Using AI to enhance cybersecurity
Cody Cornell, CSO at Swimlane, explains how automation can enhance organisations’ security to overcome the cybersecurity skills shortage.
In the race towards the Fourth Industrial Revolution, organisations are embracing technologies that enhance connectivity and streamline processes. While rapid digitalisation has helped businesses stay afloat during a turbulent last few years, it has also exposed them to increased vulnerabilities that malicious actors can exploit.
This increased exposure comes at a time when cybersecurity threats across the globe continue to grow at an alarming rate. According to the latest Blackberry Global Threat Intelligence Report, the number of unique attacks using new malware samples skyrocketed by 50% from December 2022 to February 2023, with up to 12 attacks per minute observed. In the UK, where cybersecurity has been identified as a Tier 1 threat alongside terrorism, war and natural disasters, 32% of businesses have reported a breach or attack during the last 12 months.
In an environment like this, it’s clear that cybersecurity must be a significant priority for every business. However, a more significant roadblock stands in the way of an organisation’s ability to secure their business – the substantial shortage of cybersecurity skills and talent.
Cybercrime is expected to cost the world $10.5 trillion annually by 2025, and yet for years organisations have struggled to build the specialised skills to manage these growing threats.
Recent research from the UK government found that approximately 51% of businesses in the country have a ‘basic’ cybersecurity skills gap. This has resulted in a lack of confidence to carry out fundamental tasks such as setting up configured firewalls, storing or transferring personal data, and detecting and removing malware.
Additionally, 33% of businesses in the UK are experiencing more advanced cybersecurity skills gaps in areas such as penetration testing, forensic analysis and security architecture, and 37% of businesses report an internal skills gap when it comes to incident response and recovery.
As organisations create new and innovative ways of protecting their businesses, cyber criminals are working to combat every new defence. As such, many organisations find it difficult to meet the constantly shifting security demands of a digitalised world. But, there’s a simple solution that organisations can take advantage of to ensure robust security of their systems and processes despite the lack of access to cybersecurity talent: automation.
Making the most of automation
There is still unease surrounding automation from those who believe implementing it will either create more work or remove people from the equation entirely. But, the reality is that low-code security automation can strategically up-level the existing security team by removing the mundane and repetitive tasks taking up the bulk of their time. By embracing this technology as a tool to support the security operations centre (SOC) instead of replacing it, organisations can detect, identify and respond to threats faster while reducing human error and costs.
Here are three ways that automation can help businesses address some of the key cybersecurity challenges they face as a result of the security talent shortage:
- Mitigating alert fatigue
With a limited number of staff responsible for monitoring upwards of 10,000 alerts a day with zero room for error, the potential for breach is high. That’s why one of the biggest problems facing security and IT teams is alert fatigue; a phenomenon that occurs when cybersecurity professionals are inundated with such a high volume of security alerts that it leads to a diminished ability to react effectively to and investigate real threats.
Swimlane’s recent Cyber Threat Readiness report found that only 58% of companies addressed every security alert. Of the organisations that can respond, 78% said they used low-code security automation solutions to do so.
With 2.7 million unfilled cyber jobs globally, and one third of organisations surveyed by Swimlane believing they will never have a fully staffed security team, it’s clear that this issue can never be solved by hiring. This has led to burnout among security analysts all while cyber attacks continue to increase in frequency and sophistication.
Automating the processes monitoring security alerts by creating and deploying pre-programmed responses to specific incidents helps organisations reduce the pressure on their cybersecurity teams. This enables security teams to become more proactive and strategic in their approach to threats, ensuring the organisation can address every alert and ultimately reducing the risk exposure.
- Simplifying threat management strategies
Security teams are required to protect complex business environments across multiple departments. Each department within an organisation requires its own software, tools and secure credentials to conduct business, opening up each group to exploitation for access to the entire network. Staff and skill shortages can make it exceptionally difficult to navigate these increasingly complex environments.
Through the automation of threat management processes and systems, organisations can connect and integrate what was once a list of disjointed tools, enabling IT teams to reduce the complexity of security environments and defend the entire enterprise without sacrificing sophistication. This allows for less time to filter, sort and visualise data across security tools while creating a centralised system of record for all security operations with a more holistic view across distributed, complex environments.
- Managing SecOps efficacy
The global average cost of a data breach is now the highest it’s ever been at $4.35 million, according to IBM’s 2023 Cost of a Data Breach report. Additionally, the UK government found that the most disruptive breach or attack from the last 12 months cost each business, no matter the size, approximately £1,100. For medium to large businesses, this was around £4,960.
Despite this, security leaders often struggle to relay the value of their security operations centres to non-security leaders in the business. This results in reduced investment into cybersecurity, poor collaboration and eroding support that negatively impacts the business’ security posture.
By automating security operations (SecOps) workflows, security leaders can quickly identify and assess relevant metrics and trends, enabling them to better quantify and communicate the business value of security to management, the board of directors and the rest of the organisation.
As enterprises increasingly seek to enhance the maturity of their security operations, the need to address the cybersecurity skills gap has become imperative. Through the automation of routine activities and the implementation of streamlined workflows, organisations can empower their security teams to assume more strategic roles. In doing so, they fortify their ability to safeguard their most critical assets from all external threats.