Security

IT leaders rely on immutable storage as ransomware attacks skyrocket

Scality, a leader in reliable, secure and sustainable data storage software, has announced the results of a survey of 500 IT decision-makers across France, Germany, the UK and the US, to gain insight into the role immutable data storage plays in an organisation’s overall cyber security strategy. Key findings reveal: 94% either already rely on immutable data storage or plan to implement it within the next 12 months, and an additional 2% plan to deploy it within the next three years. 69% consider immutable data storage essential to their corporate cyber security. Only 12% of those who deployed immutable data storage say it is not essential to cyber security. Results from the independent survey by Vanson Bourne demonstrate that IT leaders consider immutable storage as a must-have in the fight against cyber attacks. Ransomware threats are now understood by organisations to be inevitable. Reports show one in four organisations that pay a ransom never get their data back, and just 16% are able to recover without paying a ransom. This reinforces the role immutable data storage plays as an essential last line of defence within a cyber security toolkit. With immutable storage, data cannot be deleted or modified once written, increasing data safety and ensuring organisations have the power to restore data with 100% accuracy in the event of a breach. Survey insights: Vertical market and regional nuancesComparisons among IT leaders surveyed across vertical industries and specific countries reveal a number of notable differences: Vertical market: Manufacturing organisations (95%) are most likely to deploy immutable storage. While, 84% consider it essential to their corporate cyber security. Financial services firms (74%) report the lowest reliance on immutable storage; 60% say it’s essential to their corporate cyber security. Regional: A majority of IT leaders across all regions currently use or plan to use immutable data storage: The US has the highest level of current or planned immutable data storage deployments, with 98% of respondents either having implemented it or planning to do so within the next year. This is followed by France at 96%, Germany at 94% and the UK at 85%. While a relatively low number (12%) of IT leaders worldwide who currently use immutable data storage do not regard it as “essential” to their cyber security strategy, a larger percentage resides in the UK: 24% of UK respondents have deployed it but say it is not essential to their cyber security, compared to 11% in France, 9% in the US and 6% in Germany. Dave Russell, VP of Enterprise Strategy at Veeam Software, says, “Widespread deployment of immutable storage reinforces an increased awareness of the critical role secure backup plays as an active defence against cyber attacks, specifically coupled with immutable backup data. Veeam believes that achieving zero trust data resilience with immutable storage implementations — that are indeed truly immutable — is a great opportunity for IT leaders to reduce the risk of growing data security threats and improve their overall cyber resilience.” Does traditional immutable storage still leave a window of exposure?The survey reveals the criticality of immutable storage at a time of evolving industry dialogue about data cyber security best practices and technologies. But it’s important to note that not all immutability is created equal — some forms still leave a window of exposure. Unlike forms of immutability enabled by traditional solutions - such as NAS/file system snapshots, dedupe appliances, Linux-hardened repositories or tape - true object storage solutions are inherently immutable at the core architecture level. The system implements proper protocols and true object storage semantics to preserve data in its original form the very moment it is written, which is not the case for other immutable solutions that can introduce time delays before data is immutable. Each object, even those written nanoseconds apart, can never be overwritten, deleted, or modified. This architectural reinforcement provides a crucial last line of defence against ransomware attackers’ attempts to encrypt data and extort victims.  Paul Speciale, CMO, Scality, says, “Immutable data storage is an insurance policy against ransomware. While the survey data shows IT leaders resoundingly agree that immutability is a cornerstone of cyber security strategy, 31% still did not report it as essential. Here’s the reality: Being able to restore quickly from an immutable backup means the difference between a successful and unsuccessful ransomware attack. Without storage that’s truly immutable, you’re vulnerable to cyber criminals’ demands. The perception among some respondents that it’s not essential to cyber security is misguided and represents an opportunity to shift more IT leaders towards achieving a modern, inherently immutable object storage solution as a much-needed last line of defence to keep data locked and immune to ransomware exfiltration, modification or destruction.” The survey was recently conducted by global technology market research firm Vanson Bourne across several industries, including manufacturing, telecom, professional services, financial services, and retail. Respondents were asked, ‘Is immutable data storage an essential element of your organisation’s corporate cybersecurity strategy?’ To qualify, each respondent carried a manager or above title in an enterprise-sized commercial organisation with over 1,000 employees and is primarily employed in the IT function.  Key findings in the UK: 85% of UK respondents currently rely on immutable storage or plan to implement it within 12 months. This is the lowest of the four regions (US, UK, France, Germany). 47% of UK respondents across all vertical markets consider immutable storage essential to their corporate cyber security strategy. 54% of UK respondents in the IT, technology and telecoms sector deploy and consider immutable storage essential to their corporate cybersecurity strategy. This is the highest score among all sectors surveyed in the UK. Read the blog: What is true immutable storage? Download the immutability checklist here.

