top of page

Cybersecurity assessments: automated vs human

There are so many tools and offers around cybersecurity that it can be difficult to figure out which one is best for your situation. See our Cybersecurity page for details about Kosh's security service. At Kosh, we see customers with different needs that typically fall into two categories:

  1. The need for constant cybersecurity evaluations coming from machines

  2. The need for a one-time or annual cybersecurity assessment with an expert

Both automated and human cybersecurity assessments are valuable in different situations. Automated will work best for companies that need constant monitoring and real-time reports. Human-based is better for getting high-level business questions answered for risk analysis, cyber insurance, and budgeting.

In this article, I'll take a look at both types of assessments and break down the pros and cons of each. In general, automated cybersecurity evaluations are useful for periodic testing and most useful to IT professionals. Alternatively, human evaluations with a cybersecurity professional work best for understanding the big-picture technology environment of the company. This is great for CEOs and decision-makers because they get a report in a language they can understand and take action on.

Automated Cybersecurity Assessments

An automated assessment is one where software is loaded on your network and "bots" go out and run some diagnostics. Some of the things these programs are looking at include:

  • Detect System Protocol Leakage

  • Detect Unrestricted Protocols

  • Detect User Controls

  • Detect Wireless Access

  • External Security Vulnerabilities

  • Network Share Permissions

  • Domain Security Policy

  • Local Security Policy

If those bullet points don't mean much to you, then you're not alone! That's one of the issues with automated reports - they are great for IT pros but not for laymen.


Related Articles:


Three Pros of Automated Assessments

Systematic and consistent

I think the biggest advantage of automated reports is the systematic repeatable nature of the evaluation. It verifies or investigates and returns a yes or no. It can lack nuance but it is consistent.

Quick evaluation of large numbers of endpoints

These reports are nice because they can take in a lot of endpoints (computers, printers, laptops, mobile devices) and return valuable data.

Frequency - speed

This type of report can be run as often as desired. Typically, it is just the click of a button and prepared within minutes or hours.

Three Cons of Automated Assessments

Difficult to understand

For most non-tech people, these reports are difficult to understand and are even more difficult to distill down to actions for the business.

automated cybersecurity report
Example of automated report

Lacks business intelligence

These reports do not take into account the specific situations of each business.

Doesn't typically address the biggest security risk - humans

Automated reports usually don't address the biggest entry point into your network...humans. According to Cybint, a global cyber education company, 95% of cybersecurity breaches are due to human error.

Cyber-criminals and hackers will infiltrate your company through your weakest link, which is rarely in the IT department.

Human Cybersecurity Assessments

This type of assessment is conducted by a cybersecurity professional. Typically, the IT pro talks with the company's decision-makers and works to understand their current technology environment in relation to their business vertical.

Three Pros of Human Assessments

Custom and nuanced evaluation

Most automated reports don't