Automation and Automatic are not synonymous in Cyber incident response.
The move towards automation in cyber security controls is a result of Artificial Intelligence and Machine-learning developments. Various solutions designed to streamline the incident response efforts are embracing AI, ML technologies.
Automating certain tasks within the incident response process – involving routine and mechanical work, helps make enterprises more resilient to cyber-attacks. But, equating automating some aspects of the process, and/or making the entire process automatic, which are TWO different concepts. It’s important to note that, when it comes to cyber incident response, automation and automatic should NOT be considered synonymous.
Automation, when combined with an orchestration, helps reduce reaction times by replacing the most repetitive and routine tasks (that usually consume a large portion of the time security professionals dedicated to cyber security events), while allowing them to keep control over the entire process and maintain the possibility to use human judgment during the decision-making stages.
Automatic, on the other hand, basically means giving complete control of the incidents to a machine, which in some cases may produce incorrect results and even incur severe damages to the enterprise.
While, many CISOs are tempted to embrace automatic incident response, there are numerous challenges associated with such a move.
- Specific compliance risks might arise from this type of scenario. Enterprises cannot rely on an automatic incident response system, since it involves human input during the process of assessing the scope, severity and impact of breaches, which must be completed before the organisation can decide if a specific breach is subject to notification laws.
- While orchestration is necessary for security teams to be able to effectively and efficiently conduct the entire incident response process without losing control over some essential aspects of it. The recovery and eradication, in addition to preparation and post-incident analysis, requires human involvement.
Furthermore, CISOs are undoubtedly expected to remain a part of some of the more wide-reaching activities, such as raising cybersecurity awareness among all employees within their Enterprises, and enhancing resilience to manage cyber threats.
In conclusion, incident response is bound to get more and more automated, as AI and ML have a lot of potential for making the whole process more efficient, but automation should be done with caution, without giving up the human element and allowing CISOs to keep control over all cyber security events, due to the irreplaceable knowledge and expertise humans bring on the table.
By:- Sapan Talwar