IS AUTOMATION IN CYBERSECURITY A GOOD THING?

Automation is coming for us all – across all industries, roles and organisations. This includes cybersecurity, but advances in automation offer something of a double-edged sword for the sector. A lot of debate centres on whether automation in cybersecurity really is for the best. As its prevalence continues to increase, now is a good time to ask this tricky question.

The cost of breaches

Advances in cybersecurity cannot come soon enough. In the past two years, 56 per cent of UK organisations have experienced a data breach. 62 per cent have had a cybersecurity incident. Data breaches and hacks are becoming more widespread, well-known and have long-lasting impacts beyond the bottom-line. As highlighted by the British Airways, Yahoo and TalkTalk breaches, it can take a long time to rebuild trust and reputation.

50% of organisations that have experienced a data breach, state that it occurs two to three times a year. Worryingly, almost a fifth (19%) have experienced more than five. Hackers are trying harder to get into sensitive systems and access data. Workers may inadvertently leak data.

The opportunities to breach a system are becoming more widespread with the adoption of the Internet of Things (IoT). More connected devices mean more gateways to protect.

Automation’s benefits

That’s why organisations are looking to automation and artificial intelligence (AI) as a way to scale their operations and increase detection. Many senior cybersecurity professionals recognise the potential benefits of automation.

Automation can help security teams analyse vast quantities of data to understand ‘normal’ behaviour in the system and spot anomalous (potentially malicious) activity.

If a threat is detected, then automation can create protections faster than a human doing it manually. Time is of the essence during a cyber attack. The minutes saved using automation can make the difference between a city-wide shut down of the power grid and a thwarted hack, for example.

Finally, automating the time-consuming tasks within a cybersecurity team can ease the burden on human workers and lessen the skills shortage. However, to do this you first need team members who can implement and maintain automated systems. Therein lies the problem.

Automate or lose

Organisations are stuck in an automation arms race. Attackers now use automation to spread malicious activity at scale and to advance the complexity of their attacks. Automation offers the only long-term protection against AI-powered hacks. But organisations are scrambling to find the talent who can develop this. 76% of managers find it difficult to hire automation experts.

People power

People are the power behind automation. To use it effectively, you need people to understand its insights and act accordingly. Automation isn’t designed to replace human intelligence, but to augment it.

So, automation is not a panacea. Humans still reign supreme in understanding context. They can quickly tell what’s questionable versus normal, and they can adapt to fast-changing conditions. Automation still delivers a lot of false positives. But humans cannot scale and are more prone to error. That’s where automation can help.

Man and machine work best

For security leaders, there are benefits achieved through automation. They are realised when combined with human experts, however. When investing in automation, therefore, you must also prioritise the team members who’ll work with it. In the cybersecurity battle, you need boots on the ground as well as bytes in the cloud.