The cybersecurity landscape is undergoing significant transformations exemplified by increasing complexity, constantly evolving threats and, as a result, the necessity for ever-more sophisticated and integrated security solutions. Automation, artificial intelligence (AI), and machine learning (ML) are fueling technological advancements and innovation. At the same time, escalating cybersecurity challenges and growing regulations means that organizations are struggling to keep pace as they realize that they need to be able to operate at cloud-level scale and ML speed to cope with the evolving sophistication of security threats.
Additionally, the cybersecurity industry has taken limited action to reduce cybersecurity process friction, reduce mundane tasks and improve overall user experience. Likewise, burnout has made its way into the cybersecurity industry, but little is being done to address the attrition that it causes. CISOs–and their teams–have never been more stressed. Between an overwhelming workload, constant firefighting, technology issues, growing regulation, and fear that a compromise will make the headlines. There are many reasons for CISOs to feel stressed. To add to this, the US Securities and Exchange Commission (SEC), has charged SolarWinds and its CISO with securities fraud and violations of internal controls for failing to disclose known material cybersecurity risks and vulnerabilities. As a result, new policies have now been put in place that will impact the CISO role going forward.Therefore it’s no surprise that burnout is one of the top reasons CISOs cite for leaving their jobs according to research by Enterprise Strategy Group (ESG), with 55% of cybersecurity professionals saying they experience on-the-job stress at least half the time.
Cybersecurity automation, AI and ML should reduce that burden, eliminate repetitive tasks, do the heavy lifting, and alleviate the stress from resource challenged cybersecurity teams.
Cybersecurity automation – an evolving industry
Recent research finds that most organizations say cybersecurity automation is important to their business, but the same research highlights that there are levels of dissatisfaction–especially among industries that are further along their automation journey. In fact, an overwhelming 100% of respondents admitted that they had experienced problems when trying to automate.
Of course, the cybersecurity automation industry is still relatively nascent and with any early adoption of technology there are always growing pains. Users are still working to implement the solutions that will solve their challenges and deliver the right kind of ROI. Vendors are still innovating and advancing their solutions from both a technology and usability perspective. Overall the industry is still a relatively new part of the wider cybersecurity armory, which explains why it’s not as big a spending priority for CISOs as other cyber tools, with 2023 market size of $9 billion (though set to grow to $17 billion by 2028).
Falling short on anticipated outcomes
The general consensus is that automation tools are not delivering the expected outcomes. There is also a lack of trust in the outcomes delivered by automated processes. This is causing slow adoption, which is not surprising if users don’t trust what they are seeing. The fear of bad decisions being made, such as incorrectly blocking suspicious-looking domain names that are actually benign or blocking legitimate emails is also a challenge around automation. These issues are compounded by a lack of integration, with early solutions not living up to the hype, being clunky and hard to use, with expectations that “automate everything” will work out well, when companies really need to choose the workflow automation that it is best suited to.
The importance of integration shouldn’t be underestimated. Most security environments have grown organically over the years with many point solutions that don’t talk to each other. In the world of security operations this is a major drawback. Moving forward when selecting cybersecurity automation solutions, organizations primarily want the facility to integrate with multiple data sources and systems, particularly as the number and formats of sources grow, this will become even more important as teams seek to make sense of increasing volumes of data.
A disconnect between role holders and perceptions
Compounding all these issues are a mix of different perceptions from the different role holders. The research found that while CISOs, Heads of IR, and Heads of CTI are more likely to say the importance of cybersecurity automation has increased, for Heads of SOCs, Heads of IT security solutions architectures and MSSPs, its importance has dropped slightly. There were other variations between roles, for instance while increasing efficiency is the top driver for introducing automation for CISOs by some margin (42%) for Heads of SOC and MSSPs, regulation and compliance was the top driver.
That said, there is now strong consensus around ROI being firmly centered on employee wellbeing, which is good news in terms of tackling the stress levels within security teams. It is hard for organizations to implement metrics and determine the best way to measure cybersecurity automation ROI. The research found that nearly two thirds (61.5%) say that ROI is measured by how well they are managing the team in terms of employee satisfaction and retention.
This points to a shift in what organizations view as the point of investing in cybersecurity automation, where the prime motivation is to improve the experience of employees. By allowing automation to shoulder the burden of lower value, repetitive tasks this frees up security analysts to focus on higher value, more rewarding work, which hopefully helps to reduce churn.
Cybersecurity automation is a priority area
Despite its challenges, cybersecurity automation is clearly viewed as a priority area and a core element of an organization’s cybersecurity strategy, but now the emphasis must be on resolving those challenges. The diversity of views expressed by cybersecurity teams demonstrates the evolving nature of cybersecurity automation adoption. The first generation of process-driven solutions implemented by early adopters have revealed some shortcomings, but now low/no code, data-driven platforms are addressing many of these problems.
Moving forward, the incorporation of low code and AI into platforms should contribute to a better experience for businesses embarking on their automation journey now. As companies double down on AI investments, this will make smart tools even smarter, and we’ll start to see some real positive use cases which deliver strong ROI. For instance, threat detection and response involves a lot of data with lots of response options to consider; this is the perfect use case to apply a machine to help break the bulk.
The intersection of automation and AI, and how to make automation more successful, is clearly where the industry now needs to evolve, and this will be the topic of my next column. Stay tuned!
