Building Business Resilience Through Cyber Automation
Author: Geoff Hancock
Cyberattacks continue to increase in frequency and intensity; companies can’t keep up. It's become increasingly evident that traditional methods, like anti-malware software, are no longer sufficient to keep sensitive data safe. And IT personnel are no match for the sheer volume of such intensive, sustained attacks. People’s abilities to manually address such attacks and to make quick, accurate, highly impactful decisions are very limited. To deal with this situation, IT and business executives are finding ways to strengthen their cybersecurity strategy using automation. When automation is applied, repetitive, time-consuming actions can be performed more rapidly and in a more repeatable manner. This gives analysts time to focus on other, more valuable tasks.
Business resilience is an organization’s ability to adapt to changes in business, good or bad while maintaining operations and protecting data, services, employees, customers, assets, and overall brand reputation. Enterprise risk management—which covers business, IT, and cybersecurity—gives the company a clear plan on how to do this. As part of that plan, the focus on cyber resilience involves the ability to prepare for, respond to, and recover from a cyberattack by tying together business risk with the capability to secure your digital assets. By reducing human intervention, cybersecurity automation also enables more time and energy to focus on essential elements of security operations. Some of the challenges security operations face today:
Security operations centers (SOC) are struggling with response times. Organizations receive hundreds to thousands of threat alerts daily, and security analysts are unfortunately only able to investigate a small portion of these, making it difficult to manage and respond to real high risk, high impact problems.
Reduce the analysis of false data. There are many tools cyber professionals use to protect the organization. Many of them create a lot of data. Data that is not prioritized or organized according to high or low-risk areas of the business. This tidal wave of data can overwhelm analysists and distract them from what is important.
Conventional methods are no longer enough. Security teams need automation because it provides fast and reliable detection of cyber threats. Still, implementing automation is not without its challenges:
Loss of control. In many instances, the biggest obstacle to automation is simply a perceived loss of control. In reality, the right automation tool can provide a higher level of visibility and enhanced oversight of the entire cybersecurity process.
Lack of trust. It's easy for a highly skilled human to feel as though he is more capable of managing incident response than a machine. Distrust of technology can be a huge hurdle to overcome, but ultimately—given the shift in type, frequency, and complexity of cyberattacks—it's a futile argument.
Fear of change. One misconception is that automation spells the inevitable elimination of the human workforce. Will technology take over cybersecurity operations? Will robots replace the IT department? The fact is that while automation is undoubtedly changing the way people work, it also creates new opportunity for people to coordinate and use technology more effectively.
Advantages of using automation
Cyber automation enables organizations to find and reduce risk in areas that may have a low but essential impact on the company. Streamlining these important risk management tasks frees up IT resources and staff to assess high-risk areas and helps them manage risk more efficiently.
Better decision making. One challenge corporate leader’s face is having to make critical business decisions quickly, often without being able to assess the risk to other parts of the business. Using cyber automation across the company provides a grouping of high, medium, and low-risk areas, each of which requires a direct coloration to business impact. This enables executives to make more informed decisions about how the business is run and where to make investments.
Increased efficiency. Adding automation into IT systems management can help streamline business workflows, data management, and protection to create a much more stable and efficient environment.
A clear view of enterprise risk management. Several of the high profile breaches in 2018 and 2019 have occurred because of poor enterprise risk management and the inability to identify high risk and low-risk areas. Not patching an IT system promptly may seem trivial on the surface, but if not done, can impact the company adversely. Equifax is a prime example of this. And not creating a plan that coordinates older IT systems with newer technologies to provide innovative business solutions can also damage a company, as in the case of Marriott hotels.
Focus on high-value activities. The time saved through automation will free up cyber teams so they can allocate their energies to monitoring, threat mitigation, and response on the most critical areas of the system.
Minimize the risk of human error. Automation can also help reduce the possibility of injecting human error into security tasks. For example, office networks are commonly compromised through phishing emails, which try to trick recipients into clicking links to malware. Phishing emails are becoming more complex, making normal analysis more challenging. Automated tools could quickly weed out such emails from company servers.
Today, low-risk tasks can be automated, which frees up resources to focus on high-risk areas that need extra protection and management. But, in the future, as cyber defense automation technology matures, business and IT risk management will benefit even more when higher risk areas become automatable. In general, cybersecurity automation can strengthen a company’s risk management and increase resilience in the following ways:
Methodically and persistently identifies the risks surrounding your business activities.
Assesses the likelihood of an event occurring.
Provides an understanding of how to respond to these events.
Puts systems in place to deal with the consequences.
Monitors the effectiveness of your risk management approaches and controls.
Improves decision-making, planning, and prioritization.
Helps manage capital investments and resources more efficiently.
Helps you identify the highest risk areas and helps focus on ensuring those systems are resilient.