Cybersecurity decisions that can’t be automated

Cybersecurity’s future in reducing incident response time is to automate the process. In other words, the process of marking an attack, aggregating key data, identifying the actual threat, assembling the tools and executing actions needs to be as close to machine speed as possible.

Unfortunately, most companies are still outsourcing only 30 percent of the decision-making to AI/cybersecurity programs that allow this, when a minimum of 70 percent is the healthier goal. 

Nevertheless, reaching that goal does not free a CSO or anyone in an organization from making key “human” decisions in the AI/cyber arena. Processes that include automated programs and algorithms are just one part of the job. The other significant factors are the management of:

• Resources, including hiring, training and retaining talent
• Technologies, including vendor selection, design and the implementation of policies
• Communications, including educating and generating buy in from senior management and the board of directors
• Collective learning; the sharing of incidents and attacks throughout the organization and even other businesses
• Compliance, including staying up-to-date and adhering with ongoing changes and rules

So, while the ultimate goal of a CSO’s job is to maximize incident response time via automation, the total success of the job is dependent on dealing with an overwhelming number of decisions that can’t be outsourced. These decisions require fine-tuning your soft, or nontechnical, skills, skills that many IT people are not trained in but are now required to have.

Within every decision lies an assumption

In my recent book, Challenge Your Assumptions, Change Your World, I propose a way to speed up the decision-making process, a key soft skill. The premise is simple: within every decision lies an assumption.  The process encourages you to remove judgments associated with making assumptions and to instead embrace them. Removing judgement allows you to own and manage your assumptions. Otherwise when left unchecked, your assumptions will manage you.  The book shows you how to identify daily and dangerous assumptions as well as how to challenge them.

For example, one way to identify security related assumptions made by the organization outside your department (and perhaps a few people inside) is through key words and phrases. Below is a list of expressions worth reviewing and discussing with your teams to help them understand when an AI/Cybersecurity assumption is in play.

What is said = what is being assumed

“We are not a target.” = We are too small for anyone to care about and hack.

“Cybersecurity is too complicated to understand.” = I’ll leave it to others to figure out.

“The government will protect us.” = The government is technologically superior.

“My ISP protects my organization.” = Those in charge know what they are doing.

“I have the best people on the job.” = A skilled executive can investigate computer crimes without any computer experience.

“We are keeping the enemy out.” = Malicious attacks come from outside the organization.

“This is good code.” = I don’t have the time to double-check its accuracy.

“We have the superior technology.” = No one can do what we can do.

“Follow the algorithm.” = Algorithms don’t make assumptions.

“Biometrics are better than passwords.” = Fingerprints can’t be lifted easily.

As the world of the CSO becomes more dependent on automating the decision-making process for reducing incident response time, there are no equivalent ways to automate the decision-making components that make up your entire job.

Therefore, the best approach is to acknowledge the need to enhance these soft skills, especially within your team. A good place to start is to encourage those inside and outside your team to identify and challenge daily assumptions in order to adapt to change, think differently and make smarter, faster security related decisions.