Skip to contentRed Hat

Navigation

AI
  • Our approach

    • News and insights
    • Technical blog
    • Research
    • Live AI events
    • Explore AI at Red Hat
  • Our portfolio

    • Red Hat AI
    • Red Hat Enterprise Linux AI
    • Red Hat OpenShift AI
    • Red Hat AI Inference Server New
  • Engage & learn

    • AI learning hub
    • AI partners
    • Services for AI
Hybrid cloud
  • Use cases

    • Artificial intelligence

      Build, deploy, and monitor AI models and apps.

    • Linux standardization

      Get consistency across operating environments.

    • Application development

      Simplify the way you build, deploy, and manage apps.

    • Automation

      Scale automation and unite tech, teams, and environments.

    • Virtualization

      Modernize operations for virtualized and containerized workloads.

    • Security

      Code, build, deploy, and monitor security-focused software.

    • Edge computing

      Deploy workloads closer to the source with edge technology.

    • Explore solutions
  • Solutions by industry

    • Automotive
    • Financial services
    • Healthcare
    • Industrial sector
    • Media and entertainment
    • Public sector
    • Telecommunications

Discover cloud technologies

Learn how to use our cloud products and solutions at your own pace in the Red Hat® Hybrid Cloud Console.

Products
  • Platforms

    • Red Hat AI

      Develop and deploy AI solutions across the hybrid cloud.

    • Red Hat Enterprise Linux

      Support hybrid cloud innovation on a flexible operating system.

      New version
    • Red Hat OpenShift

      Build, modernize, and deploy apps at scale.

    • Red Hat Ansible Automation Platform

      Implement enterprise-wide automation.

  • Featured

    • Red Hat OpenShift Virtualization Engine
    • Red Hat OpenShift Service on AWS
    • Microsoft Azure Red Hat OpenShift
    • See all products
  • Try & buy

    • Start a trial
    • Buy online
    • Integrate with major cloud providers
  • Services & support

    • Consulting
    • Product support
    • Services for AI
    • Technical Account Management
    • Explore services
Training
  • Training & certification

    • Courses and exams
    • Certifications
    • Red Hat Academy
    • Learning community
    • Learning subscription
    • Explore training
  • Featured

    • Red Hat Certified System Administrator exam
    • Red Hat System Administration I
    • Red Hat Learning Subscription trial (No cost)
    • Red Hat Certified Engineer exam
    • Red Hat Certified OpenShift Administrator exam
  • Services

    • Consulting
    • Partner training
    • Product support
    • Services for AI
    • Technical Account Management
Learn
  • Build your skills

    • Documentation
    • Hands-on labs
    • Hybrid cloud learning hub
    • Interactive learning experiences
    • Training and certification
  • More ways to learn

    • Blog
    • Events and webinars
    • Podcasts and video series
    • Red Hat TV
    • Resource library

For developers

Discover resources and tools to help you build, deliver, and manage cloud-native applications and services.

Partners
  • For customers

    • Our partners
    • Red Hat Ecosystem Catalog
    • Find a partner
  • For partners

    • Partner Connect
    • Become a partner
    • Training
    • Support
    • Access the partner portal

Build solutions powered by trusted partners

Find solutions from our collaborative community of experts and technologies in the Red Hat® Ecosystem Catalog.

Search

I'd like to:

  • Start a trial
  • Manage subscriptions
  • See Red Hat jobs
  • Explore tech topics
  • Contact sales
  • Contact customer service

Help me find:

  • Documentation
  • Developer resources
  • Skills assessments
  • Architecture center
  • Security updates
  • Support cases

I want to learn more about:

  • AI
  • Application modernization
  • Automation
  • Cloud-native applications
  • Linux
  • Virtualization
ConsoleDocsSupportNew For you

Recommended

We'll recommend resources you may like as you browse. Try these suggestions for now.

  • Product trial center
  • Courses and exams
  • All products
  • Tech topics
  • Resource library
Log in

Sign in or create an account to get more from Red Hat

  • World-class support
  • Training resources
  • Product trials
  • Console access

A subscription may be required for some services.