Neterra sees 100% increase in DDoS attacks blocked in 2023

Neterra has defended its clients from a record number of DDoS attacks in 2023. The company mitigated a total of 963,346 DDoS attacks and handled over 6.6PB of malicious traffic. Out of the total attacks, approximately 231,358 were of high intensity. This marks a twofold increase compared to 2022, when the company thwarted 488,151 DDoS attacks. Neterra employs a comprehensive approach to DDoS protection, combining cloud-based platforms, specialised hardware equipment, and other solutions. Through its specialised hardware equipment, the company halted 899,431 attacks, a significant portion of which were of high intensity and involved large volumes of malicious traffic. Neterra's cloud platform protected the company's clients from 63,915 attacks in 2023. What Are DDoS attacks? DDoS attacks typically manifest as a deluge of fake traffic, overwhelming the servers and websites of the targeted victim. Legitimate users are unable to access services, while hackers exploit the chaos to steal data. It can be likened to a massive crowd of fake customers blocking the entrance to a store, preventing genuine customers from entering. What are the consequences? DDoS attacks can result in financial losses, affecting online sales revenues, subscriptions, and advertising. They can also damage reputation by tarnishing the image and trust of clients, as well as lead to data loss — hackers may exploit the attack to steal sensitive information. This is the nature of a DDoS attack; an online tsunami that can last for days or even months, ultimately inundating any business. DDoS attacks can result in financial losses, affecting online sales revenues, subscriptions, and advertising. They can also damage reputation by tarnishing the image and trust of clients, as well as lead to data loss, hackers may exploit the attack to steal sensitive information. This is the nature of a DDoS attack, an online tsunami that can last for days or even months, ultimately inundating any business.

