Few words strike as much fear into security leaders as “recession.” As more analysts anticipate a recession in 2023, chief information security officers (CISOs) and security leaders are coming under increasing pressure to do more with less. It’s important to note that organizations should look to assess what technologies provide the greatest impact internally, and not rely on guesswork.
“CISOs and other security leaders should assess which cyber capabilities will produce the greatest ROI.”Anderson Salinas, Risk and Financial Advisory Senior Manager in Cybersecurity, Deloitte
The Role of Automation
Automating processes and procedures throughout the organization (particularly within security) can help to increase the productivity of existing staff. After all, the less time employees and security analysts spend on repetitive, manual tasks, the more time they can spend providing value to other areas of the business.
“Solutions that automate manual and security processes should not be underestimated. CISOs can look to automation to remove manual burdens from their teams and help them prioritize utilizing staff to accomplish strategic tasks to better protect their organizations.”Muralidharan Palanisamy, Chief Solutions Officer, AppViewX
One potential use case for automation is digital certificate management. Research shows that the average enterprise manages more than 50,000 certificates. If one of these certificates expires, it can not only contribute to service disruptions, but provide threat actors with an opportunity to breach critical systems.
By leveraging automation, security teams can automatically manage certificates’ lifecycle and deployment. This offers many benefits, including decreasing the risk of operational disruption and data breaches, while freeing up analysts to focus on more high-value tasks like threat hunting.
As a recession is likely to only incentivize cybercriminals to create new types of threats, as occurred during the 2008 recession when the FBI noted an increase of 22.3% in online crime reports between 2008 and 2009. Similarly, Regulatory Data Corp noted that cybercriminal activity rose 40% in the two years following the recession’s 2009 peak. The writing on the wall is that cybercriminals will never let a good crisis go to waste.
While it’s difficult to tell if early predictions of a recession are accurate or what the severity will be, CISOs and security leaders need to start bolstering their cyber resilience now to reduce the potential for disruption. One of the greatest avenues for improvement is to identify opportunities to automate processes and controls. That’s why automation should be on a radar of every chief information security officer, whatever organization he works for.