Automation is no longer optional in cybersecurity. In fact, it is the fastest and most effective way to deter cyber attacks while also offloading mundane tasks that are traditionally managed by humans. However, improperly implemented automation can lead to significant errors and damage to reputation and financial performance.
What does that mean for the human factor in cybersecurity? Albin Zuccato, CISO of ICA Gruppen walks us through the different levels of automation and how it can serve to reduce the human factor.
What Can Businesses Do With Automation?
AI or automation is the automatically controlled operation of an apparatus, process, or system by mechanical or electronic devices that take the place of human labor. Here, security comes into play because automation concerns processes – how can organizations ensure their network is secure?
Second, automation is widely adopted as a way to replace human labor, which is directly responsible for a lot of errors in security – i.e. the human factor.
“I do not see an option in security not to use automation.”
Albin notes that there are three goals for automation in security. These are:
- Speed: Automation increases reaction speed, which is crucial for stopping attacks and containing viruses.
- Efficiency: Automation allows for better utilization of resources and replacement of human labor which tends to be less efficient.
- Noise reduction: Also known as the human factor. People are creative and very good at solving new problems. But when it comes to solving the same problem over and over, automation is more efficient and consistent in its solutions. This allows organizations to recalibrate and stabilize their processes.
Having said that, humans are still superior in certain aspects of security. So a balance must be struck. Albin explains that it helps for businesses to think about where they need automation the most by examining their internal security processes.
Three Levels of Security Processes
Artistic
This is where penetration testers try to find new vulnerabilities in a network while handling critical security incidents, which are never the same. This requires artistry, which is something humans excel in.
The benefit of automation at this level is noise reduction by utilising a playbook or manual for security incidents that will ensure solutions carried out are consistent. Automation here is a tool to reduce the human factor and as a support to allow humans the flexibility they need to handle such situations requiring artistry.
Craftsmanship
These are where processes have some variability and require skilled workers. There may be patterns and repetitive processes with some level of variation that benefits from the eyes of a human who has the larger context of the business network and security goals.
Here, automation can help with taking over the more repetitive processes to reduce the human factor while still giving human teams to focus only on the variations when necessary.
Industrial
This is the most common level of security processes that make up security and where automation is most effective. At this level, processes have very little variability and are mostly repetitive. Generally, humans do not accelerate here, which is where automation can have the biggest impact on noise reduction. With machine learning and AI, industrial processes can be streamlined and made incredibly efficient with little human intervention.
The Challenges of Automation in Security
With any new technology come challenges. Albin cautions that trust will be a big issue as automation is adopted not just by businesses but by bad actors as well. It will be an ‘arms race’ as both sides begin to adopt AI and machine learning. Organizations do not have the luxury of waiting to see how the technology evolves as they risk being behind the curve.
“We have to learn now and start incorporating AI and automation into our processes.”
Explaining ICA Gruppen’s use of automation in security processes, Albin says that the company has reduced its dependence on human decisions which therefore has reduced human errors.
Albin added: “Automation must happen, and I think the most important part here is that we do automation that is purpose-driven.”
A purpose-driven approach to automation is the way forward, noted the CISO who explained that a company should decide what they want to achieve with different kinds of automation to get the most out of it. After all, there are plenty of tools in the market promising different outcomes. Clarity will be crucial.
He also stressed the need to focus on where humans can be most effective.
“With automation, the creativity of humans can be boxed into areas where they will be most effective – let automation take care of the rest and reduce and correct errors.”
No Escaping the Human Factor
Finally, Albin advised that human error is something every security team needs to accept because it is unavoidable. However, it can be curtailed with the effective deployment of automation.
This is because while most attacks, which are carried out by machines, are best counteracted by machines, smart humans can still outclass them.
Albin added, “I believe strongly that we need to reduce the human factor, but I do not believe that we should eliminate it.”
He went on to say that the best thing organizations can do with automation is to just start because like every new approach, it is a learning process. Start by defining goals and then jump straight into experimentation, learning, and adapting.