Embracing automation to protect against threats

A CISA spokesman said: “Enabling automation is a critical component of every organisation that wishes to address the speed and scale of modern cyber attack. Without orchestrated automated response, it is often not possible to respond to cyber threat intelligence in a timeframe that enables network defense. However, organisations often find themselves struggling to orchestrate existing manual processes.”

The announcement is part of a raft of cybersecurity measures that the US Government has put in place to alert of the cybersecurity risks in the current climate. In 2022 the Department of Homeland Security requested a total of 2.6 billion dollars for its entire cybersecurity budget, making it the largest budget among the CFO act government agencies, excluding the Department of Defense. And this is only set to rise. Overall cyber security spending in the United States is projected to increase in 2023 with the total proposed agency cyber security funding for that year amounting to 10.46 billion dollars.

Representing one of the largest digital populations worldwide, the United States reports a considerable number of cyber attacks each year. According to a 2021 survey, nearly 60 percent of online users in the country had experienced a cyberattack, ranking it the third country worldwide by share of cybercrime. In the most recent reported year, around 294 million internet users in the United States were impacted by incidents of data violation. Network intrusion was the most common type of cyberattack across the country.

Use of automation set to rise dramatically

The use of cybersecurity automation is undoubtedly on the rise. A 2021 global Statista survey found that 35.9% of global survey respondents reported using a high level of automation in security operations and event/alert processing. 

Cybersecurity automation relies on AI /ML technologies to give cybersecurity systems the ability to recognise threats and find ways to defuse them before they negatively impact a business and its operations. 

High-tech cybersecurity automation systems neutralise threats and incorporate security orchestration. 

A first step in using cybersecurity automation is gathering and correlating data. AI and ML systems can gather and correlate data,  study this data, making systems and cybersecurity automation possible. Which of course has a whole raft of benefits. 

Cybersecurity company Palo Alto Networks believes that automation is the only way to reduce the volume of threats and enable faster prevention. The company says with modern cyberattacks becoming  heavily automated, organisations trying to defend against these attacks manually don’t stand a chance. Nikesh Arora, CEO and chairman of Palo Alto Networks says:  "Organisations are still taking hours, or even days or months, to remediate threats — those are hours and days we no longer have given the speed and sophistication of attacks that are now commonplace. This is not an area where we need an evolutionary approach. This is an area where we need a revolutionary approach. We have to radically reimagine how we run cybersecurity using AI, so that an enterprise is able to respond to all attacks in real time, not days, not weeks, not months."

Levelling the playing field 

Palo Alto Networks believes automation levels the playing field, reduces the volume of threats, and allows for faster prevention of new and previously unknown threats. It says if implemented appropriately and with the right tools, automation can aide in the prevention of successful cyberattacks.

While the benefits of automation are clear, it is believed there is still a long way to go before the US is ready to fully deploy automation in cyber operations. In The Center for Security and Emerging Technology’s ‘Automating Cyber Attacks’ report researchers said: “Deploying machine learning in cyber operations means overcoming barriers to entry. If only some US states have the resources and expertise to overcome these barriers, those states will become simultaneously better defended and more capable of attacking their rivals. In other words, machine learning in cyber operations may be less biased toward either attackers or defenders than it will be biased toward already powerful states and organisations. 

The report went on to say that: “The barriers that exist today may lower before long. Just as many tools of traditional automation were eventually distributed in easily accessible packages, it seems likely that some future machine learning-enabled hacking tools will someday be widely available for even novices to use. The United States has much to gain from developing new machine learning tools for cyber operations early and much to lose if it waits. Maintaining a competitive edge will require constant work on both offense and defense. It is yet one more reason that, for as nuanced, complex, and overhyped as machine learning is, it remains too important to ignore.”

AI and automation come together 

To understand how AI is being used to support security operations and to quantify its impact on cybersecurity performance, the IBM Institute for Business Value (IBV) partnered with APQC (American Productivity and Quality Center) to survey 1,000 executives with overall responsibility for their organisation’s IT and operational technology (OT) cybersecurity. It asked respondents to provide information about the performance of their organisation’s security function and the extent to which they are applying AI and automation to manage cyber risk and compliance. 

The survey found the majority of companies, globally and across industries, are adopting or are considering adoption of AI plus automation in their security functions. 64% of respondents have implemented AI for security capabilities in at least one of the security lifecycle processes, and 29% are considering it. An IBM spokesman says: “AI for security may soon become a near universal capabiliy. The remaining 7% who are not considering use of AI plus automation for security place themselves in a precarious position, where they most likely will struggle to keep pace with the increasing speed and volume of security events.”