Cyber security professionals should be preparing for the world of automation, according to Nick Coleman, global head, cyber security intelligence at IBM.
“If you continue doing what you have always done without embracing automation, you will be obsolete in three to four years,” he told the IsacaCSX Europe 2017 conference in London.
The cyber security skills shortage and the nature of threats are the two main reasons for identifying how many security functions can be automated, said Coleman.
“The threats are becoming so serious that we need to embed artificial intelligence [AI] and automation into security processes so that we can be more intelligent and efficient in our response,” he said.
According to Coleman, the real objective of cyber security is to ensure business resilience, and the only way to do that is to become more efficient.
Part of the information security professional’s role, he said, is to translate resilience into capabilities across the key cyber security areas of assessing threats, protecting against them, detecting intrusions, responding to incidents, and recovering.
“We should be looking at each of these areas and finding ways to embed AI and automation wherever it makes sense to do so to improve efficiency, and thereby improve capability and, ultimately, enable greater business resilience,” said Coleman.
As the cyber security world continues to become more sophisticated and complex and the number of threat and information sources continues to proliferate, the way for information security professionals to add value is to automate as much as possible, he said.
“Research shows that around a third of their time is spent gathering and processing information, but this is something that can be automated,” said Coleman, noting that IBM’s Watson supercomputer is currently ingesting four million security-related documents an hour.
This is an example of how great volumes of data can be collected, correlated and distilled to enable security analysts to be more efficient and effective, he said.
Efficiency will be increasingly important as organisations come under pressure to comply with information security regulations within every narrower time frames and boards demand greater business resilience, which requires faster understanding of what has happened, said Coleman.
The EU’s Payment Service Directive (PSD2), which comes into force in January 2018, requires breach notification within just four hours. “You need to ask whether you use time and tools efficiently enough to identify what has happened within 240 minutes to meet regulatory requirements,” he said.
It still takes many organisations an average of 200 days to identify a breach, he said, but for businesses to be resilient, 200 days later may be too late, and AI and automation hold the key to being able to identify breaches the day they happen.
Information security professionals must recognise that automation is happening everywhere, said Coleman. “We already have automated planes and ships, and relatively soon we will have self-driving cars, so they should be looking to where it makes most sense to automate in cyber security to make sure they are ready for the future and have developed the skills to deliver value on top of automation.”