Embracing automation to level the cyber security playing field

Organisations spend millions of pounds trying to keep their networks protected from cyber attack, but more often than not this fails. Why? Is it down to limited resources, a shortage of expertise and ever-decreasing budgets? Possibly. But whilst these factors certainly play a part, the key issue at play is that companies don’t understand where the weaknesses are in their threat surface until a breach occurs, and by then it’s far too late.
Cyber attackers have an edge because they only have to succeed once where defenders need to succeed every time. Increasingly attackers and adversaries are using automated& AI driven tools to penetrate and attack corporate networks. So, what can be done?

Automation as well as being part of the problem, could also likely be a big part of the solution. Regardless of the industry or application, automating mundane and repeatable tasks that are people-driven allows businesses and individuals to concentrate on more productive problem-solving network defending activities. The added benefit is that it’s these problem-solving activities that foster innovation and can lead to a more resilient cybersecurity organisation. A September 2020 report by research analyst Gartner projects that global RPA software revenue will reach $1.89 billion in 2021, an increase of 20 percent from 2020. 

And yet there is still uncertainty around automation, especially among some generations. A recent survey revealed that some believe automation will replace their jobs altogether, leaving them redundant.  Although respondents to this survey recognised that automation is a benefit in cybersecurity, when asked how it may affect them personally, a lot of younger people felt that it had the potential to mean that they wouldn’t have any work to do. The study did not explain why but it’s likely because in the early stages of your cybersecurity career a lot of the junior staff are focused on the manual trial and the investigation work – and that’s one area that’s ripe for automation. Without wishing to dismiss these fears out of hand, when you look at the challenges faced by cybersecurity teams, there will be plenty of work to go around, even as certain tasks are automated. 

Manual limitations

Many organisations still inspect systems and data manually for evidence of unexpected behaviour and indicators of compromise. Without doubt this this is a losing proposition for a number of reasons:
Digital transformation creates a continuously changing IT landscape. In 2020, projections suggest that worldwide spending on digital transformation will grow 10.4 percent year-on-year – a compromised and yet still strong growth despite the economic recession caused by the coronavirus (COVID-19) pandemic.  From a cybersecurity standpoint, all this digital transformation activity only serves to increase an organisation’s overall attack surface. 

• There continues to be a crippling cybersecurity skills shortage. The slightly better news is that a recent report from (ISC)² showed that the global shortfall in cybersecurity professionals has dropped for the first time since records began. However, there is still a 3 million plus shortfall. Automation can also help address lean or ill-proportioned cybersecurity teams.

• As the old proverb goes, “to err is human”. Human error combined with the ever-increasing amount of data to manage, will inevitably mean that a threat, or potential threat, will slip through the cracks. It is simply unrealistic to expect human teams to catch all potential cybersecurity events.

Automation advantages

The good news is that cybersecurity products designed to automate specific processes are widespread, and the likelihood is that most organisations will have already implemented automation tools somewhere within their organisation. Adoption rates vary but a recent study predicted that the majority of companies (77 percent) will plan to use automation in the next three years.
This is because automation enables organisations to be proactive about improving their cyber resilience rather than being target practice for any new malware that’s out there. They can have separate tools and service providers do the job or, as many are now doing, embrace new automated tools to do it themselves.

Automated penetration testing is a great example. Focused on the inside threat, automated penetration-testing platforms mimic the hacker’s attack. These tools “deliver” a pen test by using either an agent or a virtual machine (VM) that simulates the pen tester’s laptop and/or attack proxy plugging into your network. The pen testing bot then performs reconnaissance on its environment by doing identical scans as a human would do. Once the automated tools have established where they sit within the environment, they will filter through what they’ve found. Detailed reports are produced together with proposed remediations, and all one one step ahead of tomorrow’s malicious hacker.

It’s becoming increasingly difficult for businesses to secure themselves from cyber-threats and mitigate attacks due to their sophistication. Security teams worldwide are facing the hurdle of effectively managing millions of notifications that are generated by security capabilities. Automation and integration of cyber-security in business operations is becoming a critical way of saving resources – revenue, data, and reputation. Implementing automation could be vital in order to reliably protect organisations and ensure resilience through robust and repeatable processes.