LAUNCH.

This was the automated command issued by Oko, the Soviet nuclear early warning system, on September 26, 1983. Sirens blared. Screens flashed. The warning was clear: the United States had launched a nuclear strike.

Tucked away in a bunker near Moscow, lieutenant colonel Stanislav Petrov had a choice to make. Protocol said to report the alert. This would allow the Soviets to launch an immediate counterattack, which would inevitably plunge the world into nuclear war. But Petrov helped code the software and knew it was flawed. He chose to reset the system.

The alerts continued.

Even so, Petrov didn’t report it. No supporting evidence of a nuclear attack had come through, so he chalked it up to a false alarm. He filed it as a system malfunction and no counterattack was launched. For this, he’s been called “the man who saved the world.” (In the end, the erroneous alert was attributed to sunlight reflecting off high-altitude clouds.)

Petrov’s story is a powerful reminder of the importance of human judgment in critical situations. When the stakes are high, relying solely on automation can lead to disastrous outcomes. In cybersecurity, the same principle applies. Automated tools have their place, but hands-on expertise provides context and drives effective cyber resilience.

The Human Advantage in Cyber Resilience

Automated assessments rely on predefined rules, which means they can only find what they’re programmed to detect. Cyberattackers, of course, don’t follow any rules. They adapt, innovate, and exploit gaps that tools may not recognize. That’s exactly why automated scans alone tend to fall short.

Manual reviews bring in human insight, focusing on the unique interconnections of your technical controls. This deep-dive approach (which we call “shoulder-surfing”) isn’t a compliance or policy exercise. It’s a comprehensive review of your actual controls and configurations that also benchmarks you against the latest threat actor behavior.

The One Big Thing Automated Tools Miss

Automated scans are great for running through a checklist, but they miss the biggest piece of the puzzle: breach context.

Consider a misconfiguration flagged as “low risk” by an automated tool. Without understanding how this misconfiguration interacts with other systems or how threat actors may be exploiting it today, you’re operating with blinders on. These tools are based on known vulnerabilities and threats. They can’t think like attackers. In a shoulder-surfing session, however, security experts review configurations with resilience in mind. They can evaluate the issue itself, how it fits within the bigger security picture, and translate all this data into actionable intelligence, including determining the correct sequence of actions. Breach context is dynamic, and it requires not only constant updates to intelligence but also interpretation.

Automated tools are not good sources of breach context data. Public disclosures may give some insight into emerging threats, but threat actors adapt quickly, and the majority of critical breach data remains locked away by lawyers, inaccessible to automated scans.

How can you orchestrate your backups to prevent a threat actor from destroying them without this data? How can you reduce the likelihood of mass destruction? You need a human being with subject matter expertise to lead you through a manual review of every dashboard, administrator panel, and configuration.

Tools are also only as good as the data they are fed. They can’t anticipate the unknown or tell you about a brand-new attack vector a client uncovered yesterday. Hands-on reviews, combined with expert analysis, provide the necessary breach context and help create a prioritized, actionable roadmap for remediation.

Stronger Cyber Resilience with Human-Led Reviews

Policies and automated tools don’t stop ransomware. You need to think in reverse and solve for the attacker’s endgame. Manual reviews allow you to look at your infrastructure like a cyberattacker would. You receive valuable insight into flaws within your current configurations, seen through the lens of breach context, with additional thought as to how these configurations could be leveraged in a breach.

Having access to current threat intelligence is critical to orchestrating your backups and associated controls accordingly (and regularly). The reality is you are only as safe as your backup controls are secure, redundant, immutable, and aligned against current threat actor playbooks. Unfortunately, according to our intel, 80% of critical systems do not survive attack. Of the 20% that do survive, only half will be usable within a realistic time frame. All systems must be adjusted in light of the offensive tactics they face.

So, the question becomes: When was the last time your automated tools were patched or updated? And what is your risk tolerance for relying on tools that may not keep pace with the shifting threat landscape?

Automated tools are valuable, but if you’re serious about securing your organization, manual reviews of tool configurations and controls are essential for ensuring nothing gets missed. Evolving offense requires evolving defense.

Want to learn more about shoulder-surfing and how to secure your networks from threat actors? Contact us today to speak with one our cyber resilience experts.