Log in or register
Contact us
  • Home
  • Resources
  • The cost of human error and the advantages of security automation

The cost of human error and the advantages of security automation

March 2, 2022•
Resource type: E-book
Download PDF

01 Introduction: The growing threat of cybercrime

Cybercrime is on the rise. Last financial year, the Australian Cyber Security Centre (ACSC) received over 67,500 reports of cybercrime—a rise of 13% year on year—with self-reported losses totalling over $33 billion.1 Of these incidents, roughly one quarter of them affected entities associated with Australia’s critical infrastructure.

As government agencies embrace new technologies and adapt to hybrid models of work, cyber attackers are transforming their capabilities, too. Workforces and computing resources are becoming more distributed, and the rapidly evolving landscape of IT infrastructure presents bad actors with new opportunities to exploit security gaps and vulnerabilities—causing the organizational cost of data breaches to grow. Even an organization that develops a strong security posture faces more risks in this environment.

Proactive security against cybercriminals

As cybercriminals devise new ways to breach protected systems and data, organizations face internal and external pressure to develop more strategic and proactive protections

against cyberattacks. In fact, their data security and privacy measures must comply with more comprehensive rules and regulations.

For example, the New South Wales (NSW) Cyber Security Policy now mandates the implementation and provision of a maturity assessment against the ACSC Essential Eight risk mitigation strategies.2 And the Security Legislation Amendment of Australia’s Critical Infrastructure Bill potentially increases the regulatory burden on government organizations that manage or operate critical infrastructure.3

Reinforcing your defenses

Organizations looking to improve their cybersecurity need to identify existing

vulnerabilities first. Too often, human error and poor training can compromise security, even when comprehensive strategies are already in place. Left unchecked, small mistakes can introduce risk to your systems, compounding an already complex problem. As a result, organizations are adopting security automation to increase reliability and reduce risk in their strategy.

In this e-book, we’ll explore how the risks introduced through human error affect the

fight against cybercrime. We’ll also discuss how automating key cybersecurity risk mitigation strategies can strengthen your security while reducing the volume of time-consuming tasks that burden your IT teams.

02 Effective security strategies should involve everyone

Humans make mistakes

Even within IT teams, people often underestimate or misunderstand their system’s vulnerabilities and the resulting security risks. Our inability to accurately assess and manage security risks can result in significant costs to organizations.

For example, imagine this: A technician manually updates a firewall. They make one small mistake—which they don’t perceive to be a problem—so the vulnerability goes unaddressed. What they don’t realize is that this tiny error introduces a critical vulnerability into the organization’s IT system, an opportunity that cybercriminals quickly take advantage of.

In this scenario, the technician’s small mistake could result in numerous negative outcomes, including compromised data, violation of industry and government data security regulations, service interruptions, and system downtime—all at the organization’s expense.

From patching applications and updating firewalls to setting and enforcing administrative privileges, so many elements of the security puzzle can go wrong when handled manually. And as cybercriminals get better at identifying vulnerabilities, relying solely on operations teams to handle these tasks can have detrimental or irrecoverable consequences.

Talent shortages can worsen security gaps

Cybersecurity skills are in short supply, which only increases the likelihood of human error during manual tasks. There are simply not enough people with the skills and training to assess and address security risks. According to the (ISC)2 Cybersecurity Workforce Study, Australia needs 25,000 more IT security workers to close its cybersecurity gap.4

The cost of cybercrime in Australia

67,500 reported cyberattacks1 

$33 billion in self-reported losses1

13% growth in number of attacks, year over year1

This chronic shortage of cybersecurity experts makes it more difficult for government agencies to adequately manage risk. Their IT teams are already stretched and don’t have the time to enforce security processes across the organization—let alone establish them in the first place.

Equipping security teams with automation

Addressing how both manual security processes and skills shortages increase risk for organizations has become essential in the fight against cybercrime, and automation solutions offer a promising solution. As we will explore further, automating security processes provides much-needed consistency, accuracy, and scalability across the organization.

