Every cybersecurity professional knows there’s no such thing as perfect security. The best that can be achieved is to make the organisation resilient enough to not only prevent the most commonly employed cybersecurity attacks, but also contain the damage inflicted by any attack that inevitably gets past whatever cybersecurity defences are in place.
Unfortunately, a new global survey by The Ponemon Institute (on behalf of IBM) suggests that most organisations are not especially resilient when it comes to cybersecurity. The survey indicates that 77 percent of respondents don’t have a cybersecurity incident response plan consistently applied across the enterprise and only 30 percent have sufficient levels of staffing to achieve a high level of cyber resilience.
Faced with those challenges, organisations should be relying more on automation whenever possible to maximise the effectiveness of the cybersecurity teams they do have in place. As the overall size of the attack surface continues to expand, it’s simply not feasible for cybersecurity teams to defend against every threat without some additional help.
If we take a look at social engineering attacks such as spear phishing and business email compromise (BEC), they’re extremely hard to detect. Cybercriminals leverage social engineering to mimic user behaviour to get around known defences and infiltrate organisations.
Australian businesses reported more than $3.8 million lost to sophisticated BEC scams in 2018, according to the ACCC’s Targeting scams report.
This gets to the heart of the challenge for IT security teams. Email is the number one threat vector because it allows malicious third parties to directly target what has long been regarded as the organisation’s weakest link: its employees.
Yet most cybersecurity investments in recent years have been directed at securing networks and computers. While this of course is a great thing, the problem lies in where the bad guys focus their attention next – exploiting human weaknesses.
Easing burden on cybersecurity teams
Automation is playing an important role in threat detection and response, which in turn, eases the burden on these cybersecurity teams. According to the survey, however, only 23 percent of respondents said they were making significant use of automation, while another 77 percent reported their organisations relied on automation either moderately, insignificantly or not at all.
It’s worth noting that organisations that make extensive use of automation rate their ability to prevent, detect, respond and contain a cyberattack as being significantly higher. That capability turns into real dollars when you consider the fact that organisations that have embraced automation typically incur far fewer costs whenever a data breach does inevitably occur.
A big part of the problem with implementing automation, however, can be traced back to the vast number of cybersecurity tools organisations have deployed. These tools most often only serve to reduce overall visibility, while simultaneously increasing operational complexity.
No cybersecurity cavalry coming
As regulations such as Australia’s Notifiable Data Breaches scheme and the EU’s General Data Protection Rule (GDPR) become more strictly enforced, the cost of a data breach is only going to rise. The chances organisations will be able to contain the cost of a cybersecurity breach by throwing more cybersecurity personnel at the problem is virtually nil.
There’s no proverbial cybersecurity cavalry coming over the hill to the rescue. There are already millions of cybersecurity positions that aren’t being filled because of a chronic skills shortage. At the rate at which cybersecurity students are being trained, most of those positions might never be filled.
The only option is to circle the wagons by ruthlessly automating as many cybersecurity processes as possible. The degree to which all the cybersecurity tools an organisation has adopted share a common set of application programming interfaces (APIs), the easier that goal becomes to achieve.
Automation is the answer
It should be clear to most cybersecurity professionals by now that there can be no cybersecurity resiliency without increased reliance on automation.
The hard work that still needs to be done is figuring out what to precisely automate and when. That requires a detailed understanding of how cybersecurity processes and workflows really work within the organisation and then rationalising many of the existing tools.
It’s simply not possible to automate what’s not well understood. Arguably the most important step toward achieving meaningful cybersecurity resiliency that any organisation can take is to start documenting those processes right away.
About the author
Mark Lukie is a sales engineer manager for Asia Pacific at Barracuda Networks. He has over 17 years’ experience in networking, security, backup/disaster recovery, public cloud platforms, as well as systems integration. For more information, visit: https://www.barracuda.com/