Data and securityCyber SecurityIs automation essential in the cyber security battle?

Is automation essential in the cyber security battle?

Is automation essential in the cyber security battle given public sector organisations are relying on a near-skeleton crew of security analysts?

Last month, a Freedom of Information request made by Huntsman Security highlighted how Government security analysts are at risk of being overwhelmed by attacks, not least because public sector organisations are still relying on a near-skeleton crew of security analysts.

The findings from the FoI requests highlight how there is a growing risk that what workers are becoming overwhelmed by the number of threats they have to address: increasing the risk of, a successful attack at worst, or the stress levels and burn out of overworked security analysts.

“All organisations, including those in the public sector, have to think about the whole end-to-end processes,” says Piers Wilson, Director at the Institute of Information Security Professionals and Head of Product Management, Huntsman Security. “It’s one thing investing so that you identify twice as many threats, but if you have the same number of security analysts they just have double the workload. The process side has to keep up.”

Crucially, Piers adds, this can’t always be addressed by recruiting new staff members – there’s a serious shortage of skilled staff and those that do exist command healthy salaries – which means automation, AI and machine learning all come into play.

“It’s widely accepted that there aren’t enough security personnel out there, whether you’re talking about analysts, operators, engineers or whoever. There’s a lot going on to correct that and get more people into the sector. Building a team of security analysts, of whatever size, is therefore difficult. The same applies to retention – where demand outstrips supply the expertise doesn’t come cheap. The FOI exercise found that teams weren’t growing to deal with the additional threat. It’s not a criticism of any public sector organisation at all – it just highlights the need to look for different solutions that enable the public sector to protect the vast swathes of sensitive data it holds.

“As a result, I see a clear need for technology and automated processes, not to replace people, but to support them in working more efficiently. It builds on what people do. There’s no need for a human to copy data from one system to another when a machine can do it for them – it’s what computers do. Automation and analytics is best left to computers as they can do it faster and more effectively – which frees up time for analysts to deal with situations that require human intervention.”

Widening threat landscape

Piers adds that security automation is needed more than ever given the public sector’s increasingly multi-channel customer service delivery – and the broadening threat landscape we currently see.

“Automation definitely has a role to play in helping to manage the wide range of potential attack channels organisations are having to monitor and the different types of attacks they’re exposed to. They have systems in the cloud, users on mobile devices and Internet of Things increasing the surface for attack, alongside customers that interact with them far more frequently than they used to. All of this needs constant monitoring, which is where technology comes to the fore.

“Public sector security teams are fighting a tough adversary, when you consider how and where threats are coming from and the imbalance between attack and defence. To be effective, you have to be able to defend against all vulnerabilities and all of the systems all of the time. The attacker, on the other hand, can be as flexible as they want, change tactics as often as they want and pick and choose when they want to attack. They can also be as well-resourced as the information is worth. They only have to find one weakness in one system on one occasion to succeed. It’s an uphill battle that needs the help of technology.”

Piers concludes by saying: “We have a scenario where the world is a more dangerous place and failure is tolerated less by the public and regulators. A lack of investment in security resources, whether that’s people, tools, automation or machine learning capabilities to help people detect and understand what’s going on, is therefore a worry.

“The public sector needs to be aware of its duties of care and deliver them within the constraints that they have.”

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

5m Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

5m Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

5m Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

5m Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

5m Jay Ashar
UK government to assess the cyber security capability landscape

Cyber Security UK government to assess the cyber security capability landscape

5m Jay Ashar
New capability to help organisations fight cyber threats

Cyber Security New capability to help organisations fight cyber threats

5m Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

7m Jay Ashar