How Automation Technology is Solving the Cybersecurity Staffing Shortage Issue

*This article originally published in Security Magazine.

As cybersecurity incidents continue to increase in both complexity and frequency, businesses of every size in every industry and in just about every country across the globe are recognizing the glaring need for stronger defense strategies. The problem is, there simply aren’t enough talented IT security professionals to fulfill this growing need. In fact, a recent study by Intel Security and the Center for Strategic and International Studies (CSIS) revealed that 82 percent of IT decision makers report a shortage of cybersecurity skills.

And the problem goes well beyond simply not having enough people to handle the job. Cybersecurity incidents are wreaking havoc on these underprepared, under-protected organizations. The same Intel survey revealed that one in three respondents feel the shortage of skills makes their organizations more desirable targets for hackers. Furthermore, one in four say insufficient cybersecurity staff strength has damaged their organization’s reputation and led directly to the loss of proprietary data via a successful cyber-attack.

So, what’s the solution? Are businesses simply stuck in limbo until enough up-and-coming IT security professionals with the adequate skillsets enter the market? And what about smaller companies that face the additional challenge of budgetary restraints? Are they just doomed to be a more likely target of cyber criminals because they can’t afford to pay top security talent? The good news is there is a solution. The better news is, it’s both cost-effective and available now.

IT automation can help companies of every size close the skills gap and remain a step ahead of potential security breaches. Whether it’s a small to mid-sized company struggling to afford an in-house IT team or an enterprise-level organization that has the means but lacks the talent, automation technology provides the ideal solution in just about any scenario. And because it’s both affordable and scalable, it also eliminates the need to outsource, which means the business is able to maintain greater control.

Rather than rounding up additional IT personnel to handle the incident response process, an automated playbook can be implemented in their place. Not only is this a more efficient and cost-effective business model, but it can also dramatically improve the level of protection for the company. The moment an alert occurs, the automated tool detects it. This alone is something that human workers simply cannot do as effectively on their own – especially in the case of larger enterprises that receive tens of thousands of alerts each and every day.

As anyone who is familiar with the incident response process will tell you, not every alert is indicative of a cyber-attack. To the contrary, the vast majority of them are either harmless or they’re simply not sophisticated enough to cause any real damage.

But what if, as your IT staff is relentlessly weeding through all the potential threats, the one incident that is truly dangerous slips through? This is exactly what happened in the case of the infamous Target breach that occurred a few years ago. It wasn’t that the company failed to monitor incidents, but rather that it didn’t have the appropriate tools in place to effectively pinpoint the ones that needed to be addressed. As a result, a real threat snuck in and the rest is history.

This is another area where automated incident response technology can truly make the difference. Had Target (or most of the hundreds of other organizations in the news due to a breach) employed automation as part of their incident response strategy, the threat in question would have been identified and addressed right away – before millions of customers had their personal information compromised.

More importantly, Target’s breach demonstrated that adequate cyber security isn’t dependent on the number of IT employees on your payroll. It’s about having the right tools and technology in place to support and enable existing staff (regardless of size) to do their jobs more effectively.

With advanced automation software, the entire incident response strategy can be run like a well-oiled machine, whether there are 100 IT workers or three. While the technology behind automated incident response is complex, the way it works is relatively simple and straightforward. The moment an alert arises, the system detects and assesses it for legitimacy and severity. Actual threats are then prioritized and the appropriate steps are initiated to address the situation. If the incident can be resolved automatically, it will – without the need for any human input. If escalation is required, the appropriate party will be notified accordingly.

There are a variety of ways an automated incident response playbook can be built and deployed, and they are both customizable and scalable. In most cases, playbooks are developed based on real-life scenarios and actual use cases, which helps to make them more effective in detecting and resolving legitimate incidents in a timely manner.

Additionally, most advanced automated tools have the capability to integrate seamlessly with existing monitoring systems, programs and applications, thereby extending and improving the level of defense against potential cyber-attacks. Lastly, automated IR helps to dramatically reduce mean time to resolution (MTTR) from weeks and days to hours and sometimes even minutes. That means if an incident does happen to slip by, it can be isolated and nullified before it has time to wreak havoc.

So while the staffing shortage doesn’t appear to be waning any time soon, there is plenty of good news on the horizon for companies of every size and industry. Automation technology can bridge the gap, strengthen the line of defense and help mitigate damages in the event of a successful breach. Best of all, it’s available for round-the-clock protection – something even the most substantial IT departments can’t match. And finally, automated playbooks don’t cost nearly as much as hiring top IT talent, yet they’re incredibly efficient and effective. So for now, it’s certainly a solution worth considering.

Gabby Nizri is the CEO of Ayehu, Inc., which provides Process Automation and Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication and recovery from cyber security breaches. 

eBook: 5 Reasons You Should Automate Cyber Security Incident Response

Share This Post

Share on facebook
Share on twitter
Share on linkedin