In 2021, we’ve witnessed cybercriminals infiltrate government networks, incessant ransomware lockdown operational technology, and advanced persistent threats make national headlines. Microsoft’s President Brad Smith recently stated, “So there’s been an ongoing conversation in the cybersecurity community. ‘Why aren’t organizations doing better?’”
At a macro level, the solution to the problem seems to be straightforward: it comes down to money, people, and technology. The 2022 fiscal year DoD cyber budget request rose by $600 million to $10.4 billion compared to the $9.8 billion requested in 2021. This shows how the federal government is making security a top priority by advocating for more funding to protect national data and assets.
The next piece of the solution deals with the people. According to Microsoft, there are over 400,000 open jobs in the country that require cybersecurity skills. It’s been noted, that addressing the skills gap may improve an organization’s ability to combat cybercriminal activity. Overcoming this skills gap is critical to protecting US companies and our national infrastructure, as well as providing high-paying jobs to Generation Z and Millennials which will boost the economy in the short and medium term.
The main question that needs to be asked: will adding more cybersecurity workers and money address the root of our problems? I believe the answer is more complicated than merely adding more talent to the industry.
Shifting Your Cybersecurity Strategy
Aside from filling jobs, organization’s must rework their security strategy and infrastructure to safeguard from human error and keep pace with the evolving attack surface; security professionals face challenging circumstances defending critical data due to cloud migration, digital transformation, Internet of Things (IOT), remote working, and more.
Cybercriminals relentlessly target employees because humans are not infallible — they make mistakes and fall victim to cyberattacks (even if you work hard to implement security awareness training across the organization). The more data and people you have in an environment, the greater the likelihood hackers will find vulnerabilities and slip through the cracks.
President Biden’s recent executive order proves how important it is to shift your cybersecurity strategy to a Zero Trust model to safeguard against these challenges and reduce the risk of a breach. Rather than relying on protecting a corporate perimeter, Zero Trust is an identity-centric model that focuses on securing resources such as data, identities, and services. This ensures there is strict authentication at each access point, regardless of location. Zero Trust principles require you to presume all networks are not trusted unless verified at each request, apply least privilege access to users, and reduce risk by inspecting and monitoring everything. The larger the organization, the more important this model and these questions become for safeguarding data and assets.
If you’re interested in learning more about how to build a Zero Trust ecosystem, this white paper will help you chart a strategy and illustrates how we at LogRhythm implemented Zero Trust.
The Future of Technology in Cybersecurity
The next question is whether the technology that we use today for cybersecurity is truly adequate to address the current situation? There’s a lot of technology available, but is it effective at addressing the cybersecurity issues that plague our country as well as the world at large?
Let’s dive into where technology is heading and what makes the most sense when addressing cybersecurity now and in the future. Adding people will help in the short run, but if people are trained on technology that is not sufficient to address the cyber issues of today and tomorrow, then we haven’t addressed the real problem which is one of effectiveness.
Trust in the World of Cyber
Trust means to have a firm belief in the reliability, truth, ability, or strength of someone or something. Human beings inherently want to place their trust in someone or something. This bias towards trust has is a flaw in any cybersecurity system. If the system assumes no one is trustworthy or reliable, then bias can be reduced and the environment becomes more secure. If you push this concept forward, reducing or eliminating people from daily cyber operations such as detection and remediation should logically make the IT operational environment more secure. The reality is that this concept is more complicated than it sounds.
Much of detection and remediation involves repetitive tasks. Repetitive tasks are simple to perform, and humans generally pick up repetitive tasks easily, but the downside is error can occur due to carelessness, complacency or just being tired or hungry. Even when the best people are hired, any organization must accept that there will be some human error. Automation can take steps to prevent or at least reduce human error.
What is Automation?
Automation is the implementation of technology to enable a system, process, or equipment to operate without human intervention. Automation doesn’t remove the need for human beings, but can reduce routine, repetitive tasks to focus in areas where people excel over automation. If set up correctly, automation can provide significant benefits ranging from increased productivity, mistake reduction, and the development of single sources of truth for data.
Artificial intelligence (AI) and machine learning (ML) are closely linked with automation. Artificial intelligence is technology that is designed to simulate human thought and behavior. Machine learning employs computer algorithms that improve without the aid of human beings through experience and data use. The goal of machine learning and artificial intelligence is to develop intelligent computer systems to solve complex problems.
Developing automated cybersecurity systems based on machine learning and artificial intelligence will significantly reduce human error from cyber operations as well enable the system to learn from security events as they happen, identify patterns, eliminate false positives, and help speed human decision-making.
Developing cybersecurity systems based on automation and ML/AI will streamline security operations and help detect and mitigate threats faster. Automation will never replace humans, but it will increase productivity and enable security professionals to conduct higher-level tasks such as system validation and design, complex problem solving, data science, and more.
The industry is moving in this direction of automation, but due to time for adoption, implementation, and training it will probably take at least ten years to achieve the level of security really needed to protect our nation’s critical infrastructure. In the meantime, implementing a Zero Trust framework will initiate more effective types of technology to address persistent cybersecurity challenges. You can download our collection of free Zero Trust resources to help manage your initiatives and deliverables.