Acronis unveils Cyber Protect 16: A new era in cyber security

Acronis, a provider of cyber protection, has introduced the latest release of its flagship product – Acronis Cyber Protect 16. Acronis Cyber Protect delivers robust protection against cyber threats and unparalleled backup and recovery capabilities. This latest version establishes a new benchmark in easy and fast recovery after cyber attacks or data loss, especially for modern multi-site organisations. As technology advances, the necessity for an integrated cyber security and data protection solution fit for distributed organisations has become increasingly evident. Factors including the rise of remote work and a rapidly changing threat landscape have increased attack surfaces and raised larger data access and privacy concerns. The product introduces a new centralised dashboard that further improves and simplifies management with a single pane of glass, providing visibility and simplified management for the entire environment. Additional features of Acronis Cyber Protect 16 include: Cyber threat protection: Using artificial intelligence (AI) and machine learning (ML), proactively secure data, applications, and systems from advanced cyber-attacks including ransomware and other forms of malware. Rapid recovery: Reduced dependency on central IT support empowers users to initiate one-click recovery capabilities of distributed endpoints, including bare-metal recovery of physical workloads. Reduced TCO: Broad, multi-generational OS support, enables vendor consolidation while ensuring comprehensive protection. Simplified management: Centralised management includes local autonomy and seamless integration with existing third-party tools to provide a unified view of backup and recovery operations along with broad, multi-generational OS support. Data sovereignty: With the use of Acronis’ extensive network of global data centres, users can ensure compliance and master regional data sovereignty laws, offering peace of mind and regulatory compliance. “The release of Acronis Cyber Protect 16 underscores our dedication to protect all data, applications and systems,” says Gaidar Magdanurov, President at Acronis. “In today’s era of distributed environments, organisations require a cyber protection solution that provides reliable protection and fast and easy recovery after incidents. For many industries, like manufacturing, finance, healthcare, and retail, that can’t afford any downtime, it is crucial for non-IT personnel to be able to accomplish successful recovery; and that is what Acronis Cyber Protect 16 is bringing, one-click recovery after cyber attacks or data loss.” Acronis Cyber Protect 16 provides a unique integration of backup, disaster recovery, cyber security, and remote endpoint management delivered via a single, cost-effective, efficient platform. With the ability to rapidly restore any computer without the need for IT intervention, specialised or industrial computing companies specifically in the operational technology (OT) industrial control systems (ICS) community, gain peace of mind and minimise costly downtime from potential outages. The integration of data protection, recovery capabilities, and advanced security functionality is designed to assure business continuity. “With Acronis Cyber Protect, we offer our clients the peace of mind that comes with a true cyber resilience solution,” says Alan Conboy, Field CTO at Scale Computing. “We have complete confidence that if one of our customers suffers a cyber incident, we can get them back online in minutes. Acronis' single console seamlessly integrates comprehensive backup and recovery, endpoint management and cyber security to meet the needs of our broad range of customer environments, diverse OSs and organisational sizes. They are our go-to vendor to scale our business with world-class, affordable service offerings.”

New Zayo report analyses trends in DDoS attacks from 2023

Zayo Group, a global communications infrastructure provider, has released its annual Distributed Denial of Service (DDoS) Insights report, which found a significant increase in the intensity of DDoS attacks and their impacts on businesses in the second half of 2023. According to new Zayo data, the average DDoS attack lasted 68 minutes in 2023. With unprotected organisations shelling out an average of £4,700 per minute of each attack, that totals a startling £325,000 average cost to businesses for DDoS attacks.  A key driver to this enormous cost was the steep rise in the duration of DDoS attacks throughout the year. The average length of attacks surged by more than 400% from Q1 to Q4 of last year — from an average of 24 minutes to 121 minutes — signalling a worrying trend from both security and cost perspectives. The astonishing volume of DDoS attacks in the first half of 2023 – up 200% from all of 2022 – seemed to have contracted in the second half of the year. Across all industries, comparing Q4 to Q1 2023, companies saw a 16% increase in attack activity. The outlook isn’t exactly rosy, however, volumetric attacks are being replaced by multi-vector attacks, spreading destruction more widely by targeting individual IP addresses, email systems, databases or web browsers, which are much harder to detect. "What we’re seeing is that cyber crime is only getting savvier,” says Anna Claiborne, Senior VP of Network Connectivity at Zayo. “AI is presenting itself as a double-edged sword in this space. On one side of the blade, criminals are using AI to increase the sophistication of attacks and circumvent traditional defence mechanisms; on the other, mitigation platforms are using AI to dynamically identify and defend against new and emerging threats. As DDoS remains a profitable model for cyber criminals, attacks will continue to be a brutal inevitability for businesses. But luckily, DDoS protection is also rising to the occasion." Key findings by the industry: Telecommunications companies experienced the most frequent attacks, comprising about 40% of total attack volume with nearly 13,000 attacks in H2 2023. Retail and healthcare companies experienced the largest attacks in H2, with an average attack size of 2.5Gbps across companies in these two industries. Government entities once again experienced the longest attacks with the average attack duration increasing from four hours in H1, to 18 hours in H2, increasing by 322%. This is a 1,141% increase from Q1 to Q4 of 2023. Educational institutions accounted for 17% of all attacks last year, thanks in part to the ease and affordability of botnet-for-hire services combined with frequent gaps in the cyber security of the institutions.  Why it matters: DDoS attacks are here to stay, and cyber criminals are not discriminating over an organisation’s size, industry or business model. These attacks cost organisations thousands of dollars per attack, not to mention reputational harm and customer churn, and many of the factors contributing to a vulnerable environment, such as increased digitisation, political unrest and hybrid work, are not going away anytime soon.  The sheer sophistication of these attacks, which are meticulously planned to hit during a business’ busiest time of day and often utilise automation, like bots, to make it easier, makes it a crucial time for organisations to have advanced, forward-thinking DDoS protection. For every company, it is not a matter of if, but when. “Most people on the internet aren’t plotting a DDoS attack, but the internet is a big place and Dark Web crime is the fastest growing business on earth,” says Eric O’Neill, National Security Strategist at Carbon Black. “We’re in an attacker’s market and they are leveraging sophisticated technologies and cutting-edge techniques to innovate the way they deceive, disrupt and destroy our most critical data. To stop the attackers from gaining the upper hand, we need DDoS protection that is as easy and effective as turning on a switch.”