03 Common challenges of risk management

Government agencies need better risk management

To ensure the confidentiality, integrity, and availability of official information, government agencies must be able to identify and manage risk, accurately and efficiently. Security threats are constantly evolving, which means an organization’s risk profiles and security posture should remain adaptable. Automating operations is critical to be able to rapidly respond to these changes.

Obstacles to changing security practices

In their effort to enhance security, government agencies face several challenges—particularly related to managing change.

Common questions include:

  • How do we scale our team to implement a new cybersecurity initiative?
  • How do we support different parts of the organization to ensure adherence to new security protocols?
  • What can we do to better secure our existing systems—which deliver critical services—while adopting modern security strategies that the organization needs?
  • Can we implement strategies like Zero Trust on established architectures?

However, instead of seeing these considerations as a burden, organizations can view their changing security landscape as an opportunity to reassess their security practice and implement more rigorous protocols.

Icon-Red_Hat-Media_and_documents-Quotemark_Open-B-Red-RGB “Organizations with no security automation experienced breach costs of $6.71 million on average in 2021, versus $2.90 million on average at organizations with fully deployed security automation.”[5]

The risk of manual security measures

Common cybersecurity challenges in 20216

Common cybersecurity challenges in 2021

04 Strengthening your security posture with automation

Automating key elements of your cybersecurity strategy

To reduce risk and help combat cybercrime, government agencies are turning to cybersecurity automation. By automating regular, repetitive work, cybersecurity teams can focus on more critical, strategic tasks. Additionally, automation helps avoid overburdening IT teams with tasks and work volume that make human error more likely and increase security risk.

The ACSC Essential Eight explains how automation can be used to bolster your cybersecurity strategy. When implementing the Essential Eight, many organizations struggle with the fact that there is no way to consistently reduce or eliminate human error—especially given current resource constraints and technical skills gaps.

Automating the ACSC Essential Eight

To counter this problem, IT leaders are realizing that some elements of their security framework can and should be automated. Three areas of focus for security automation are:

  1. Application control
  2. Application and operating system patching
  3. Backup and restore

Refining the process of patching

To help prevent attacks, the Essential Eight recommends that organizations regularly patch applications and regularly apply updates to protect against malicious security issues. Patching applications as soon as updates are available is not only best practice, but often, it’s also a regulatory requirement. That said, manual patching is always vulnerable to human error, and it can be particularly time consuming in large organizations.

Patching is a great use case for automated workflows. Instead of relying on an IT employee to perform testing, set up preflight checks, and run the patches, organizations can automate verification and testing. Doing so ensures all these steps proceed smoothly and efficiently, with the proper security in place behind the scenes.

Managing administrative privileges

To limit the extent of attacks, the Essential Eight recommends that organizations restrict administrative privileges. Controlling privileged access helps provide security for infrastructure and applications, run business processes efficiently, and maintain the confidentiality of sensitive data and critical infrastructure.

Only a small handful of people within your organization should have global control. Determining who should have privileges can be difficult. Estimating the blast radius of a security incident—and evaluating the total impact of that potential event can be challenging as well, but this practice allows you to anticipate what will happen if someone does misuse their credentials. Then, your IT team can implement security measures to ensure such an incident doesn’t affect the whole organization.

By automating privileged access management workflows and storing access credentials centrally—without having to inject these into applications where they can potentially be leaked—the whole process becomes much more manageable and reliable.

05 Red Hat’s role in your cybersecurity approach

Building a future-ready cybersecurity practice 

Red Hat can help you automate your existing manual processes with leading enterprise open source solutions, allowing you to mitigate the risk of oversights due to overburdened, understaffed IT teams in your organization. Our open source products and flexible subscription model deliver flexibility and scalability across cloud environments and architectures, which supports organizations as they deploy in their current and future environments.

Using automation at the foundation of the cybersecurity maturity model, any organization can take practical steps to quickly and iteratively add layers of automation and replace manual processes. And Red Hat solutions for securing hybrid environments can help with both risk mitigation and response.

