COLUMN | May 10, 2022 | 5 min read
There aren’t enough security analysts in the universe to manage a rising tide of threats. Automation can help.
By Barbara Kay, security and risk product marketing lead, ServiceNow
Nearly half of CIOs and 40% of other C-levels are concerned their cybersecurity is not keeping up with their digital transformation efforts, according to a new study.
These concerns are justified. The average volume of attacks and breaches (sensitive data loss or exposure) rose 15.1% from 2020 to 2021, with high-cost or material breaches increasing 24.5%. In layman’s terms, the bad guys created more visible problems, many of which resulted in significant business loss, downtime, and reputational damage, as well as the actual cost of response and cleanup.
These findings come from the new cybersecurity benchmarking survey “Cybersecurity Solutions for a Riskier World” by research firm ThoughtLab, co-sponsored by ServiceNow. The survey spans 1,200 organizations and 16 countries representing more than $125 billion in annual cybersecurity spend—roughly half of total security spending worldwide. The executives polled came from 14 different industries,including the public sector, and spanned CEOs to CISOs and their direct reports. The largest group surveyed was financial services.
It doesn’t matter what chair you occupy in the C-suite (or whom you report to in the C-suite). With digital services driving more and more of an organization’s overall success, every business leader needs to care about security and risk.
The intent of this research was to identify specific solutions—what is working and what others can learn from what’s working. While the research identifies security opportunities across people, process, and technology, a common thread throughout is automation.
If you’ve spent any time reading articles on Workflow or watching our Chief Innovation Officer Dave Wright’s videos, you know that we love talking about digital automation. But it’s not just because it’s integral to our business. It’s because it works.
Automation speeds time to value. It helps organizations cover more incidents with fewer people. It frees security analysts to focus on complex, engaging problems rather than grunt work and thus leads to higher work satisfaction and retention (24% of execs in the survey said a shortage of human talent was their top challenge).
Automation also permits continuous 24/7 monitoring, real-time alerts, and/or actions based on defined policies and risk tolerance, rather than on an individual’s knowledge or timely attention. It improves findings, actions, and outcomes by mining a wealth of data and analytics. Finally, it bridges gaps to facilitate effective communication and collaboration across silos for faster and better results.
Below you’ll find my cybersecurity challenge baker’s dozen, all drawn from security challenges identified in the ThoughtLab study. Automation can help organizations meet all 13 challenges. However, automation isn’t a tool that you can simply set and forget. To be effective and worthwhile, it requires a conscious decision to mature and optimize how you operate.
Challenge 1: Inadequate identification of key risks
Automated solution: Use automated risk-assessment workflows to easily collect accurate information from users and deploy asset-aware risk scoring to focus on likely targets and monitor the most likely risk areas.
Challenge 2: Inadequate budget to ensure high-level cybersecurity
Automated solution: Heighten vigilance against threats with continuous monitoring to reduce gaps and expedite responses by orchestrating processes across tools and teams. Reveal the most important protection gaps using industry-standard MITRE ATT&CK recommendations so the budget has a higher impact. Stretch limited resources with automation whenever/wherever possible.
Challenge 3: Insufficient incident detection and response capabilities
Automated solution: Use analytics and AI to identify and respond to all manner of threats from basic to targeted, using automated playbooks to reduce human intervention or action. Eliminate manual steps and errors in intrusion investigations. Connect data and tools across teams for a complete picture. Reduce time to resolution. Replace uncertainty and delays with precision and continuous improvement.
Challenge 4: Lack of prioritization of cyber risk across organization
Automated solution: Simplify communication of potential risks and mitigations and relate them to the audience to engage and gain support of decision-makers. Automation within your systems can collect, analyze, and present risks, progress, and trends over time to demonstrate the positive impact of investments and decisions.
Challenge 5: Lack of executive support
Automated solution: This challenge and the previous one are symptoms of the same problem—decision-makers need to understand how the problem affects them in order to make cybersecurity a priority. Surveys can provide evidence and benchmarking to help, with your automated processes reliably providing data to associate actions with business goals and risk reduction.
Challenge 6: Rise of new technologies (such as IoT, cloud, and mobile technologies)
Automated solution: Automate discovery and passive assessment of new technologies and vulnerabilities to maintain an accurate profile of devices and software across your company’s IT attack surface. Use consistent risk scoring to evaluate diverse systems for risk and prioritize what to respond to. Include recommended fixes and details in communications between security and IT/OT (information technology/operational technology) partners who implement updates.
Challenge 7: Time needed to automate key workflows and processes
Automated solution: Security operations and vulnerability management technologies provide libraries of simple tasks and multistep workflows to accelerate process automation. Downloadable integrations replace in-house efforts to create and maintain data access from dozens of tools. Low-code app development tools let users create automated workflows quickly and easily.
Challenge 8: Increasing regulatory burden
Automated solution: Regulatory change management systems update frameworks used in compliance monitoring and reporting. Automated monitoring collects and reports compliance data with less effort and fewer spreadsheets.
Challenge 9: Shortage of skilled cybersecurity professionals
Automated solution: Slash workloads by eliminating manual steps. Use guided playbooks to shorten learning curves by tracking corporate policies and automating retrieval of up-to-date data from systems of record. That means less grunt work for human analysts, freeing them for more strategic tasks.
Challenge 10: Ineffective cybersecurity training programs
Automated solution: Embed approved cybersecurity policies and controls within existing processes and within email, browsers, chat, and mobile to make it easier to do the right thing (Outlook, for example, has a feature that allows for one-click reporting of suspicious phishing emails).
Challenge 11: Inadequate governance
Automated solution: Embed governance processes within day-to-day activities and shorten time to discovery of addressable issues. Easily gather timely and defensible evidence to satisfy C-level leaders and board governance committee members, who are increasingly accountable for security outcomes.
Challenge 12: Increasing supply chain vulnerabilities (tied for No. 12)
Automated solution: Perform faster and more thorough assessment of vendor and partner risks across cybersecurity, staffing, data management, and other processes. Reassess risk profile based on a schedule or changes reported by monitoring services. Trigger investigations when reports fail standards and allow for quick responses to mitigate potential risks.
Challenge 13: Functional silos (tied for No. 12)
Automated solution: Share data and workspaces across otherwise fragmented teams to make it easier to collaborate. Integrate and enrich data from different toolsets to improve the quality and relevance of each department’s decisions and actions. Turn policies and SLAs into technical controls and reports that automate day-to-day efforts involved in maintaining defenses.
Want to learn more about how automation can improve an organization’s security posture? Read the ThoughtLab research report and our Workflow Guide on cybersecurity and ransomware. And don’t miss these great Knowledge 2022 sessions:
And if seeing is believing, check out these ServiceNow product demos for ideas.