Cybersecurity automation: Tips to do it right in your organization
The statistics related to breaches and intrusions can make grim reading. According to the Identity Defined Security Alliance, 84% of organizations experienced an identity-related security breach during 2021-2022, and 96% believe those breaches were preventable with correctly implemented and automated security measures.
In addition:
-
The Cyber Threat Intelligence Report revealed an almost 40% leap in high or critical-priority alerts in the first quarter 2023.
-
The Verizon Data Breach Investigations Report (DBIR) found that 50% of all phishing or social engineering attacks involve detailed homework being done on the intended victim.
-
DBIR also found ransomware plays a role in most successful attacks, that unpatched and unremediated vulnerabilities such as Log4j were among the worst breaches reported during 2022, and that 83% of breaches involved external actors, with the majority being financially motivated.
With numbers like these, it is no wonder that immense effort is going into improving the speed of detection and response provided by current security tools. Jeff Pollard, an analyst at Forrester Research, pointed out that skills such as threat hunting require two key elements. A human who is skilled at threat hunting backed up by sophisticated cybersecurity automation tools. It takes both to mount a successful defense.
Phishing simulations & training
Benefits of automation in cybersecurity
Cybersecurity automation, then, is becoming more and more critical in cybersecurity. It is being introduced into every aspect of the discipline to arm security teams with the data they need and the level of responsiveness they require to combat the efforts of cybercriminals.
Automation is also on the mind of Leonid Belkind, Chief Technology Officer and Co-Founder of Torq, a no-code security hyper-automation platform. Its tools allow incident responders, application security architects, cloud security architects and others to automate processes they would otherwise do manually.
He urged the industry to move past the use of automation to save money merely to eliminate entry-level cybersecurity positions. Instead, automation should be harnessed to perform work beyond the speed of human cognition. This enables skilled employees to use the fruits of automation in their work to aid in problem-solving, troubleshooting, and threat detection, prevention and remediation.
“There is an initial assumption that people make about automation that it is just there to save us time,” said Belkind. “Hyperautomation provides a more business-driven, disciplined approach to automating as many business and IT processes as possible.”
Saving people time is the lowest-hanging fruit. Automation should be given jobs that humans cannot do or should not be doing. For example, most breaches involve everyday processes such as forgetting a password, adding a new phone to the network, needing temporary access to something, and other mundane actions that happen in massive frequency across the globe.
ChatGPT training built for everyone
“Without automation, you might have to hire an army of analysts to review every login," said Belkind. "It is just not humanly possible to process 1,000 or 10,000 such events every second, but it is achievable with automation.”
You can set up automation to filter events and cross-reference them with historical events. People should move beyond the automation of tedious things they do manually and go a step further by automating what they could not have physically done. This allows security architects and threat specialists to move from being people who write things or build things into their proper role of preventing security issues from happening.
Human-in-the-loop automation
Human-in-the-loop automation is where a human makes the actual security decision impacting the business. Before that point, however, thousands of information collection, processing and sifting through steps take place, courtesy of automation. When the person makes a decision, automation then executes tens, hundreds, or even thousands more steps. This is a much better model than the traditional way of having security operation centers where people would work in shifts and endlessly deal with a massive queue of tasks they must perform.
“People get burned out in such environments and often don’t stick around,” said Belkind.
With the right automation support, he’s seen organizations achieve a security posture and efficiency level ten times higher than comparable organizations, yet they only needed 30% of the headcount. He cited other statistics, such as one customer reducing its mean time to resolve a problem by 700%.
Phishing simulations & training
Automation enhances the value of technology investments
Every day, news sites are filled with the major security incidents. So many small and large organizations have been impacted over the last few years. Sometimes, they are leaks of confidential information such as customer records. At other times, companies are forced to fork out millions in ransom payments to regain access to their data.
Belkind pointed out that most of these events didn’t happen in organizations unwilling to invest in cybersecurity technology. On the contrary, many had consistently large chunks of the annual budget going into security tools and technologies. Yet they still suffered badly at the hands of cybercriminals.
“Rather than a failure to acquire sufficient security protection, the usual problem is that their data flow is too cumbersome, so they cannot correlate it properly to identify the attack,” said Belkind. “They do not have efficient means of containing and remediating. That’s where the problem usually is, and that's where automation can help us to greatly reduce the number of successful breaches.”
For an in-depth conversation about the dos and don'ts of automation processes in cybersecurity, check out our episode of the Cyber Work Podcast with guest Leonid Belkind.
ChatGPT training
In this Series
- Cybersecurity automation: Tips to do it right in your organization
- Digital identity management: Balancing usability, security and privacy
- Why aren’t more women in cybersecurity, and how can we fix it?
- ChatGPT and the strengths and limitations of cognitive AI
- Advancements in online safety: Combating cyberbullying and protecting vulnerable communities
- How small and medium businesses (SMBs) can fast-track a disaster recovery plan
- What it takes to qualify for the US Cyber Games team
- The changing role of a ransomware negotiator
- Protecting K-12 schools from cyber threats: The case of Vice Society
- A deep dive into GitHub's security strategies
- Data storage security isn't working: Here are 5 ways to improve
- Protect your data with zero-trust networks
- 3 cybersecurity automation tools that your IT department needs now
- One phishing attack could expose your entire hospitality network
- Privacy compliance and security: Are you collecting too much data?
- API security best practices: What you need to know
- Considerations when using open source to build an identity system
- Security as a service: 11 categories you should know
- The impact of open source on cybersecurity
- Cybersecurity jobs are in demand. C-level IT executives needed!
- 6 cybersecurity truisms the industry needs to rethink
- 2022 cybersecurity spending trends: Where are organizations investing?
- Will corporate support for Fast ID Online [FIDO] mean mass adoption? If so, what does that mean for security and identity?
- Twitter’s cybersecurity whistleblower: What it means for the community
- Top 5 cybersecurity questions for small businesses answered
- What Is zero-trust security, and should your business adopt it?
- What’s next in cybersecurity: Predictions from Andrew Howard
- How training employees about ransomware can mitigate cyber risk
- Today’s IT job market: Beyond fear, uncertainty and doubt
- Third-party authentication (OAuth): Good or bad for security?
- Two basic actions that reduce enterprise cyber risk by 60%
- 4 key takeaways from the 2022 Verizon DBIR report
- Four examples of human error in cybersecurity — and how to fix them
- Five ethical decisions cybersecurity pros face: What would you do?
- How to become an ethical hacker: Tips from Offensive Security CEO Ning Wang
- Shaking up security awareness: How one organization is building a culture of security
- Security Culture: TikTok CISO says this trend is here to stay
- IT skills advice from IDC's IT education and certifications expert
- Managing a security awareness program: Carrots, sticks, and repeat offenders
- Reducing IT’s carbon footprint: Good for business as well as the environment
- How Booz Allen Hamilton keeps their security team secure and compliant in a hybrid world
- 5 tactics to improve cybersecurity hiring results
- Top 9 effective vulnerability management tips and tricks
- SOC integration: Creating a well-built portfolio vs. a frankenstack
- Cybersecurity hiring: Why employer and higher ed collaboration is key
- After certification: Investing in employees' cybersecurity career pathways
- Where do ransomware, cyber education and cyber insurance intersect?
- Could psychology be the key to cybersecurity awareness? Research points to yes
- How IT pros can keep their organization on the cutting edge
- Cyber talent diversity: It's time to redefine the face of security
- Cybersecurity and Windows 11: What you need to know
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
Industry insights
Digital identity management: Balancing usability, security and privacy
Industry insights
Why aren’t more women in cybersecurity, and how can we fix it?
Industry insights