Security - a balance between humans and automation

Security professionals anticipate automation will reduce IT security headcount, but not replace human expertise.

  • Thursday, 13th February 2020 Posted 4 years ago in by Phil Alsop

Ponemon Institute, in partnership with DomainTools, has published the results of its annual "Staffing the IT Security Function in the Age of Automation" report. The survey of more than 1,000 IT and IT security practitioners analysed the impact of automation on current IT security practices and staffing in the U.S. and UK. 

Overall, the majority of companies (77 percent) continue to use or plan to use automation in the next three years. The biggest takeaway in this year’s study is that the majority of respondents (51 percent) now believe that automation will decrease headcount in the IT security function, an increase from 30 percent in last year’s study. This increased belief was more pronounced in the UK, with 56% answering that it would reduce headcount, compared to 45% of US respondents. Furthermore, there was an increase of 4% in UK organisations saying they currently use automation from 2019-20, and a decrease of 3% stating the same in the US. Further, concerns by employees losing their jobs because of automation have increased to 37 percent over last year’s 28 percent. Meanwhile, the lack of in-house IT security expertise continues to be a problem. Sixty-nine percent of organisations’ IT security functions are understaffed; a slight improvement over last year’s 75 percent. 

The adoption of automation tools for cybersecurity this past year has had mixed reviews. Overall, 74 percent agree that automation enables IT security staff to focus on more serious vulnerabilities and overall network security. Interestingly, automation highlights a renewed focus on the importance of the human role in security. Of respondents:

  • Only 40 percent believe automation reduces human error;
  • Half believe automation will make jobs more complex; 
  • Fifty-four percent think automation will never replace human intuition and hands-on experience;  
  • Seventy-four percent (a rise from last year’s 68 percent) say that automation is not capable of certain tasks done by IT security staff. 

The number one roadblock of companies that considered automation and do not plan to automate is a lack of in-house expertise (53 percent), followed by a heavy reliance on legacy IT environments.

"The perspective around the effects of automated technologies for IT security continues to shift year after year,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "As adoption of automation becomes more mainstream and improves the effectiveness and efficiency of IT security staff, they are anticipating that they will be able to accomplish more with fewer bodies. What is likely is for there to be a consolidation of existing roles, rather than an elimination. This means better opportunities for employees to up-level their current skills to create more value-added roles as the human side of security remains as important as ever.”  

The report revealed that regulatory compliance standards such as GDPR and others are a growing global influence in organisation’s use of automation, with 72 percent citing that over last year’s 66 percent. This is reflected in the need for familiarity with security regulations and standards in both entry-level and highly experienced job candidates in the US - topping the list of knowledge requirements for the first time at 81 percent. 

Automation is not a quick, fix-all solution, though it is proving to deliver tangible benefits and results. A majority (60 percent) of employees state that automation is reducing stress in their lives and 43 percent say  it increases productivity. Automation delivers productivity benefits such as reducing false positives and/or false negatives (43 percent), increasing the speed of analyzing threats (42 percent), and prioritizing threats and vulnerabilities (39 percent). The most common activities likely to be replaced by automation in the next three years are log analysis (68 percent), threat hunting (60 percent), and DevOps (37 percent).

“Automation is already improving the productivity of security personnel across industries. We are still in the early stages of adoption and just touching the surface of how automation will enhance the capabilities of security staff and evolve security roles,” said Corin Imai, Senior Security Advisor, DomainTools. “However, the human factor remains the most important player in information security. Automation will never fully replace human intuition and expertise, and those that become experts in deploying and managing automation solutions will have a new valuable skill set for many years to come.”

 

Additional trends revealed in this year's report include:

  • Almost half of respondents (48 percent) are sharing threat intelligence to collaborate with industry peers. 
  • Forty-seven percent of organisations do not invest in training or onboarding of security personnel. 
  • Fifty-three percent of respondents have seen an increase in attackers’ use of automation.
  • Only 41 percent of CEOs and/or board of directors are briefed on the use of automation.