Red Hat Ansible Automation Platform

Red Hat Ansible® Automation Platform is built on the foundations of Ansible, with numerous enterprise features that take complex manual processes and turn them into automated workflows. Ansible Automation Platform allows your IT teams to automate and integrate different security protocols across the enterprise. Using this platform, your organization can investigate and respond to threats in a coordinated, unified way using a curated collection of modules, roles, and playbooks.

Red Hat Ansible Automation Platform allows organizations to automate:

  • Patching for common vulnerabilities and exposures (CVEs).
  • Application control rollout.
  • Backup and restore or verification processes.

Ansible Automation Platform provides a security-focused, stable enterprise framework for building and operating IT automation at scale, from hybrid cloud to edge environments. This automation solution allows users across an organization to create, share, and manage Ansible Playbooks from developer and operations teams to security and network teams. IT managers can provide guidelines on how automation is applied to individual teams, and automation creators can write tasks that use existing knowledge.

Additionally, Ansible Automation Platform can serve as an integration point for security solutions as it contains content from certified partners like CyberArk, IBM, and Splunk, which can be used to automate the management and integration of security technologies.

Learn more about Ansible Automation Platform

Red Hat Enterprise Linux

Red Hat Enterprise Linux® provides a foundation for scaling existing applications and rolling out emerging technologies across bare metal, virtual, cloud, and edge environments with consistent security.

Red Hat Enterprise Linux takes a practical, three-point approach to addressing security challenges:

  • Mitigate: Manage security and reduce the risk of a breach before your data, systems, or reputation are exposed.
  • Protect: Automate security controls and maintain them over time, at scale, and with minimal downtime.
  • Comply: Streamline compliance standards for organizations with highly regulated environments.

Red Hat Enterprise Linux also contains built-in security policies aligned with ACSC guidance, like the Information Security Manual (ISM) and the Essential Eight, to help government organizations better manage risk by automating the rollout of security controls to new digital services, simply and consistently.

Learn more about Red Hat Enterprise Linux

Strengthen your security with Red Hat

Red Hat is here to help improve the security of your digital services. Red Hat can help you automate guidance from the ACSC and better manage risk with automated security integrations.

To learn more, contact a Red Hat security expert today
  1. “ACSC Annual Cyber Threat Report 2020-21.” Australian Cyber Security Centre, Sept. 2021.

  2.  Government of New South Wales. “DCS-2021-02 NSW Cyber Security Policy.” Feb. 2021.

  3. Parliament of Australia. “Security Legislation Amendment (Critical Infrastructure) Bill 2021.” 2021.

  4.  “A Resilient Cybersecurity Profession Charts the Path Forward,” (ISC) 2 Cybersecurity Workforce Study, 2021.

  5. “Cost of a Data Breach Report 2021.” IBM, 2021.

  6.  “State of the Channel 2021.” CompTIA, Aug. 2021.

Tags:Automation and management, Linux, Partners, Security, Security automation

Red Hat logoLinkedInYouTubeFacebookX

Products & portfolios

  • Red Hat AI
  • Red Hat Enterprise Linux
  • Red Hat OpenShift
  • Red Hat Ansible Automation Platform
  • Cloud services
  • See all products

Tools

  • Training and certification
  • My account
  • Customer support
  • Developer resources
  • Find a partner
  • Red Hat Ecosystem Catalog
  • Documentation

Try, buy, & sell

  • Product trial center
  • Red Hat Store
  • Buy online (Japan)
  • Console

Communicate

  • Contact sales
  • Contact customer service
  • Contact training
  • Social

About Red Hat

Red Hat is an open hybrid cloud technology leader, delivering a consistent, comprehensive foundation for transformative IT and artificial intelligence (AI) applications in the enterprise. As a trusted adviser to the Fortune 500, Red Hat offers cloud, developer, Linux, automation, and application platform technologies, as well as award-winning services.

  • Our company
  • How we work
  • Customer success stories
  • Analyst relations
  • Newsroom
  • Open source commitments
  • Our social impact
  • Jobs

Select a language

  • 简体中文
  • English
  • Français
  • Deutsch
  • Italiano
  • 日本語
  • 한국어
  • Português
  • Español

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility