CISOs to embrace automation as skills, visibility gaps prove crippling

High volumes, poor data classification compounding problems of real-time threat detection

The increasing complexity of security environments has pushed many CISOs to the point where only 1 in 5 believes their company is “highly effective” at preventing security breaches – and with the security skills crisis set to continue long-term, recent figures suggest, a growing number will be turning to security automation to compensate.

Fully 75 percent of 300 Asia-Pacific region CISOs, responding to a Oxford Economics survey conducted for ServiceNow about CISO attitudes to security, said they were very concerned that security breaches are going unaddressed – and 71 percent are concerned that they can’t detect breaches in the first place.

Just why this is a problem was the source of some analysis, with 80 percent of Australian CISOs saying that attracting and upskilling security-skilled staff was the most important element to the success of security functions. This corroborates the recent findings of the Trustwave Security Pressures Report, which found that additional budget (named by 31 percent of Australian respondents), more security skills (21 percent) and a reduction in the number of complex security technologies and products (17 percent) topped the wish lists of security practitioners who feel strong pressure to protect the business by staying on top of changing security threats.

Yet finding simpler, better technology was only part of the challenge. Poor data classification practices were another key problem in dealing with the avalanche of security alerts that the average organisation handles, since without classification all alerts are presented as equally important. Nearly half of security operations managers see over 5000 alerts per day, according to Cisco’s recent 2017 Annual Cybersecurity Report (ACR), which also suggested security staff only manage to investigate 56 percent of the alerts received in a day.

Closing this gap requires a way of sifting through alerts faster and more effectively, but 72 percent of Australian respondents to the ServiceNow survey said they were failing to prioritise alerts based on the importance of the threatened data. This created a weak spot in the company’s information protection that will require support from increasingly sophisticated techniques for automating security analysis: “CISOs across the region must focus on automation and use technology to maximize the value of human capital in order to protect their organizations,” the report advises.

Many CISOs are in the process of implementing automation tools, with the proportion of APAC respondents automating more than 40 percent of their security processes rising from 38 percent now to 66 percent within three years. Similarly, whereas 46 percent said they were aggregating alerts or incidents from multiple security tools into a single system today, this was expected to rise to 78 percent within three years.

Yet even as automation is positioned as a solution to the skills crisis, it brings challenges of its own: a recent Gartner study of government organisations, for one, found that CIOs see data analytics (named by 30 percent of respondents) and security/risk management (23 percent) as the two biggest barriers to meeting digitisation objectives.

The multiplicity of security systems currently in use presented another challenge, according to Cisco’s ACR, which found that 55 percent of organisations were using security products from more than 5 vendors – compromising efforts to automate analysis of security information.

Vendors have raced to improve the uptake of security automation tools, with Australian security specialist Huntsman Security recently partnering with Cisco Systems for a joint cybersecurity initiative and launching its Huntsman Analyst Portal, which uses automated analytics to improve visibility of on-network activities and security diagnostics.


Show Comments