57% of businesses surveyed across META list lack of expertise as a top reason for outsourcing IT security
More than half (57%) of small and medium-sized businesses (SMBs) and enterprises across the META region listed the need for special expertise among their top reasons for engaging third-party security specialists in 2021, according to the Kaspersky annual IT Security Economics report. Other commonly listed top reasons among both groups include meeting compliance requirements (SMB: 57%; enterprise: 56%) and efficiency in delivering cybersecurity solutions (SMB: 43%; enterprise: 66%).
To help IT security workers reach that highly sought-after professional level, Kaspersky has expanded its online training portfolio with the Advanced Malware Analysis Techniques course for established reverse engineers, incident responders, and digital forensic specialists.
In 2020, businesses were forced to accelerate their digital transformation by months, or even years, resulting in the rapid increase of complex IT infrastructure and related security risks. In combination with the shortage of cybersecurity specialists and a lack of capacity to develop talent internally, this situation has compelled companies to look for external support.
Kaspersky’s global research, conducted among IT business security decision-makers, shows that companies are turning to outsourcing of certain functions to gain expert help. In 2021, specialist expertise has surpassed even financial effectiveness as the main reason to bring in third-party services for business globally and locally across the META region. Additionally, last year, enterprises mainly outsourced IT security because of the added efficiency they provided in delivering security solutions (66%), while SMBs were guided by shortages of expert skills inside the organisation (80%) and financial considerations (60%).
Improving defenses (40%) and the level of specialist security expertise (39%) are expected to dominate IT security budget expenditure for all sizes of business – and were listed as the main drivers for increasing business spending on cybersecurity.
All of this means that highly qualified security experts are more in demand today than ever. Those who want to enhance their career must seize the moment to acquire new, rare skills. To help professionals from all over the world take their skills to a new level, Kaspersky has expanded its training portfolio with the new Advanced Malware Analysis Techniques course.
The focus of the course is advanced static analysis. That is because this is the most reliable way to determine the functionality of the code and find actionable artifacts for cybersecurity incidents involving previously unseen malicious code. This allows organisations affected by APTs to define adequate damage assessment and incident response.
The course also heavily features exclusive Kaspersky know-how on decryption automation, decoding and other processing of the samples, which helps not only optimise routine tasks, but preserve a researcher’s work in code.
The training was developed by Igor Kuznetsov, Chief Security Researcher and member of Kaspersky’s revered Global Research and Analysis Team. Igor cherry-picked exercises from his own work on cases like Lazarus, MiniDuke and Carbanak, to cover the most important aspects of static analysis in IDA Pro while also demonstrating unique cornerstone cases that require special treatment.
“During my 20-year career at Kaspersky, I have had a chance to work on many interesting and notorious APT campaigns. The Advanced Malware Analysis Techniques course has assembled this expertise to transfer it to the next generation of IT security professionals. We hope that our experience and the tools that we share will help level up the experience of working with cybersecurity incidents – such as analysing complicated malware or doing onsite incident response and triaging samples correctly,” said Igor Kuznetsov, Chief Security Researcher at Kaspersky.
