Global Head of Client Security Solutions and Risk Services at Wipro Limited.
Do you ever wonder why organizations fall prey to cyberattacks despite spending millions on cybersecurity? After over three decades of improving cyberdefense mechanisms, what is driving the need for further enhancing risk posture?
Lack of automation and security intelligence has slowed down the scaling of cybersecurity techniques and their ability to protect against new threats. For example, one of the critical first steps in establishing a cybersecurity management program — identifying assets and classifying data — takes months or weeks when done manually.
In an ever-evolving digital landscape, it is vital to keep pace with trends in cyberthreats, which are constantly changing due to several factors. First, more is at stake than just data. Boundaryless enterprises are prone to attacks on cloud and operational technology for business disruption. Second, attacks on data integrity can have a greater impact than attacks on data confidentiality and availability. Finally, cybercriminals are leveraging highly sophisticated and specialized techniques that mostly go undetected.
The emergence of sophisticated threats along with constantly changing digital trends have increased the exposure to data breaches. Cyberattacks aren’t just becoming more frequent — they’re becoming smarter, more refined, more expensive and more threatening to businesses of all sizes.
What are the chances of defending a digital organization when facing highly sophisticated threats today with cybersecurity techniques that rely heavily on human interactions and respond slowly? It’s probably the same as bringing a knife to a gunfight.
With sophisticated cyberattacks such as ransomware, cybersecurity automation and security intelligence are necessary.
Some of the business drivers behind security automation are:
- Security Tech Explosion And Lack Of Skilled Workers: There are hundreds of security technologies and not enough skilled workers and talent pools that understand how to implement them.
- Lack Of Standardization: The majority of security implementations fail to deliver results as they are heavily dependent on who is implementing them; hence, the need for standardization.
- Expanded Attack Surface: With the adoption of cloud and reliance on third-party service providers, the threat exposure has increased exponentially and can’t be managed by old techniques.
Why We Need Security Automation And Intelligence
Automation has been a big part of revolutionizing industry. Adoption of artificial intelligence (AI), machine learning (ML) and bot technologies has led the digital transformation. Experts are advocating for the application of zero trust and cybersecurity automation to improve security posture.
Cybersecurity automation and intelligence provide an enhanced and structured way to identify, detect, protect against, respond to and recover from security threats while reducing human dependency.
Several studies have been conducted that analyze how cybersecurity automation tools affect the cost of data breaches. As FedTech notes: “Organizations that have invested in automation and orchestration have much lower costs for data breaches.”
Automation in cybersecurity can be achieved by leveraging cutting-edge technologies like artificial intelligence and machine learning. For example, antimalware solutions are one form of machine learning used for cybersecurity defense. Automated and intelligent managed detection and response (MDR), combined with security orchestration, automation and response (SOAR), can help detect and respond to cyberthreats such as ransomware in real time. Context- and risk-based authentication methods help reduce the probability of unauthorized access to systems.
Some key areas of security automation and intelligence that can improve ROI while enhancing security posture include:
- Security orchestration, automation and response.
- Security intelligence and threat sharing.
- RPA for next-gen identity and access management.
- Cyberanalytics and user-behavior analysis.
- Enterprise governance risk and compliance.
- Data loss prevention and protection.
- Cloud security and continuous compliance monitoring.
- Network security and perimeter defense.
- Automated policy management.
Why We Are Falling Behind On Cybersecurity Automation
Some key inhibitors of automation include:
- Reliance On Data: Machine learning is data-intensive because decisions are made based on data, not just algorithms, and that takes time.
- Expensive Implementation: Machine learning-based applications carry a cost premium, as does the talent necessary to operate and optimize them.
- Lack Of Integration: There may be reluctance to support integration, as well as a lack of integration with point-based security solutions altogether.
Lack of technology standardization and skilled workforce are the biggest challenges organizations will face as they look into cybersecurity automation. Organizations will need to map their digital assets to the required security controls and plan for integration with automation techniques. This will require organizations to consider the following:
- Development of an information risk management program that can see into all digital assets, cybersecurity tools and processes.
- Definition of KPIs and KRIs to demonstrate the ROI and value of security automation.
- Security investment that follows the framework of integration and automation by design.
Call For Action
Companies in technology need to focus on a holistic approach to security by combining traditional concepts with new, automated tools. Layering these security concepts will allow organizations to keep up with the growing number of intricate attacks. The following should serve as the call for action for enterprises:
- Build cybersecurity programs on a strong foundation. Invest in the basics — security policy and standards, asset inventory development and cyber tool inventory — and invest in innovation.
- Assess what is working and what is not. Perform prioritization and apply risk management techniques.
- Test your resilience like an attacker. Enhance conventional red attack and blue defense team testing.
- Invest in breakthrough automation. Enhance cyber program effectiveness and scale value by employing advanced technologies to automate defenses.
- Be proactive with security intelligence. Implement strategic and tactical threat intelligence to proactively respond to modern-day threats.
- Define KPIs and KRIs to measure success. Establish the KPIs, such as the average time it takes to respond to an incident, to measure the ROI from cybersecurity automation.
Last but not least, you should elevate the need for security automation and intelligence to the board level and gain executive support and active business stakeholder participation for this initiative.