GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

By Zac Amos

The rising complexity and prevalence of cybersecurity threats are making experts anxious.

It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Automation could alleviate the burden on IT teams and cybersecurity professionals by shouldering some monotonous, time-consuming tasks.

An increasingly digitized world means analysts can’t rest. Nobody knows when a threat will strike, and professionals might feel they’re running on an endless hamster wheel. Experts must monitor firewalls, test business continuity plans and identify vulnerabilities with seemingly little payoff.

These feelings are a side effect of cybersecurity burnout. It can be one of the most toxic barriers in a robust cybersecurity strategy, especially if analysts can’t keep a level head in the face of prospective threats. If analysts become exhausted, pessimistic or overwhelmed trying to keep up with relentless and innovative hackers, companies and customer data could be at risk.

Automation is the key to removing most of the burnout. Analysts could delegate repetitive, mindless tasks to AI or software that could perform just as well — if not better — than humans. Every automation tool is like an added employee, strengthening SOCs and empowering individual analysts to find more valuable ways to employ their expertise or receive additional training on more complex topics.

Here are some of the jobs automation tools could execute that can optimize triage and help analysts stay focused:

•Send threat notifications to teams, management and stakeholders.

•Isolate threats in pre-programmed environments for assessment.

•Run test scenarios to prove the validity of incident response.

•Classify threat data.

•Enforce strict authentication and verification measures for server access requests.

•Notify technicians and programmers of compliance changes.

•Install software and hardware updates to minimize vulnerabilities.

•Execute data minimization protocol by backing up and deleting data as needed.

•Submit, close or escalate case tickets.

Organizations must leverage automation tools to keep system issues in a constant state of self-healing from diagnosis detection to patching. So, where and how can professionals incorporate them into an existing risk management plan?

Cybersecurity staff can incorporate automation tools into every risk management process step. For example, automated programs informed by machine learning can review historical and modern data against incoming access requests, judging their threat intensity so analysts don’t struggle with alert fatigue.

These are some of the most popular tools for automating the vast majority of cybersecurity work:

•eXtended Detection and Response: Analyzes endpoints, clouds and other silos for sneaky threat actors that hide between perimeter and internal security.

•Security Orchestration, Automation and Response: Cross-platform tech stacks that can do tasks like remediation and submitting security alerts.

•Robotic process automation: Programs that simulate rudimentary cybersecurity tasks requiring a specific outcome, such as running security scans.

•Cyber risk quantification: Collects and translates risk information into currency, informing boards and stakeholders of the threats from a monetary perspective.

•Security information and event management: Standardizes data into patterns from security protocols — like firewalls — for cohesive contextual threat analysis.

There is a need for automation to fill job demands, as threats arrive nonstop and job vacancies plague desperate enterprises. Businesses can employ all or one of these tools to kickstart their automation implementation, as each tool works best in specific scenarios.

Embracing automation will increase the resilience of teams and digital environments. It will free analysts to deepen their knowledge instead of wasting resources on lesser threats, instilling a more meaningful sense of purpose in a job otherwise tainted by burnout.

Using automation to supplement teams now will foster more proficient and optimistic analysts for the future because they’re entering the field with more tangible, beneficial tasks than tedious data management or playing hide-and-seek with threat actors.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

May 2nd, 2023