According to Check Point Research, global attacks increased by 28%in the third quarter of 2022 compared to the same period in 2021. The average weekly attacks per organisation worldwide reached over 1,130.
Complicating the situation is the talent shortage, especially for experienced cybersecurity professionals. According to the 2022 Cybersecurity Workforce Study by ISC(2) there is a shortfall of 2.2 million cybersecurity workers in Asia Pacific. This means that the current 859,000 security professionals are likely stressed and burnout at their place of work.
It can also be argued that CIOs, CISOs and CHROs are themselves frustrated as they look to fill in missing posts while stressed at trying to keep the existing staff from leaving.
Anastasia Tikhonova, head of APT Research at Group-IB, explains that part of her team’s day-to-day job involves researching the crime and the evolution of the attacker’s tactics, tools, and procedures.
“When I took on the team leader role in the advanced persistent threat (APT) monitoring department, my main goal was focusing on tracking the advanced persistent threat operations which are carried out by national state hackers. We found that their main goals are to operate in the interest of states,” she elaborated.
What it takes to become a researcher
Ziprecruiter lists the educational qualifications of a researcher including a bachelor’s degree in computer science, IT, or network systems. Increasingly, schools offer specialised degrees in cybersecurity. Security researchers also gain experience on the job.
Tikhonova confided that when she started, the professional cybersecurity industry was unknown and that nobody could explain it clearly.
“In most cases, only practice makes perfect. I had to learn on the fly from my more experienced peers. Most of my first job was focused on a scene in the underground. We analysed connections between cybercriminals, found their contacts, established their networks and tried to get in touch with them to figure out what their plans were,” she elaborated.
With the growing complexity of security threats, it is suggested that a researcher focuses on a specific area. In the case of Tikhonova, she has chosen to focus on APT.
Ziprecruiter says researchers are creative thinkers, they have a desire to apart and repurpose software, and are interested in analytical problem-solving. Many security researchers start by working as part of an IT security team or as software developers before moving on to security research.
Avoiding burn out
Check Point Software Technologies says as a region, Asia experienced the most cyberattacks in the third quarter of 2022, with an average of 1,778 weekly attacks per organisation, which is an increase of 21% compared to the same period last year.
"Cybersecurity leaders are burnt out, overworked and in 'always-on' mode," said Sam Olyaei, research director at Gartner. "This is a direct reflection of how elastic the role has become over the past decade due to the growing misalignment of expectations from stakeholders within their organisations."
The ThreatConnect 2022 CybserSecurity Under Stress report revealed that among respondents, 67% say that staff turnover has increased in the past 12 months with average staff turnover estimated at 20%.
To counter the threat of burnout, Tikhonova admits operating on a principle of work hard, play hard.
“What gives my teammates and me, the extra energy is our long-standing mission of fighting cybercrime. I think everyone in our company understands that. The main idea of zero tolerance to cyber criminals.”
Anastasia Tikhonova
“When I wake up every morning, I understand that my job helps makes a real-life impact. Protecting people and companies make the world a safer place. Because we have different types of cybercriminals from all over the world, you could switch focus between different regions, different countries, and different tactics groups. Every time it's something new and interesting, there’s no time to get bored,” revealed Tikhonova.
In-house vs outsourced – which is better?
Should cybersecurity be outsourced or should an organisation have its team?
Keeping it in-house has its benefits because it allows an organisation to build domain expertise, not just around a business’s systems and networks but also day-to-day operations and ongoing projects. Also, in-house teams can be more responsive than outsourced service providers, given that they only have one priority – the company’s business.
That said, Tikhonova observes that APT threats (as this is her expertise) have become more sophisticated than traditional attacks. She adds that tracking and hunting for them require specialised skills. Ordinary workers in non-cybersecurity organisations, likely are not trained for these types of attacks.
“With our skills, we see additional possibilities and track risks and attacks more than others. One of my favourite tools at Group-IB is graph network analysis. This is a Swiss army knife for each APT researcher.
“Each research team has their possibilities, but specific cybersecurity companies have their specialised tools, which help produce more information, tracking and hunting rules,” she added.
Click on the PodChat player and hear Tikhonova share her experience as an APT researcher and discover if cybersecurity researcher is the career for you.
- What is a Security Researcher?
- What qualities, characteristics and perhaps credentials does one need to become a security researcher?
- How do you avoid burnout?
- For best results, how should CISOs and security teams work with a Researcher?
- When does it make sense to build your own “Research” team or when to outsource?
- What is your advice for those interested in a career as a security researcher?
