teissTalk: Trusting security automation

teissTalk host Jenny Radcliffe was joined by David Cartwright, Head of IT Risk & Security, Standard Bank International Client Solutions; Ansgar Koene, Global AI Ethics and Regulatory Leader, EY; Ian Hill, Director of Cybersecurity, BGL Group.

 

Views on news

 

Identifying assets and classifying data – the first steps of establishing a cyber security programme – can take months when done manually, a timeframe that businesses can’t afford with the number and sophistication of  cyberattacks rising steadily.

 

There are three major factors standing in the way of automation in cyber security: security tech explosion and the lack of skilled workers, the absence  of standardization and an expanded attack surface. However, automated and intelligent managed detection and response (MDR), combined with security orchestration, automation and response (SOAR), can help detect and respond to cyberthreats in real time.

 

Meanwhile, context- and risk-based authentication methods help reduce the probability of unauthorized access to systems. Although the article mentions the lack of standardisation as a hindrance, too much of it can be a problem too.

 

Another setback is that even large organisations have small incident response teams and all aspects of it are done in house, which can only work with automating functions such as IAM. But it’s key that response teams are actually aware of the automation because otherwise they won’t see why anomalies are happening on the network.

 

One of the risks not mentioned in the article is that if you let AI make decisions for you and it’s acting on false positives, it may become a source of disruption for the company.

 

The effectiveness of automation is also limited by its ability to deal with something new where information is scarce, and patterns are hard to detect.  We’ll continue to need humans that can identify cases that automated tools couldn’t and to do what machines and automation can’t. Getting the engagement of the business is key to the success of security

automation.

 

Building trust for automation in the organisation

 

For automation to work, you need to have a business acceptance that, on the upside, an automated system can watch what’s happening at 4 am when humans are not around but it also comes with some downsides. Trust between the cyber team and the business is essential and a prerequisite of trust in automation. Businesses already have extensive automated systems – pointing out their benefits to the business can alert them to its positive aspects and generate buy-in. ML-based email filtering asking questions from users directly without the security team getting involved is a good example of automation putting the control in the hands of the user and making them feel they have some agency in information security matters.

 

Understaffed security teams working with tight deadlines often find it hard to think and act strategically. It’s also challenging for disparate teams working together on automation projects to overcome silo mentality.

 

Standardising the way different levels and business units interact and communicate with each other and the cloud could help achieve better results in. The cloud is also an enabler of automation through providing all-important interoperability.

 

As for the future, new legislation opening up B2B data sharing (e.g., EU’s Data Act designed to control smart contracts among other things) is expected to have a huge impact on the space, and a new focus on the automation of threat intelligence to deal with emerging  attacks is also on the horizon.