Published on November 9, 2023, 3:27 am

Global cyberattacks have increased by 28% in the third quarter of 2022 compared to the same period last year, according to a report by Check Point Research. On average, organizations worldwide experienced over 1,130 weekly attacks. This rise in cyber threats is further compounded by a shortage of experienced cybersecurity professionals, as highlighted in ISC(2)’s 2022 Cybersecurity Workforce Study. The study revealed a shortfall of 2.2 million cybersecurity workers in the Asia Pacific region alone, leading to additional stress and burnout among the existing security workforce.

The demand for qualified professionals has put pressure on CIOs (Chief Information Officers), CISOs (Chief Information Security Officers), and CHROs (Chief Human Resources Officers) who are tasked with filling vacant positions while also retaining their current staff. The situation is challenging as organizations strive to maintain effective cybersecurity measures amidst increasing attacks and limited resources.

To shed light on the role of a security researcher in combating cybercrime, Anastasia Tikhonova, Head of APT Research at Group-IB, explains that her team focuses on tracking advanced persistent threat operations conducted by national state hackers. These threat actors operate with state interests in mind, making it crucial for researchers like Tikhonova to understand their tactics, tools, and procedures continually.

Becoming a security researcher requires certain educational qualifications listed by Ziprecruiter, including a bachelor’s degree in computer science, IT, or network systems. However, practical experience plays a crucial role in developing expertise in this field. Tikhonova herself started with minimal knowledge of the professional cybersecurity industry and relied on guidance from more experienced peers. Much of her initial work involved analyzing connections between cybercriminals and delving into the underground scene to uncover their plans.

Given the growing complexity of security threats, specializing in a specific area is recommended for aspiring researchers. In Tikhonova’s case, she chose to focus on advanced persistent threats (APTs). Researchers are known for their creativity, desire to explore and repurpose software, and analytical problem-solving skills. Many professionals start their careers as part of an IT security team or as software developers before transitioning into security research.

The prevalence of cyberattacks in the Asia Pacific region has resulted in highly stressed and overworked cybersecurity leaders. Gartner Research Director Sam Olyaei emphasizes that expectations from stakeholders within organizations have led to a significant increase in workloads for cybersecurity leaders, contributing to burnout. The ThreatConnect 2022 Cybersecurity Under Stress report supports this observation, with 67% of respondents reporting increased staff turnover over the past year.

To avoid burnout, Tikhonova believes in working hard while also prioritizing well-deserved downtime. The sense of purpose derived from fighting cybercrime fuels her and her team’s motivation. Each day brings new challenges and discoveries in different regions, countries, and tactics employed by cybercriminals.

When it comes to managing cybersecurity teams, organizations face the decision of whether to outsource or keep it in-house. While having an internal team offers benefits such as domain expertise and responsiveness, Tikhonova highlights that APT threats require specialized skills that ordinary workers may not possess. Specific cybersecurity companies provide researchers with specialized tools that aid in analyzing risks and attacks more comprehensively.

To gain deeper insights into the role of a security researcher and whether it’s a suitable career path, FutureCIO provides an enlightening PodChat session featuring Anastasia Tikhonova. She answers key questions such as the requirements for becoming a researcher, strategies for avoiding burnout, and how CISOs and security teams can effectively collaborate with researchers.

In conclusion, the increase in global cyberattacks demands greater attention towards strengthening cybersecurity measures. The shortage of qualified professionals further adds to the challenge faced by organizations. Security researchers play a crucial role in tracking and combating advanced persistent threats, offering valuable insights to protect people and companies. By recognizing the contributions of these researchers, organizations can better navigate the evolving cyber threat landscape while safeguarding their digital assets.


Comments are closed.