How automation can help defenders beat the cyber threat odds
This blog was originally published in Teiss News on 27th January 2021. Read it here.
We’re all familiar with the quote “the definition of insanity is doing the same thing over and over and expecting different results”. This is especially true when it comes to cyber security.
Organisations spend millions of pounds trying to keep their networks protected from cyber attack, but more often than not this fails. They assume that if they allocate a substantial pot of money and purchase the right products and services, they will be secure.
Evidence shows this isn’t the case as some of the largest and most expensive data breaches in history occurred at companies with significant investments in cybersecurity tools and platforms.
The key issue here is that organisations can have all the tools and talent at their disposal, but if they don’t understand where the weaknesses are in their infrastructure - and many don’t until a breach occurs - they will always be on the cyber security back foot.
It’s time for organisations to recognise that the technology ecosystem and the threat landscape have evolved, and that a new approach is necessary for more effective cybersecurity.
Why things need to change
The combination of a crippling skills shortage, a continuously changing landscape due to digital transformation, and the fact that humans make mistakes, have all combined to create a perfect storm whereby it’s simply impossible to see the cyber security wood for the trees. Let’s look each of those in turn:
- The lack of skilled cyber security professionals isn’t going away anytime soon. A recent report found that 70% of companies do not have appropriate cyber security talent, with a shortage of around 140,000 skilled workers in the region. This has only been exacerbated by the global pandemic.
- The very nature of digital transformation means that the IT landscape is constantly changing. IT decision-makers absolutely have to include cyber security among their top considerations when it comes to digital transformation. After all, investments in transformative technologies can be meaningless if they can’t protect the business.
- And finally, we’re only human - we all make mistakes. Through 2023, 99% of firewall breaches will be caused by misconfigurations, not firewall flaws, according to Gartner.
By relying on manual inspections of systems and data for evidence of unexpected activity and indicators of compromise, cyber security teams will find themselves on the losing side.
Fight fire with fire
A study from Forrester recently warned that IT security professionals are becoming increasingly concerned about the rise in cyber crime powered by artificial intelligence (AI). But it could also be part of the solution.
Businesses of all sizes continually seek ways to increase efficiency and profitability in all areas of their organisation - and cyber security is getting in on the act. Regardless of the industry or application, automating mundane and repeatable tasks that are people-driven allows businesses and individuals to concentrate on more productive problem-solving network defending activities.
An added benefit is that it’s these problem-solving activities that foster innovation and can lead to a more resilient cybersecurity organisation. According to a Research and Markets study, the market for cyber security automation is anticipated to grow for the foreseeable future and is projected to exceed $38 billion by 2026.
There are several signs indicating that your organisation needs security automation, including a breach, lagging response times, overwhelming false positives and a need for more efficient and cost-effective operations.
The good news is that cybersecurity products designed to automate much of these processes are already widespread, and the likelihood is that most organisations will have already implemented automation tools somewhere within their organisation. Adoption rates vary but a recent study predicted that the majority of companies (77 percent) will plan to use automation in the next three years.
One of the top benefits of automation is that it gives your team members more time to focus on other security issues. At the same time, it’s an opportunity for your team to map out the very processes that enable successful automation. It enables organisations to be proactive about improving their cyber resilience rather than being target practice for any new malware that’s out there.
Automated penetration testing is a great example. Focused on the inside threat, automated penetration-testing platforms mimic the hacker's attack. These tools "deliver" a pen test by using either an agent or a virtual machine (VM) that simulates the pen tester's laptop and/or attack proxy plugging into your network. The pen testing bot then performs reconnaissance on its environment by doing identical scans as a human would do.
Once the automated tools have established where they sit within the environment, they will filter through what they've found. Detailed reports are produced together with proposed remediations, and all one one step ahead of tomorrow's malicious hacker.
A final thought
Automation and integration of cyber-security in business operations is becoming a critical way of saving resources – revenue, data, and reputation. Implementing automation could be vital in order to reliably protect organisations and ensure resilience through robust and repeatable processes.