I was driving home from work the other day, the same route I drive every evening. I usually turn on Waze when I drive. Not because I need guidance — I know the way in my sleep — but, you know, just in case. Suddenly, Waze tells me to turn left when my way home is always straight. Like a good independent-minded human that doesn't like to be bossed around by some dumb algorithm, I ignored it … and drove straight into a 30-minute traffic jam caused by an accident.
It is a uniquely human quality to distrust our own innovations — even technology that has been proven to positively impact our quality of life. In the 19th century, a group of British workers known as the Luddites took to destroying textile machinery that was helping factories produce more and workers work less. In Boston at the dawn of the 20th century, there was massive public outcry over a proposed subway system that would exponentially lower the amount of horse dung on the streets.
See the pattern here?
The same is true in cybersecurity. It's true that the adoption of automation is on the rise — one study found that 37% of companies are already automating key processes, and 45% are planning to do so in the coming year. Yet trust in outcomes is still a key barrier to adopting cybersecurity automation, affecting nearly a quarter of respondents in some regions.
The intense complexity of the cyber-threat landscape, alongside a chronic shortage of skilled workers, would seem to point directly to automation as a solution. And the fact is that much of the automated cybersecurity technology available on the market today is mainstream, field-proven, and reliable. So all this begs the question: What is keeping us from trusting technology, from Waze to cybersecurity?
On What Is Trust Based?
Every innovative technology has flaws. Then again, so do a lot of old ones. According to US government statistics, some 17,000 people are injured each year from elevators and escalators. And each year, around 40,000 people are injured in toilet seat-related accidents. So where does the greater danger lie — in technology or in people themselves?
The fact is that most of us are already in a deep and emotional relationship with technology. We have already taken the leap of faith in machine-human evolution — trusting algorithms like Spotify and Netflix to entertain us, virtual assistants like Siri and Google Assistant to serve us, service robotics like those created by Intuition Robotics to offer us companionship and assistance, and Google Maps and Waze to navigate for us as we move through the world. We're not quite at the level of Theodore and Samantha in the movie Her, but we're on our way.
How to Trust Our Technology
How can we further this trend of trust in technology in the cybersecurity domain? How can we convince the 38% of chief information security officers (CISOs) who don't believe cybersecurity automation is important? And how can those who've adopted but continue to second-guess outcomes and misdirect resources strengthen their trust in outcomes?
The answer, I believe, is found in the way I now use Waze. After being burned, I now actually pay attention to what this tech is telling me. CISOs and cybersecurity leaders who implement automation — already approaching a majority — need to consistently check the validity of outcomes, at least at first. They should do this because the more frequently these are validated, the more likely they will be to trust subsequent results.
In this objective cost-benefit analysis of the value that automation plays in cybersecurity, the pluses still far outweigh the minuses, and innovation still trumps Luddism. All we have to do is learn to trust the machines we create.