It’s no secret that businesses around the world are struggling to recruit the skilled cybersecurity professionals they need to keep their operations safe from hackers and ransomware gangs. Last year’s ISC2 Cybersecurity Workforce Study estimated that the industry needs 3.4 million more workers to fill current gaps.
Meanwhile, the scale of the threat of cybercrime shows no sign of lessening. For example, the repercussions from the MOVEit attacks are ongoing as yet more major companies and government agencies acknowledge data breaches. Victims include hotels, universities, banks and government departments.
Is automation the answer to maintaining cyber security?
Though a complex field, effective day-to-day cyber security practices are rooted in basic traditional principles: to prevent, protect, detect and respond. Once established, effective processes can be maintained by appropriately trained junior and mid-level analysts.
Given the well-documented skills shortages at this level, however, organizations are increasingly considering automation by means of AI and machine learning tools, to make efficiency gains while maintaining the security they require. Automation is one way security teams can seek to meet today’s demand for 24/7 service.
In the field of cybersecurity, many processes are candidates for automation, including monitoring and reporting on threats to networks, managing user access, and reviewing ongoing compliance with security policies. Beyond that, automated processes can be used to correlate data and predict potential threats; and to assign priority levels to guide the sequence in which alerts will be managed.
For advocates of automation in cybersecurity, these tools are a means of speeding up response times and improving efficiency. They argue that automated tools are one way of attempting to mitigate the challenge of “alert fatigue” by which under-pressure teams can miss critical alerts. Some industry estimates put the number of missed alerts at around 30%.
Overreliance on automation for cyber security brings major risks
Drawing on our experience supporting major commercial entities and governments around the world, we advise that automation is no “silver bullet” when it comes to cyber security.
We say this because the risks in this field are simply too high to rely on a fully automated service: data loss, business interruption, reputational damage and detrimental impact on the bottom line. In 2023 the average cost of a data breach sits at some $4.45M USD.
An overreliance on automation brings with it a risk of both false negatives and false positives. Without human input, a false positive can result in an expensive interruption to services, entirely unnecessarily, and divert the time of security specialists, who are likely to need to spend as much time investigating a false alert as an actionable one. False negatives, like missed alerts, can leave organizations open to expensive breaches,
Beyond these top-line risks, there are others. In businesses that have over-committed to automation, senior teams can become blasé and overconfident about the level of protections in place. Without the appropriate level of human talent, it can be difficult to have a clear idea of the changing threat landscape.
In this context, organizations can also find they lack the creativity and forethought both to effectively manage and integrate the tools they have chosen and to think strategically about what will be required in the future. What this means is that a business can be investing a significant budget in tools that will not provide what they need for today or tomorrow.
Skills shortages vs. high demand for cyber security professionals. How to square the circle?
While skills shortages are an issue across the profession, demand for talented cybersecurity professionals is particularly acute in the areas of cloud security (because of changing working practices in the pandemic), as well as for security architects and security operations analysts.
How can organizations respond? In working with governments and major corporations around the world, we have found that the best approach is one that augments appropriately trained internal teams with specialist external services, such as those provided by Cytek. Contracting support from specialists allows businesses to tap into the very latest expertise, and to get it working on the ground immediately.
With this in place, they can also take a strategic approach to identifying skills gaps among their internal teams, that can effectively be filled with tailored upskilling programs, ultimately then ensuring that they have the talent they need to cover all routine cybersecurity tasks. While, as we have seen, outsourcing these functions wholesale to automated tools is not advisable, automation can be one part of the blend of tactics an organization uses to protect itself, and we are able to advise on the choice and integration of tools that can up efficiency and response times, without compromising security or long-term efficacy.