Cybersecurity automation: Tips to do it right in your organization
The statistics related to breaches and intrusions can make grim reading. According to the Identity Defined Security Alliance, 84% of organizations experienced an identity-related security breach during 2021-2022, and 96% believe those breaches were preventable with correctly implemented and automated security measures.
In addition:
-
The Cyber Threat Intelligence Report revealed an almost 40% leap in high or critical-priority alerts in the first quarter 2023.
-
The Verizon Data Breach Investigations Report (DBIR) found that 50% of all phishing or social engineering attacks involve detailed homework being done on the intended victim.
-
DBIR also found ransomware plays a role in most successful attacks, that unpatched and unremediated vulnerabilities such as Log4j were among the worst breaches reported during 2022, and that 83% of breaches involved external actors, with the majority being financially motivated.
With numbers like these, it is no wonder that immense effort is going into improving the speed of detection and response provided by current security tools. Jeff Pollard, an analyst at Forrester Research, pointed out that skills such as threat hunting require two key elements. A human who is skilled at threat hunting backed up by sophisticated cybersecurity automation tools. It takes both to mount a successful defense.
Should you pay the ransom?
Benefits of automation in cybersecurity
Cybersecurity automation, then, is becoming more and more critical in cybersecurity. It is being introduced into every aspect of the discipline to arm security teams with the data they need and the level of responsiveness they require to combat the efforts of cybercriminals.
Automation is also on the mind of Leonid Belkind, Chief Technology Officer and Co-Founder of Torq, a no-code security hyper-automation platform. Its tools allow incident responders, application security architects, cloud security architects and others to automate processes they would otherwise do manually.
He urged the industry to move past the use of automation to save money merely to eliminate entry-level cybersecurity positions. Instead, automation should be harnessed to perform work beyond the speed of human cognition. This enables skilled employees to use the fruits of automation in their work to aid in problem-solving, troubleshooting, and threat detection, prevention and remediation.
“There is an initial assumption that people make about automation that it is just there to save us time,” said Belkind. “Hyperautomation provides a more business-driven, disciplined approach to automating as many business and IT processes as possible.”
Saving people time is the lowest-hanging fruit. Automation should be given jobs that humans cannot do or should not be doing. For example, most breaches involve everyday processes such as forgetting a password, adding a new phone to the network, needing temporary access to something, and other mundane actions that happen in massive frequency across the globe.
Phishing simulations & training
“Without automation, you might have to hire an army of analysts to review every login," said Belkind. "It is just not humanly possible to process 1,000 or 10,000 such events every second, but it is achievable with automation.”
You can set up automation to filter events and cross-reference them with historical events. People should move beyond the automation of tedious things they do manually and go a step further by automating what they could not have physically done. This allows security architects and threat specialists to move from being people who write things or build things into their proper role of preventing security issues from happening.
Human-in-the-loop automation
Human-in-the-loop automation is where a human makes the actual security decision impacting the business. Before that point, however, thousands of information collection, processing and sifting through steps take place, courtesy of automation. When the person makes a decision, automation then executes tens, hundreds, or even thousands more steps. This is a much better model than the traditional way of having security operation centers where people would work in shifts and endlessly deal with a massive queue of tasks they must perform.
“People get burned out in such environments and often don’t stick around,” said Belkind.
With the right automation support, he’s seen organizations achieve a security posture and efficiency level ten times higher than comparable organizations, yet they only needed 30% of the headcount. He cited other statistics, such as one customer reducing its mean time to resolve a problem by 700%.
ChatGPT training built for everyone
Automation enhances the value of technology investments
Every day, news sites are filled with the major security incidents. So many small and large organizations have been impacted over the last few years. Sometimes, they are leaks of confidential information such as customer records. At other times, companies are forced to fork out millions in ransom payments to regain access to their data.
Belkind pointed out that most of these events didn’t happen in organizations unwilling to invest in cybersecurity technology. On the contrary, many had consistently large chunks of the annual budget going into security tools and technologies. Yet they still suffered badly at the hands of cybercriminals.
“Rather than a failure to acquire sufficient security protection, the usual problem is that their data flow is too cumbersome, so they cannot correlate it properly to identify the attack,” said Belkind. “They do not have efficient means of containing and remediating. That’s where the problem usually is, and that's where automation can help us to greatly reduce the number of successful breaches.”
For an in-depth conversation about the dos and don'ts of automation processes in cybersecurity, check out our episode of the Cyber Work Podcast with guest Leonid Belkind.