Despite having a revolving cast of threats and mitigations to think about at any one time, some concerns for CISOs are nonchanging. Human error is one such concern. After all, cyber security hinges on the actions and behaviour of individuals and that’s going to be the case for as long as humans are in the cybersecurity loop (which, of course, they should be).
CISOs know this and wouldn’t have been surprised to see Proofpoint’s 2024 Voice of the CISO report find that human error is the most cited cyber security risk by CISOs today.
The complexity of de-risking human error needs to be acknowledged. Any stereotypical notion of the “fat finger” being the leading culprit for human error is unhelpful. Today’s reality is that security analysts are fatigued by the constant stream of alerts and reports from an ever-growing stack of new security tools and solutions. This information overload serves as a distraction that leads to missed critical events, social engineering attack attempts, or insecure data practices.
CISOs shouldn’t settle for the new threat, new tool buying cycle that further adds to the workloads of security teams and increases the risk of human error. Intelligent automation is needed.
Cutting at risk in the repeatable
Interoperable workflows can maximise the capabilities of the entire security stack to automate repetitive security processes that always work the way they’re meant to – without the risk of human error:
- Attack surface detection can be bolstered by automated monitoring of a company’s external attack surface and identification and analysis of external assets, feeding into a real-time dashboard for analysts to keep an eye on
- Password Auditing requires less manual work through automated auditing of any compromised passwords and, in A-Ops, workflows can even integrate with AWS to build a secure environment to pen-test user passwords against wordlists used by hackers
- Patch compliance will never be overlooked by security teams when automation covers every step of the process – from copying and installing patches to application reboots and required checks
The windfall
Controlling and minimising the risk of human error can help CISOs stop expecting the worst and start trusting that critical, but repeatable, security processes are always being carried out as they’re meant to.
With the first steps taken on the automation journey, CISOs can look ahead to minimise the risk of human error in a wider range of sensitive processes.
- Installing automated quality checks on data helps data-led organisations limit the threat of human error in manual data entry or workers failing to manually review the quality of data input or output that influences decision-making.
- Taking identity access management (IAM) out of the hands of highly privileged users, who respond to raised tickets from across the business, in favour of a process that runs via automated workflows means fewer links in the IAM chain requiring manual, user action where human error can occur.
These are just two examples of core processes that CISOs are responsible for where failures via human error could have catastrophic consequences. Automation makes those mistakes far less likely to happen – which will be music to the ears of CISOs. The opportunity shouldn’t be passed on.