How to automate incident response effectively

"The risk with automation is that you may start missing things."

Greg van der Gaast, Head of Information Security at the University of Salford  talks to Jeremy Swinfen Green about how to avoid the risks of automating cyber security.

Greg van der Gaast will be speaking at the teissR3 | Resilience, Response and Recovery summit taking place online, 15 - 24 September.

This year, the very popular teissR3 event focuses on how to improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Space is limited. Register your free place by clicking here.

Video transcript

How effective is it to automate incident response? What are the risks with this sort of approach and how can they be mitigated?

I think it's an interesting point. I think there's a sweet spot to it, because automation is obviously good. You don't want people to be doing tedious, repetitive tasks all the time. It's bad for resource, it's bad for morale, there's little value to it. You should have your people do better things than that.

I think the risk with automation is, you may start missing things, and that's where I think it's very important to just keep thinking. Even if you've automated something, whatever it is you've automated, keep it in mind, and think, what might we be missing? And always remember what you have, in terms of automation. I think a lot of people with automation is people automate something, then forget about it.

You have to keep it into consideration. You have to keep thinking about how you think you'll interact with that, and that will usually allow you to improve your automation and make you also realise things that maybe you should revisit or maybe things that you shouldn't automate. So I think it's very important to just keep thinking about-- keep in mind what you've kept automating. Just so that things don't start falling through the cracks or your silo you're thinking away from what you think has been dealt with, because security is always unpredictable.

Leave a Reply