Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

The Danger of Overreliance on Automation in Cybersecurity

Automation is critical in enhancing cybersecurity efforts, and speed is one of its key benefits. Most cyberthreats spread quickly, such as ransomware or worm attacks, and automated systems can detect and respond to them much faster than humans can. AI also ensures consistency because it can do repetitive tasks with high accuracy.

However, it’s easy to rely too heavily on automation to provide cybersecurity. The volume of logs, alerts and incidents is multiplying exponentially, and automated tools can analyze vast amounts of data without getting overwhelmed. This can be a double-edged sword, though. Companies should have a healthy balance of tech and human talent when keeping systems safe.

Automate With Care

Overreliance on automation in cybersecurity can introduce several risks and challenges to organizations. It can aid in addressing the vast number of threats companies face daily, but a balanced approach is crucial. Here are some dangers of being overly dependent on automation in cybersecurity:

  • False sense of security: Believing that automated systems will catch every threat can make organizations complacent. No system is perfect, and new, unforeseen threats are always emerging.
  • False positives/negatives: Automated systems can generate false positives, which can desensitize security teams if they happen frequently. Conversely, false negatives, where a genuine threat goes undetected, can have severe implications.
  • Lack of context: Automated systems lack the human intuition and context needed to evaluate the risk and importance of a particular alert. A seasoned security expert can differentiate between a benign activity that looks suspicious and a genuine threat.
  • Bypass and evasion: Cyber attackers are innovative and can devise methods to bypass or evade detection systems. Companies that are overly reliant on automation might miss these threats.
  • Overhead and complexity: Implementing, maintaining and updating automated security tools can introduce additional complexity into a system, potentially opening up new vulnerabilities.
  • Reduction in human expertise: Over-relying on automation reduces the need for human experts, which means an organization might have fewer experts who fully understand the system. This can be dangerous if things fail or are compromised.
  • Stagnation: Automation, by its nature, follows known rules and patterns. Overreliance can cause organizations to be reactive rather than proactive. They may fail to keep pace with evolving threat landscapes.
  • Interoperability issues: Integrating multiple automated tools can be challenging. This can lead to gaps in security coverage if not managed correctly.
  • Inability to handle zero-day threats: Automation tools rely on known signatures or behaviors. Zero-day threats, which are previously unknown vulnerabilities, can go undetected.
  • Cost implications: The initial and ongoing costs of implementing and maintaining advanced automated solutions can be significant. Overreliance without an accurate cost-benefit analysis can lead to resource allocation issues.
  • Data overload: Automated tools can generate vast amounts of data. It can overwhelm security teams and systems if not properly managed, causing them to miss critical alerts.
  • Reliability concerns: Like any technology, automated systems can fail. Overreliance without redundancy can lead to exposure when these systems experience downtimes.

Cybersecurity and AI Go Hand in Glove

Automation can handle routine tasks for employees, freeing up cybersecurity professionals to focus on more complex and strategic activities. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) analyze network traffic for suspicious patterns, flagging or blocking malicious activities faster than ever.

Cybersecurity professionals can also use automation to rapidly contain a threat. For instance, automation can immediately isolate a compromised system to prevent further spread. Automated scanners can check for known vulnerabilities, ensuring organizations know potential weak points.

Other uses of AI in cybersecurity include:

  • Patch management: Automation can help identify missing patches across the infrastructure and sometimes even enact them.
  • Risk assessment: Automated tools can assess an organization's risk posture by analyzing configurations, permissions, and other factors against best practices and standards.
  • Log management and analysis: The automated collection and analysis of logs can help identify suspicious activities and provide forensic evidence in case of an incident.
  • Red and blue team exercises: Automated tools can simulate attack scenarios, or red teaming, and defense strategies, or blue teaming, allowing organizations to test their cybersecurity readiness.
  • Phishing simulation: Automated tools can educate users and assess the organization's susceptibility to such attacks. They can also guard against form-jacking, a type of cybercrime that attacked more than 4,000 websites each month in 2018.
  • Threat intelligence: Some platforms can aggregate information about emerging threats from multiple sources and disseminate it within the organization for proactive defense.
  • Backup and recovery: Automation ensures that backups occur regularly and can also support rapid recovery processes after a security incident.
  • Orchestration: Security orchestration, automation and response (SOAR) platforms allow different security tools to work together seamlessly, coordinating their actions and sharing information.

Balancing Automation With Human Oversight

The future of cybersecurity isn’t about choosing between humans and automation — it’s about integrating them effectively. Human experts bring intuition, decision-making skills and adaptability. They can see patterns and think outside the box. Automation can process vast amounts of data quickly, provide rapid responses and ensure consistent application of policies.

Overreliance on automation for cybersecurity can introduce vulnerabilities and sometimes result in significant security incidents. One real-life case study that underscores this point is the 2017 Equifax data breach.

Equifax, one of the three major credit reporting agencies, was attacked and exposed the personal data of 147 million Americans. The compromised information included names, Social Security numbers, birth dates, addresses and driver's license numbers.

One of the contributing factors to the breach was a missed patch. Equifax failed to patch a known vulnerability — CVE-2017-5638 — in its Apache Struts web application framework. While the specifics of Equifax's internal processes were not fully disclosed, many organizations rely heavily on automated scanning tools to identify and sometimes patch vulnerabilities in their systems.

Companies can benefit from several takeaways in this incident:

  • Layered defense: Organizations should not solely rely on automation for their cybersecurity defenses. There should be multiple layers, including automated and manual processes.
  • Human oversight: Automation can significantly improve efficiency and coverage, but human oversight is essential for context and to catch anomalies that tools might miss.
  • Regular review: Systems and tools should undergo regular reviews to ensure they function correctly and catch the vulnerabilities they are supposed to detect.
  • Patch management: Patching should be prompt, especially for publicly known vulnerabilities. A structured process can help ensure problems are addressed promptly.

Adding the Human Touch to Automated Cybersecurity

Breaches and their aftermath serve as cautionary tales about the dangers of over-relying on automation in cybersecurity. These tools play a crucial role in today's security landscape, but they should be part of a holistic approach that incorporates human judgment, manual validation and regular review processes.

Zac Amos
Zac Amos
Zac Amos is the Features Editor at ReHack, where he covers trending tech news in cybersecurity and artificial intelligence. For more of his work, follow him on Twitter or LinkedIn.

Related Posts

Role of Data Diodes in the Evolving Landscape of OT Cybersecurity

Technology is evolving at such an enormous pace in this era that it often becomes challenging to balance ...
Muhammad Ahmed Nov 28, 2023 8:00:00 AM

How to Manage Cybersecurity Automation Challenges

Cybersecurity automation stands at the forefront of technological advancement, equipping businesses with ...
Zac Amos Nov 16, 2023 2:33:17 PM

How Cybersecurity Automation Helps Navigate Compliance Challenges

Cybersecurity and IT professionals have an opportunity to enhance operations with regulatory compliance a...
Zac Amos Nov 7, 2023 8:00:00 AM