seek answers, learn what did take place. While Security is more focused on what will take place.