You can’t automate the entire cybersecurity function – yet

Automation is 'not a quick, fix-all solution,' says the Ponemon Institute. Cybersecurity needs humans.
12 February 2020

Security still needs humans. Source: Shutterstock

The core attraction of automation technology is its ability to “accomplish more with fewer bodies.” 

That’s the phrase used by Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. 

He was commenting on new research, released in partnership with DomainTools, which reveals how organizations are banking that automation technology can rescue them from an impending cybersecurity skills shortage. 

Surveying more than 1,000 IT and IT security practitioners in the US and UK, the report entitled Staffing the IT Security Function in the Age of Automation, found just over half (51 percent) believe automation will decrease headcount in the IT security function in the coming years. 

That’s a hike of 20 percent since last year’s report, and demonstrates swiftly-gathering confidence in the technology’s potential bolster dwindling security teams. 

That optimism will become necessary as a lack of security expertise continues to pose a problem. Sixty-nine percent of organizations’ IT security functions are currently understaffed, found the report — just a slight improvement over last year’s 75 percent. 

This is all while cyber threats become increasingly diverse and sophisticated, posing serious financial, reputational, legal and ethical risks to organizations of any size, in any sector. The average breach is reported to cost businesses US$3.6 million, according to Ponemon and IBM, going up to US$350 million for large-scale breaches. 

Successful attacks are now a case of ‘if’ not ‘when’, but finding skilled professionals to deploy and manage effective cybersecurity initiatives is proving the biggest struggle. 

According to research last year by IT security organization (ISC)², there are 2.93 million unfilled cybersecurity positions around the world.  

With the rise of ‘digital transformation’ over the last decade or so — seeing mass migrations to the cloud, and data-laden IoT systems — businesses realized they had widened their attack surfaces, and surging demand for cybersecurity professionals left the existing talent pool swiftly depleted. 

With both academic courses and the specialists to run them in short supply, the in-flow of cybersecurity talent has struggled to keep pace as the threats proliferate. 

For those cybersecurity professionals in the business, meanwhile, the task is often one of fire-fighting threats day-to-day. This leaves little time for educating or training the wider company about new risks or best practices and, ultimately, makes it difficult to embed a culture of cybersecurity awareness throughout the organization. 

While the Ponemon report shows organizations are increasingly hedging their bets on automation tools to counter the talent gap, current adoptions have been met by mixed reviews. 

Just four out of 10 believed that automation would reduce human error, while another half said automation could add complexity to jobs. Fifty-four percent, meanwhile, said that automation wouldn’t be a match for human intuition and hands-on experience.

What the majority (74 percent) did agree on was that automation tools could allow staff to focus on ore serious vulnerabilities and overall network security. In this sense, the rising use of automation tools serves to highlight just how important these illusive cybersecurity professionals are. 

“The perspective around the effects of automated technologies for IT security continues to shift year after year,” Dr. Ponemon said. “As adoption of automation becomes more mainstream and improves the effectiveness and efficiency of IT security staff […] what is likely is for there to be a consolidation of existing roles, rather than an elimination. 

“This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.” 

Automation is not a quick, fix-all solution, the report read. But it can serve to make cybersecurity threats more manageable for security personnel. Applications can include reducing false positives, increasing the speed of analyzing threats and reducing vulnerabilities. 

Automated compliance solutions, for example, can help ensure data is handled and protected correctly by default, which can help to alleviate resource elsewhere. 

“We are still in the early stages of adoption and just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles,” said Corin Imai, Senior Security Advisor, DomainTools. 

“However, the human factor remains the most important player in information security. 

“Automation will never fully replace human intuition and expertise, and those that become experts in deploying and managing automation solutions will have a new valuable skill set for many years to come.”

With that in mind, and as is also becoming the case in the search for AI and machine learning talent, organizations may have better success by looking in on their teams, making time available to train and recruit cybersecurity specialists in-house.