November 13, 2023 at 03:04AM
The cybersecurity industry focuses on developing new tools to address security challenges, but the most common cause of incidents remains process errors. According to a survey, 33% of security incidents are due to process errors, and 55% of security tools are not actively managed. Process mining for cybersecurity is proposed as a solution to identify and address process failures. The adoption of process mining is increasing due to advancements in technology, recognition of the limitations of tools, and the impact of attacks on processes. By prioritizing process improvements and providing visibility into processes, organizations can better mitigate cybersecurity risks.
According to the meeting notes, the cybersecurity industry emphasizes the need for new tools to ensure organizational security. Whether it’s BYOD, cloud, Kubernetes, or artificial intelligence, different tools are recommended for each emerging technology. However, it is important to note that despite the constant introduction of new tools, the most common cause of serious cybersecurity incidents is failed processes. According to Gutsy’s 2023 State of Security Governance survey, 33% of security incidents can be attributed to process errors. This suggests that simply adding new tools is not the solution.
To address process failures, it is crucial to identify the root causes accurately. Traditionally, this has been done through post-mortems and log analysis. However, relying solely on failed processes limits our ability to identify potential process failures that have not yet occurred. To overcome this limitation, a new approach is required – process mining for cybersecurity. Process mining has been applied in various industries for over a decade but has not been widely used in cybersecurity due to the tedious nature of the task and the workload of cybersecurity and IT teams.
Several factors are now driving companies to explore continuous, automated process mining for cybersecurity. Advancements in lightweight, cloud-native technologies and data normalization have made process mining more resource-efficient. Furthermore, there is a growing understanding that focusing on human factors and education is more effective than relying solely on point solutions for security threats. The stagnant nature of the OWASP Top 10 and the increasing number of incidents and vulnerabilities demonstrate that tools alone are not making companies safer.
Another driver for process mining adoption is the shortage of cybersecurity professionals, which presents an opportunity for younger workers to enter the field. These individuals require education, support, and real-time learning systems to prevent catastrophic errors. Additionally, recent high-profile attacks resulting from process errors have brought attention to the need for addressing process failures to mitigate financial and reputational impacts.
Instead of providing human operators with additional tools, the emphasis should be on providing them with a repeatable and logical process framework. It is crucial for technology teams to have visibility into the processes they follow and identify variations that hinder their desired outcomes. This requires a systematic, scalable, and on-demand approach to gain visibility. By shifting the focus from technology to process, we can address the root cause of most cybersecurity problems.
The author of the meeting notes, Aqsa Taylor, is the Director of Product Management at Gutsy, a cybersecurity startup specializing in process mining for security operations. With a background in cloud security, Aqsa has experience helping enterprise organizations improve their cloud security outlook. She emphasizes the importance of viewing security failures as a process problem and advocates for mining processes, educating operators, and monitoring for process anomalies as the real solution to reducing risk and successful attacks.