Invicti Security and Mend.io bring full-spectrum of AppSec testing

Invicti Security and Mend.io have announced a partnership to bring the full spectrum of application security testing and supply chain security tools to customers. This partnership pairs Invicti’s DAST, IAST, and API Security domains with Mend’s SAST, SCA and Container Security solutions, to give customers full code coverage and continuous security. Balancing development speed and innovation with the best cyber security practices is critical for companies building and deploying software, particularly as bad actors are increasingly creative and agile in their attack methods. A complete stack of AppSec testing tools that prioritise accuracy and scale are necessary to ensure teams can keep pace with both release schedules and security needs. “The rising number of security vulnerabilities in software results in an ever-changing attack surface, presenting a major challenge to organisations in maintaining and improving their security posture,” says Alvaro Warden, Director of Global Channels and Partnerships at Invicti. “To manage this challenge, companies must have a comprehensive solution that provides speed, accuracy, and coverage in their application security tech stack.” Invicti and Mend.io saw the opportunity to jointly support customers last year through partner opportunities. They continue to see growing demand for the joint, full-spectrum AppSec testing solution as cloud-native software development is shifting risk attention from the network to the application level.

How to prepare for increasing cyber attacks on critical infrastructure

By Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea Today, everyone is well aware of the widespread and serious nature of cyber threats. Cyber criminals have infiltrated almost every sector, from banking to healthcare to government departments. And as the years go by, we see increasingly sophisticated and harmful attacks happening. However, while personal data and financial privacy remain top concerns in the public’s mind, there are other targets in the crosshairs of cyber criminals that pose an even greater threat to society – critical infrastructure.  How is critical infrastructure being impacted by modern cyber threats? Critical infrastructure attacks are becoming a major concern for the safety of people worldwide. A 2022 report from Waterfall Security states that major sectors like energy, utilities, and transportation experienced over 150 cyber attacks last year, representing an alarming rise of almost 150% from the year before.  Cyber criminals, using methods like ransomware and DDoS attacks, are focusing on essential systems that maintain the well-being and security of communities. As more public services organisations and government agencies digitise their operations, the risks of these types of attacks are only going to continue to rise. Fighting back: How organisations are protecting critical infrastructure Awareness and action are two primary factors contributing to critical infrastructure organisations fighting back against modern cyber threats. Below are some key actions that need to be taken by organisations to reduce the risks of major operational disruptions due to cyber attacks: Adopting a proactive approach to cyber security Not having proactive security measures in place is a major risk within critical infrastructure systems. This not only includes taking the time to audit and test systems for potential weaknesses, but also putting more priority into budgeting and allocating resources to cyber security.  Focusing on network segmentation Because of the amount of data and interconnected systems that make up critical infrastructure operations, there are wide attack surfaces for cyber criminals to exploit. To significantly limit the impact of potential attacks, organisations need to focus on network segmentation and strong access controls between both IT and OT (Operational Technology).  By dividing networks into smaller pieces and implementing security measures, such as Privileged Access Management (PAM) and Defence in Depth protocols, it becomes much more difficult for attackers to move laterally across systems and networks. Establishing a cyber security culture Without a culture of security awareness, organisations aren't able to effectively identify and combat the constant threats. This requires a much more holistic approach, going beyond just implementing security technologies and instead establishing a culture of security throughout the entire organisation. Employees who are trained are more likely to report suspicious activity and contain an attack before it turns into a catastrophe.   Because critical infrastructure systems often involve a large number of employees and third-party contractors, it is essential to educate and train everyone on security best practices including the use of Remote Desktop Protocol (RDP) and strong password hygiene such as using a password manager or PAM (Privileged Access Management) solution. Creating a comprehensive incident response plan With the crosshairs consistently on organisations with industrial operations, it's important to think of cyber attacks as a matter of "when" instead of an "if”. This means having a comprehensive incident response plan in place to effectively counter and respond to attacks.  This plan should include steps such as identifying the breach, containing and minimising damage, restoring systems, and learning from the incident to improve future response. Keep our critical infrastructure secure No matter where a cyber security threat comes from, organisations must have a comprehensive strategy in place to protect their infrastructure. Prioritising network segmentation, strong access controls, establishing a culture centered on cyber security, and having a clear incident response strategy can help organisations minimise or avoid altogether these crippling attacks.

