Applying cybersecurity automation to human cyber risk

As a security professional managing human risk, how long do you spend on manual, repetitive tasks?

Do you struggle to personalize security guidance for more and more people?

And do you wish you could automate day-to-day tasks to help you get more done?

You’re not alone. It’s hard for anyone to keep up. It’s boring. It’s stressful. And…it doesn’t help your people with the help they need.

We hear it all too often, cybersecurity professionals typically find:

• • Managing and recording the many moving parts of a security awareness, behavior, and culture program is challenging.
  • Programs demand considerable time and effort from people or teams that are frequently under-resourced.
  • Many tasks are manual, repetitive, tedious, and time consuming.
  • The growing number of systems you need to use can sometimes lead to mistakes or omissions.

We’d venture this has all started to feel normal. But normal doesn’t mean safe. Nor does it mean sustainable.

So, we’re rewriting the narrative.

Introducing Workflows

Workflows. It’s our human risk management automation tool that lets you automate virtually any of your organization’s human risk management and security awareness tasks—without code!

It changes a lot. We’ll walk through how shortly. First let’s make sure we’re on the same page about the linchpin of this whole thing—automation.

Cybersecurity automation:

What it is, and what does it do?

Cybersecurity automation was once a snazzy “nice to have”. That becomes less of the case every day.

With access to more data, with more interconnected tools on hand, and with budgets for people being squeezed (whilst budgets for tech remain healthy) automation is becoming a “table stakes” component of any human risk management strategy.

Cybersecurity automation boils down to the strategic use of tools and data. It’s about harnessing tech to:

• • Automate repetitive tasks
  • Personalize controls and communications
  • Accelerate response times

Use cases

Security automation will never replace human expertise. But it does free you up to focus your expertise on the things only you can do. So teams work smarter and more efficiently, and can give more focus to strategic initiatives.

Cybersecurity automation vs. cybersecurity orchestration: What’s the difference?

Cybersecurity orchestration and cybersecurity automation are closely related, but they’re not the same.

Cybersecurity automation involves using technology to execute predefined, repetitive tasks without human intervention. 

Cybersecurity orchestration, meanwhile, goes a step further. It involves integrating multiple technologies, tools, data, and processes to create a cohesive response to threats.

A leap forward in human risk management

Recent research from Gartner shows cybersecurity leaders have high hopes for their security awareness programs, yet underinvest in this space because legacy solutions do not meet current needs.

Less than half of cybersecurity teams measure employee behavior, and almost 80% have less than one FTE dedicated to security awareness.

The need for Workflows to support human risk management efforts was clear. When building Workflows, the CybSafe Product and Engineering teams worked towards three key principles.

1. Automation: Manage at scale

Cybersecurity automation allows small teams (or individuals) to manage security behavior at scale without a linear increase in workload or teamsize.

2. Real-time response: React instantly, improve security behaviors

Next up, real-time response. This is critical to human risk management’s evolution because it allows organizations to react instantly to threats and risky behaviors.

Real-time human risk response capabilities monitor people’s activity, detect threats, and alert the right people.

3. Personalized learning: Customize everything

Finally, the cherry on top. Personalized learning.

Give people their very own tailored learning paths, and you’ll see their knowledge, behavior, confidence, and engagement in cybersecurity improve. Give people bland tick-box training, and you won’t.

Getting started with Workflows

Let’s get stuck in and look at how workflows are built.

Step 1: Trigger

The Trigger function determines when the Action (selected in step 3) will activate.

Triggers are selected based on activity taking place within the CybSafe platform, or any one of a number of integrated systems. For example:

• • In-platform activity: User completes a selected goal, user reports a phishing message, or user enters data into a simulated phishing landing page.
  • Integrated system activity: User posts PII in a public Slack channel (Slack, Splunk, Microsoft 365 DLP), or user uses leaked credentials in a password (Azure AD Identity Protection).

CybSafe integrates with a number of workplace productivity and security tools. And we’re adding more all the time.

Step 2: Audience

The Audience function determines who will be enrolled into a workflow.

• • User groups: Audiences can be selected based on predefined User Groups specific to your organization.
  • Progress characteristics: Audiences may also be built based on progress such as the amount of training completed, the last time they logged in, or whether they have any pending refresher tests.
  • Risk characteristics: Finally, and most notably, audiences can be selected based on risk characteristics, such as risk scores, phishing reporting percentages, and number of high-risk phishing actions.

You can, of course, combine any of the above to create an audience. For example, you might select anyone in your Finance Team, who have completed training modules, with a high risk score, to receive follow-up support.

Step 3: Action

The Action function determines what your workflow will do.

We offer a range of actions to support personalized learning & comms, incident response, leadership notifications, and automated actions across your tech stack.

Notifications are received right into email, Slack, or Teams direct messages, where people are most likely to see and be swayed in a better direction.

Notable actions include:

• • Enroll in training/simulated phishing: Enroll users into training and simulated phishing campaigns based on their activity.
  • Send notifications: Send users and managers emails, CybSafe nudges, and Slack, Teams, & Google Workspace messages.
  • Add/Remove user to groups: Add and Remove users to groups based on their activity.
  • Filter users: Build different paths for people based on their actions and membership to groups.
  • Send webhooks: Make HTTP requests to a specified URLs.

No coding required! 

We know, it’s not like coding is some great mystery. Plenty of people can code. Maybe you’re one of them.

But it takes time. And effort. Hence why a Workflow is ridiculously simple to create.

Select a trigger. Choose the audience. Program the action. Done.

The Workflows library

The sheer number of possibilities presented by Workflows is overwhelming. Trust us, we did the math.

We’ll dive deep into the art of the possible in a future blog. For now, we’ve built a template library to get you started with the most popular workflows.

Turning work into Workflows

Cybersecurity demands considerable time and effort from teams who are frequently under-resourced.

Workflows automate tasks, react instantly, and provide personalized security help. This frees up time to focus on more strategic initiatives.

Gartner coined the term “cybersecurity mesh” to define the integrated approach that protects assets in a network, by building layers of security to connect all of the tools used across the network.

Turn your work into Workflows. Use them to make the most of the data and tools you already have at your disposal.

No more endless manual interventions or generic training modules. No coding. No sweat.

See how Workflows can transform your security awareness and human risk management programs. Schedule a demo today. We can’t wait to show you around.