AND HOW CAN YOU FIND THE RIGHT BALANCE FOR YOUR ORGANIZATION?
by Martin Banks, Editor-in-Chief, Modded
Automation has crept into almost every industry, and cybersecurity is no exception. Security software today can do far more without human intervention than it used to, but some experts still have reservations.
Automated security’s recent rise in popularity is understandable, of course. In the wake of the COVID-19 pandemic, 62% of IT departments are tightening their budgets, yet cybercrime is increasingly prominent. Automation represents a cost-effective solution to this predicament.
Many business owners may see this trend and hesitate. Security automation seems promising, but it also raises some concerns. Here’s a closer look at how much of a security system it’s safe to automate.
There are plenty of reasons why a business may want to automate. As previously mentioned, automation is cost-effective. It can extend a company’s cybersecurity resources and reach without having to hire more employees. Automation has some security benefits as well.
The most notable advantage of automated cybersecurity is the removal of human error. These accidents are the leading cause of data breaches, and even the most experienced employee can make mistakes. Automating some tasks can lessen the risk of human error leading to a breach.
In some areas, automation can enable faster responses, helping contain any incidents before they cause much damage. An automated system can likely detect a breach, error, or other points of concern faster than a person. It can then warn human workers or take action autonomously to resolve the situation sooner.
Concerns Over Security Automation
For all its benefits, security automation is far from perfect. In some cases, it could even heighten some concerns that aren’t major causes for alarm with traditional security approaches. For one, it could make workers complacent. Employees could let their guard down, thinking they’re safe, which leaves them vulnerable if something slips through the cracks.
Even the most advanced automated systems can’t catch or stop every threat. Cybercriminals are humans, not machines, so they can think creatively and act unpredictably, which automated security can’t match. So while autonomous security systems can do a good job preventing predictable, familiar attacks, it’s less effective against new, unusual ones.
Automation also gives rise to something called the Leftover Principle. Since the simplest tasks are the easiest to automate, what’s left for human workers is often the most challenging and complex. Cybersecurity already faces a severe talent shortage, and when the only positions left are challenging ones, it can worsen this gap.
Given these risks, it’s clear that businesses shouldn’t rely too heavily on security automation. At the same time, they don’t have to abandon it entirely, either. The answer lies in a more careful, thoughtful approach to automation.
It’s safe to automate some processes, but not all of them. Here’s how businesses can apply cybersecurity automation safely and effectively.
The first step to implementing automation is understanding its limitations. Not every task is ideal for automation. When you know what it can and can’t do, you can avoid applying it to areas where it wouldn’t be effective.
Take the physical side of cybersecurity, like protecting a data center, for example. The mere presence of guards discourages criminals from targeting an area, but an automated system doesn’t have the same impact. While automated security may handle a physical breach well, having in-person physical security stops attacks from happening in the first place.
Similarly, since automation is less effective against new or unusual attacks, businesses still need human workers ready to tackle developing situations. Understanding where automation’s abilities end helps inform more effective security protocols.
It can be tempting to automate for automation’s sake, but this is a dangerous approach. Instead, companies should apply security automation only as a solution to a relevant problem. Automation should answer an issue where traditional methods fall short, not be something businesses do because it’s popular.
For example, one of the best ways to apply cybersecurity automation is in software updates. According to a 2019 survey by Avast, 55% of all installed apps are outdated, which can leave glaring vulnerabilities. Since people so frequently forget or refuse to update, automating updates is the ideal solution here.
Generally speaking, automation is better at routine, repetitive tasks, while humans are better at work that requires more creativity or nuance. When considering security automation, companies should look to automate the areas where it has the edge over people. This will both help get the highest return on investment and prevent risks from over-automating.
While IT departments determine what processes to automate, they should also consider how to automate them. If companies automate the wrong part of a process, it can create more problems than it solves.
Password management is a good example of this concept since it’s a relevant threat and a common area to automate. Businesses could automate their system so that it requires users to change their password every few months. While this seems like a good idea, this specific approach will likely lead users to choose weak, easier-to-remember passwords.
A better solution would auto-generate passwords as well, ensuring user error has little impact on the system. Alternatively, the system could automate two-factor authentication, which makes accounts 99.9% less likely to be compromised.
Finally, after automating some security tasks, companies should monitor and benchmark these programs’ success. It can be challenging to know how effective an automated system will be beforehand. By measuring its performance, IT departments can understand if it worked or not, informing future investments.
If the types of vulnerabilities automation was supposed to resolve don’t go away, companies can try a new approach. If it worked, they can see if similar actions could have the same effect elsewhere. In either case, ongoing monitoring helps businesses ensure they automate safely.
Companies may be able to find information about how automation has worked out in other areas. Seeing how other businesses have benefited or not from automation can inform safer automation strategies.
Make the Most of Your Security
Automated cybersecurity tools have a lot of potential, but businesses should understand the risks, too. Automating some tasks can be perfectly safe, and sometimes even safer than traditional approaches. Companies should be careful not to rely on automation, though.
The safest, most effective automated security systems don’t replace people but rather augment their work. Businesses should automate where humans fall short and leave other areas unautomated. This dynamic approach will provide the highest security a company can get.
About the Author
Martin Banks is the founder and Editor-in-Chief of Modded. You can find his writing all over the internet. He covers tech, gear, cars, and more.