NMi Group acquires TrustCB

NMi Group has announced the transformative acquisition of TrustCB in the cyber security domain. This strategic move solidifies NMi Group as the premier provider of certification services for the evolving landscape of digitally integrated and smart devices. A key emphasis of the acquisition is TrustCB’s expertise in translating common criteria standards via SESIP to the Internet of Things (IoT) domain. This strategic move further fortifies NMi Group's dedication to "measure tomorrow" by synergising precision in measurements with increasingly requested robust cyber security standards. In legal metrology and common criteria, coexistence is imperative to guarantee a holistic approach to the functionality, accuracy, and security of devices such as smart meters, smart grids, and other smart industrial devices. Manufacturers and operators navigating these digital landscapes must adhere to both legal and cyber security regulations, ensuring compliance with standards for accuracy and security. Expressing enthusiasm about the strategic move, Yvo Jansen, NMi Group CEO, states, "Acquiring TrustCB fortifies our commitment to excellence in smart industrial devices. By integrating accuracy in measurements with robust cyber security standards, we ensure regulatory compliance and enhance the overall reliability of our solutions." Echoing this sentiment, Wouter Slegers, TrustCB CEO, adds, "Joining forces with NMi Group is a strategic move safeguarding the TrustCB common criteria and dedicated scheme certification business even further. In practical ways, nothing changes; TrustCB stays the trusted, responsive partner as a certification body. This synergy amplifies our commitment to precision and security in smart industrial devices, advancing the global standard for regulatory compliance and elevating the trustworthiness of our certified solutions."

Host-IT keeps the wheels turning at logistics software firm

Host-IT has announced its Birmingham colocation data centre has been selected by Tamworth based, tmWare, for hosting its Disaster Recovery (DR) systems. This follows a review by the warehouse management and transportation logistics solutions specialist of its current and future IT needs. The migration of tmWare’s DR backup systems from its in-house location to a more secure and modern data centre environment was seen as a major priority. Host-IT’s Birmingham-based data centre will now support tmWare’s main IT stack, which has been located at Host-IT’s Milton Keynes colocation facility since 2016.  “Previously we’ve always hosted our DR in-house but based on our positive experience with Host-IT in Milton Keynes, the relocating of our eight DR server systems and back UPS to their Birmingham facility made a potentially hard decision a lot easier,” says Kieron Coughlin, Technical Director, tmWare. “Our DR equipment at Host-IT Birmingham will be connected by a high-speed fibre network to our Tamworth office and their Milton Keynes data centre.”       With thousands of pounds of business at stake with every order fulfilment and delivery, tmWare is mission critical to the performance of its logistics customers. These are reassured by tmWare’s strategic investment in the services of professionally run, highly resilient and secure colocation data centres. “In the seven years since entrusting tmWare to Host-IT, we have enjoyed a highly professional and personalised service as well as an excellent uptime record,” says tmWare’s Managing Director, Lyndsey Phillips. “Their consistently excellent service and ability to support our current and future needs in a timely manner gives us every confidence as we look to expand our customer base. Equally, in ensuring the high levels of trusted IT delivery we provide to our existing valued customers.”          Host-IT’s secure ISO 27001, Tier 3 Birmingham facility is centrally located close to the major fibre networks traversing the UK and various regional fibre providers. There is currently 6MW of IT power available to site with the potential to increase this to 12MW.

Logpoint and SecurValue to secure organisations in Southern Europe

Logpoint has announced a partnership with SecurValue, providing cyber security services to help customers detect and respond to cyber threats. Armed with its SIEM+SOAR solution, SecurValue can offer robust threat detection and response, real-time data analysis, early detection of data breaches, and easy implementation of compliance requirements. “We’re happy to partner with SecurValue to help organisations strengthen security posture and cyber resilience. They share our vision for conducting long-term business in Southern Europe,” says Christian Pijoulat, Regional Director SEMEA at Logpoint. “SecurValue has a tailored approach to their customers, based on skilled cyber security professionals and trusted technologies, and we’re proud that Logpoint’s solution is now a part of that.” The Southern European market is preparing for the local implementations of the Network Information Security (NIS)2 directive from the European Union to increase cyber resilience across the EU. The directive will expand the existing regulations within data and cyber security, introducing stricter requirements for a broad range of sectors. Non-compliance and failure to report incidents will result in significant fines and sanctions. “We’re excited to add Logpoint to our portfolio to offer our customers improved security capabilities, streamlined operations, and enhanced compliance adherence,” says Fabio Cagna Vallino, Cyber Security BU Director at SecurValue. “CEOs across the region are becoming aware that cyber threats are a top concern and that investments in cyber security are essential to minimise cyber risk. Especially small and medium-sized organisations are struggling with the lack of cyber security professionals trained to handle threats effectively, which leaves them at a major risk of exposure.” SecurValue will offer the Logpoint SIEM+SOAR solution, which analyses security incidents and automates the investigation of threats, improving cyber intelligence, reducing cyber security risk, and accelerating threat detection, investigation, and response. SecurVlaue will also use Logpoint Director, a platform that helps MSSPs and MDRs update, manage, and monitor large and multi-tenant deployments.

Navigating the promise and pitfalls of cyber security automation

By Leon Ward, Vice President of Product Management, ThreatQuotient New 2023 State of Cybersecurity Automation research reveals that while adoption is rising, lingering hurdles undermine its effectiveness. Cyber security automation has steadily gained traction as organisations seek to improve efficiency, address talent gaps, and keep up with escalating threats. However, the latest research shows that while more businesses are utilising automation, they continue to grapple with obstacles that prevent them from fully capitalising on its benefits. In the recent study surveying over 700 cyber security professionals, ThreatQuotient uncovered several persistent pain points in implementing automation. The research found that a lack of trust in automated outcomes, insufficient expertise among users, and poor communication between teams have hampered automation success. As a result, organisations are struggling to build confidence in automation and maximise its effectiveness. Lack of trust undermines confidence in automation The research revealed ubiquitous struggles with implementing cyber security automation, with 100% of respondents reporting problems. The top issues undermining confidence in outcomes were lack of trust (31%), slow user adoption (30%), and bad decisions (29%). However, when we drill down, CISOs differ from other leaders regarding specific challenges. 40% cite 'bad decisions' as a top concern, versus 29% overall. With ultimate cyber risk accountability, CISOs feel the impact of poor automation outcomes. Automated actions like incorrectly blocking legitimate email/domains appear suspicious but negatively impact business. These errors erode user trust that automation improves security and organisations become hesitant to rely on it. For example, an automated system may erroneously block access to a legitimate business domain that some vendors use for email communication. Employees suddenly find themselves unable to communicate with key partners, and business operations grind to a halt. This not only negatively impacts revenue but destroys end user trust in the value and accuracy of automated security systems. Organisations then become extremely hesitant to rely on automation out of fear of these business-disrupting outcomes. Without confidence in reliable automated outcomes, businesses will not entrust critical security processes to them. This 31% reporting lack of trust is a major obstacle preventing full realisation of automation benefits. Overcoming this requires solutions that provide transparency into automated decisions. Skill shortages compound adoption difficulties Insufficient expertise among security team members makes implementing automation effectively challenging. Limited skills lead to misconfigurations, integration issues, and other problems. These glitches reinforce the 31% lack of trust in outcomes. When automation fails unpredictably due to suboptimal implementation, organisations cannot reap its advantages. With the cyber security skills gap still growing, and 25% of CISOs reporting the skills shortage as their biggest challenge, businesses often lack personnel to adeptly deploy and manage automation tools. Additionally, 23% of respondents sought training availability when selecting solutions, key for adoption success, and it is clear that skills development should be a key area of focus for organisations to capitalise on automation potential. CISOs point to organisational issues exacerbating challenges, and 25% cited high team turnover as their number one concern, disrupting expertise continuity and skills to smoothly implement automation. Achieving lasting buy-in requires clear communication The research revealed disconnects between roles on automation perspectives, where 42% of CISOs cited efficiency as the top driver to adopt automation, while for SOC leads and MSSPs, regulatory compliance was prime. These mixed viewpoints signify a lack of alignment on automation goals and direction. CISOs must bridge gaps through improved communication of automation plans and benefits. Setting clear objectives, educating all team members, and demonstrating tangible gains are critical for lasting buy-in. When one specialised team implements automation in a vacuum, broader adoption lags. But inclusive messaging of how automation helps every role work smarter fosters shared buy-in. Continuous engagement with stakeholders is also vital. Leaders must showcase automation enhancing efficiency, compliance, productivity, or other goals important to each executive. With disjointed perspectives on its value and role, automation struggles for foothold. Consistent, compelling communication of advantages enables robust, organisation-wide backing of initiatives. Smarter tools and processes are key to overcoming obstacles The 2023 research makes clear that implementing cyber security automation still faces hurdles, with 100% of respondents reporting issues. However, smarter tools and workflows can help organisations overcome these challenges to realise automation's potential. One key need is for automation tools that provide transparency and guardrails, fostering user trust. Intuitive interfaces also enable easier adoption by users at all skill levels, mitigating the skills shortage cited by 23% as a top challenge. Standardising processes around automation provides consistency needed to maximise benefits. Workflows like automated triage avoid the ad hoc approaches causing fragmented gains. Integrations between tools create seamless data flows and unified workflows rather than disjointed toolsets. Report says 24% want integration with multiple data sources when selecting automation solutions. Implementing automation without addressing trust, usability, training, integration, and standardised processes invites disappointment. The research makes clear these smarter tools and workflows offer a path to overcoming obstacles and automation success. Automation challenges can be overcome This exploration of the current cyber security automation landscape reveals persistent challenges that hamper organisations from realising its full advantages. Core problem areas include deficient trust in outcomes, skill shortages among staff, and internal disconnects about automation's role and value. By taking concerted action to increase confidence via transparency, boost team expertise through training, and align understanding of automation's benefits via consistent leadership messaging, CISOs can overcome these hurdles. With thoughtful adoption strategies, secure design principles, and inclusive change management, organisations can tap into automation's immense power to enhance security in the face of growing threats. Through a combination of smarter tools, educated users, and clear communication, cyber security teams can achieve new heights of efficiency and effectiveness through automation. However, achieving automation's full potential is not a one-and-done effort. It requires an ongoing commitment to iteration and optimisation as technologies, threats, and business needs evolve. Regular evaluation of processes and tuning of systems helps sustain peak performance over time. Leaders must also continually assess the human side of the equation. Check-ins with staff at all levels provide valuable insights to shape training programmes, change management tactics, and internal messaging in a way that maintains strong buy-in across the organisation. With personnel empowered and aligned around shared automation goals, organisations can nimbly adapt their approaches to maximise value.