Data and securityCyber SecurityIs automation essential in the cyber security battle?

Is automation essential in the cyber security battle?

Is automation essential in the cyber security battle given public sector organisations are relying on a near-skeleton crew of security analysts?

Last month, a Freedom of Information request made by Huntsman Security highlighted how Government security analysts are at risk of being overwhelmed by attacks, not least because public sector organisations are still relying on a near-skeleton crew of security analysts.

The findings from the FoI requests highlight how there is a growing risk that what workers are becoming overwhelmed by the number of threats they have to address: increasing the risk of, a successful attack at worst, or the stress levels and burn out of overworked security analysts.

“All organisations, including those in the public sector, have to think about the whole end-to-end processes,” says Piers Wilson, Director at the Institute of Information Security Professionals and Head of Product Management, Huntsman Security. “It’s one thing investing so that you identify twice as many threats, but if you have the same number of security analysts they just have double the workload. The process side has to keep up.”

Crucially, Piers adds, this can’t always be addressed by recruiting new staff members – there’s a serious shortage of skilled staff and those that do exist command healthy salaries – which means automation, AI and machine learning all come into play.

“It’s widely accepted that there aren’t enough security personnel out there, whether you’re talking about analysts, operators, engineers or whoever. There’s a lot going on to correct that and get more people into the sector. Building a team of security analysts, of whatever size, is therefore difficult. The same applies to retention – where demand outstrips supply the expertise doesn’t come cheap. The FOI exercise found that teams weren’t growing to deal with the additional threat. It’s not a criticism of any public sector organisation at all – it just highlights the need to look for different solutions that enable the public sector to protect the vast swathes of sensitive data it holds.

“As a result, I see a clear need for technology and automated processes, not to replace people, but to support them in working more efficiently. It builds on what people do. There’s no need for a human to copy data from one system to another when a machine can do it for them – it’s what computers do. Automation and analytics is best left to computers as they can do it faster and more effectively – which frees up time for analysts to deal with situations that require human intervention.”

Widening threat landscape

Piers adds that security automation is needed more than ever given the public sector’s increasingly multi-channel customer service delivery – and the broadening threat landscape we currently see.

“Automation definitely has a role to play in helping to manage the wide range of potential attack channels organisations are having to monitor and the different types of attacks they’re exposed to. They have systems in the cloud, users on mobile devices and Internet of Things increasing the surface for attack, alongside customers that interact with them far more frequently than they used to. All of this needs constant monitoring, which is where technology comes to the fore.

“Public sector security teams are fighting a tough adversary, when you consider how and where threats are coming from and the imbalance between attack and defence. To be effective, you have to be able to defend against all vulnerabilities and all of the systems all of the time. The attacker, on the other hand, can be as flexible as they want, change tactics as often as they want and pick and choose when they want to attack. They can also be as well-resourced as the information is worth. They only have to find one weakness in one system on one occasion to succeed. It’s an uphill battle that needs the help of technology.”

Piers concludes by saying: “We have a scenario where the world is a more dangerous place and failure is tolerated less by the public and regulators. A lack of investment in security resources, whether that’s people, tools, automation or machine learning capabilities to help people detect and understand what’s going on, is therefore a worry.

“The public sector needs to be aware of its duties of care and deliver them within the constraints that they have.”

Related Articles

Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

2w Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

3w Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

4w Guest Writer
Making the cloud a safe space

Cloud Computing Making the cloud a safe space

1m Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

1m Austin Clark
Government security analysts 'at risk of being overwhelmed by attacks'

Cyber Security Government security analysts 'at risk of being overwhelmed by attacks'

2m Austin Clark
DCMS proposes new cyber security council in latest consultation

Cyber Security DCMS proposes new cyber security council in latest consultation

2m Austin Clark
Securing unified communications – securing countries and citizens

Cyber Security Securing unified communications – securing countries and citizens

2m Guest Writer