Every cybersecurity professional knows there’s no such thing as perfect security. The best that can be achieved is to make the organization resilient enough to not only prevent the most commonly employed cybersecurity attacks, but also contain the damage inflicted by any attack that inevitably gets past whatever cybersecurity defenses in place. Unfortunately, a global survey of 3,600 security and IT professionals conducted by The Ponemon Institute on behalf of IBM finds suggests that when it comes to cybersecurity most organizations are not especially resilient.New survey: 77 percent of cybersecurity and IT pros say they do not have an incident response plan consistently applied across the enterprise. Only 30 percent have enough staff to achieve best possible security. Click To Tweet
Published this week, the survey finds 77 percent of respondents indicating they do not have a cybersecurity incident response plan consistently applied across the enterprise and that only 30 percent said they have sufficient levels of staffing to achieve a high level of cyber resilience. In fact, the survey notes organizations have on average anywhere between ten to 20 open cybersecurity positions and 75 percent of respondents rate their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high.
Faced with those challenges, it’s apparent organizations should be relying more on automation whenever possible to maximize the effectiveness of the cybersecurity teams they do have in place. But only 23 percent of respondents said they were making significant use of automation, while another 77 percent reported their organizations relied on automation either moderately, insignificantly or not at all. It’s worth noting that organizations that make extensive use of automation rate their ability to prevent (69% vs. 53%), detect (76% vs. 53%), respond (68% vs. 53%) and contain (74% vs. 49%) a cyberattack as being significantly higher. That capability turns into real dollars when you consider the fact that organizations that have embraced automation typically incur far fewer costs whenever a data breach does inevitably occur.
A big part of the problem with implementing automation, however, can be traced back to the number of cybersecurity tools organizations have deployed. The survey finds nearly half of respondents (48%) said their organization deploys too many separate security tools, which most often only serves to reduce overall visibility while simultaneously increasing operational complexity.
As regulations such as the General Data Protection Rule (GDPR) put in place by the European Union become more strictly enforced, the cost of a data breach is only going to rise. The chances organizations will be able to contain the cost of a cybersecurity breach by throwing more cybersecurity personnel at the problem is virtually nil. There is no proverbial cybersecurity cavalry coming over the hill to the rescue. The only option is to circle the wagons by ruthlessly automating as many cybersecurity processes as possible. The degree to which all the cybersecurity tools an organization has adopted share a common set of application programming interfaces (APIs) the easier that goal becomes to achieve.'There can be no cybersecurity resiliency without increased reliance on automation' This Barracuda blog post has the latest research from IBM Security on automation, cybersecurity, and IT staffing. Click To Tweet
It should be clear to most cybersecurity professionals by now that there can be no cybersecurity resiliency without increased reliance on automation. The hard work that still needs to be done is figuring out what to precisely automate when. That requires a detailed understanding of how cybersecurity processes and workflows really work within the organization and then rationalizing many of the existing tools. It’s simply not possible to automate what’s not well understood, so arguably the most important step toward achieving meaningful cybersecurity resiliency that any organization can take is to start documenting those processes right away.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.