Executive need to listen

ARTICLE | February 23, 2023 | 3 min read

Automation to the rescue

Hackers are leveraging new ways of working to wreak havoc on organizations. Here’s how we can fight back.

By Evan Ramzipoor, Workflow contributor

The COVID-19 pandemic is an object lesson in how cyber criminals thrive in times of uncertainty and disruption. Organizations worldwide were besieged by cyberattacks focused on the adaptations they had put in place to weather the pandemic. Bottom line: Too many organizations accelerated their digital transformations without fully updating their cybersecurity posture.

By now, most organizations have figured out how to manage the pandemic’s disruptions. That hasn’t significantly slowed the pace of cyberattacks, however. Breaches and other incidents climbed 38% in 2022, following a 50% surge the year prior, according to Check Point Research. Inflation, the war in Ukraine, and all the other challenges that have made “polycrisis” this year’s buzzword mean it’s far too soon to stop thinking about cyber risk.

Alarmingly, cyberattacks like ransomware are becoming “modularized,” making them more accessible to a wider range of attackers, according to Tom Winston, director of intelligence content at Dragos, a cybersecurity firm that focuses on industrial equipment and processes. For example, assailants are increasingly turning toward “ransomware-as-a-service,” which allows bad actors to lease ransomware tools for a price. As a result, attacks that once required a sophisticated understanding of computer and networking technologies are now available to unskilled criminals.

This phenomenon is part of a larger trend where a single attack can reverberate across entire networks and systems. In the case of major breaches like SolarWinds and Colonial Pipeline, security vulnerabilities impacted the target organization as well as its partners, customers, and vendors.

These distributed impacts make it much more difficult for organizations to resolve threats. “The threats go so deep,” says Karl Klaessig, a director of product marketing for security operations at ServiceNow. “They touch every area of the enterprise and its partners. That means resolving them is everyone’s job.”

The pace of digital transformation accelerated during the pandemic and shows little sign of slowing down. Yet companies have been slower to upgrade their cybersecurity. “We’ve made the attack surface monstrous,” Klaessig says, referring to the digital environment that is susceptible to attack from an unauthorized user. Corporate security teams aim to make their organization’s attack surface as small as possible. Yet attack surfaces grow whenever an organization adds technologies and software with vulnerabilities.

“Some companies have no idea what their attack surface looks like,” warns Winston.

Organizations often layer new on top of outdated technology. This is particularly true in manufacturing, where it’s often impossible to swap out old technologies without disrupting production.

Another problem companies face is shadow IT, in which employees run unauthorized software on company devices without approval. Each new piece of software increases the attack surface in ways that are often poorly understood and inconsistently monitored.

Most security teams are constantly playing catch-up and cleaning up after the latest breach, says Klaessig. This reactive posture significantly hampers their agility. With attacks happening everywhere, all the time, it’s almost impossible to remediate them before they impact the business.

Instead, organizations need automation to help them triage incoming threats. This can cut the time needed to detect an incoming threat by a third, according to an IBM report on the subject.

In the 2022 edition of its annual cybersecurity recommendations, Dragos urges organizations to use automation to make their infrastructure more defensible, visible, and secure. The report also advises companies to identify their vulnerabilities and have a plan to manage potential fallout.

“Organizations need to look at risk scenarios that cover their entire domain and make sure they can see everything on their network,” Winston says. “This is a far bigger issue than people realize.”

Want to Get Ahead and Stay There? Rethink IT Service Delivery.

Related articles

Companies are playing catch-up on cybersecurity
Companies are playing catch-up on cybersecurity

For many organizations, investing ahead of the breach is a hard sell

​​When Dev meets Sec
​​When Dev meets Sec

Bringing developers and security teams together doesn’t have to put speed at odds with safety. DevSecOps ultimately improves culture and products.

Securing hospitals against cyberattack
Securing hospitals against cyberattack

The healthcare industry is a soft target for nation-state and terrorist hacking groups. Waiting for the next attack is not the answer.

Cybersecurity risk in 5 stats
Cybersecurity risk in 5 stats

Security breaches and budgets are both on the rise, according to new research


Evan Ramzipoor is a writer based in California.