The case for automation in cybersecurity

April 6, 2022

Hadi Jaafarawi, Managing Director – Middle East at Qualys, discusses making the case for automation in security operations

The cybersecurity industry, unfortunately, cannot claim to be in the business of good news. Threat actors ensure that we are continually warning of new vectors and techniques and advising new approaches to combat them. It is hardly controversial to suggest that COVID-19, apart from its horrendous impact on public health and population welfare, has impacted the ability of companies to keep their customers and employees safe from cyberattacks. Fresh complexities in the architecture of corporate technology infrastructures have left IT and security teams in catch-up mode — confused, overworked, and underequipped.

In a short break from doom and gloom, a PwC global poll shared some good news. It showed around 69% of organisations are planning to increase their cybersecurity budgets in 2022, and more than a quarter (26%) plan increases of 11% or more. Such action will be vital in the United Arab Emirates (UAE) where, according to a VMware report, 80% of security professionals reported increases in the number of attacks their organisation faced, and attributed the surge directly to remote work.

In November last year, Dr Mohamed Al Kuwaiti, Head of Cybersecurity for the UAE Government again spoke of a cyber pandemic, having previously used the term publicly in December 2020 after reporting that the country had seen a 250% increase in attacks because of remote working.

The persistence of skills gaps

The Middle East has now-famous skills gaps in key technology areas at a time when technology is the answer to almost all public and corporate issues, from governance to operations to monetisation. But cybersecurity stands out as perhaps the most critical gap at a time when organisations have moved to the cloud in vast numbers and turned IT environments on their heads. Server farms are now multi-cloud ecosystems. Vetted, regularly patched corporate PCs are now rogue personal devices of unknown pedigree.

Automation can plug some of these gaps. Attackers move quickly and adeptly, so the modern threat hunter cannot afford to rely on traditional patching cycles. Automation is a means to speed up many standard tasks and reduce execution errors. On the IT side of the equation, we see a lot of acceptance of automation. Measurable cost savings and proven efficiencies have driven more and more of it.

To embrace automation at scale, the entire cybersecurity discipline may have to unlearn what it has learned and break with tradition. DevOps teams are unafraid to break and fix, break and fix, break and fix — employing an iterative approach to the improvement of an end-product. Security teams, however, are trained to minimise impact and ensure that every tool they use does not interfere with the infrastructure at large. Automation can help regional firms plug their security skills gaps, but only if they adopt the same experimental mentality of break and fix.

To read more exclusive features and latest news please see our Q1 issue here.