Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

5/2/2018
12:45 PM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

Automation Exacerbates Cybersecurity Skills Gap

Three out of four security pros say the more automated AI products they bring in, the harder it is to find trained staff to run the tools.

As the security industry grapples with the consequences of a constrained supply of experienced cybersecurity talent, many pundits have lauded automation as a way out. But a new survey out today shows that many security professionals are experiencing the opposite effect. The more artificial intelligence (AI)- and machine learning-powered tools they bring in, the more they need experienced staff to deal with those tools. 

Conducted by Ponemon Institute on behalf of DomainTools, the study queried over 600 US cybersecurity professionals on the effects of automation on their staffing situations. The results offered up are counterintuitive to general belief that automation will ameliorate the cybersecurity skills gap.

According to the study, 75% of organizations report that their security team is currently understaffed and the same proportion say they have difficulty attracting qualified candidates. Over four in 10 organizations report that the difficulties they've faced with recruiting and retaining employees has led to increased investment in cybersecurity automation tools. However, 76% of respondents report that machine learning and AI tools and services aggravate the problem because they increase the need for more highly skilled IT security staff. And only 15% of organizations report that AI is a dependable and trusted security tool for their organization.

This jibes with what a lot of experienced security practitioners have to say about automation. 

"It is very tempting to think that automation will fix a lot of cybersecurity issues. However, automation mechanisms are worthless without a staff which can smartly leverage them and implement them," says Frank Downs, senior manager of Cyber Information Security Practices at ISACA. "An organization can purchase the most incredible intrusion detection/prevention system in the world. However, if they don't have the staff to configure, implement, and manage it — it might as well stay uninstalled." 

That's not to say that there's no value in automation, it's just that the same principle of "GIGO" applies for cybersecurity automation as it does for any other technical system.  

"Automation really helps make the people on the team more effective. There's no substitute for human flexibility and intuition, so automation lets you take repetitive tasks off the table and enables people do more interesting work," explains Todd Inskeep, principal for Booz Allen Hamilton and advisory board member for RSA Conference. "That's important, but one of the first things I learned about computers — 'GIGO,' or 'garbage in, garbage out' — still applies with automation and machine intelligence." 

The other issue is that automation tends to follow a maturity path where the most automated systems are never fully up to date with the timeliest threat trends. As a result, there always need to be experienced humans who are adaptable enough to deal with the unknown threats of tomorrow, says Lucas Moody, CISO for Palo Alto Networks.

"If you break it down, automation is about taking care of yesterday's problems. We are automating what we've mastered and what we understand well," says Moody. "In order to tackle tomorrow's challenges, we need to hire professionals who are strategic, creative, and adaptable. We're really looking for those individuals who thrive on change and problem-solving." 

Related Content:

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
HardenStance
0%
100%
HardenStance,
User Rank: Strategist
5/3/2018 | 4:39:00 AM
Good survey research and article
Great to see some survey research that actually tells us something new.

Great also to see an article that triangulates high end quantitative data with expert qualitative inputs. Really well put together, thanks.

Two take-aways for me are that the industry needs to re-double its investment in cyber security career paths for young people as well as re-double its investment in putting ease of use front and center in the design of security products and services.

Yes they already are front and center in many cases. Yes, we are making progress. But yes we do still have to re-double our efforts again (and again). 
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9892
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbit...
CVE-2019-10066
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment i...
CVE-2019-10067
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context...
CVE-2019-6513
PUBLISHED: 2019-05-21
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVE-2019-12270
PUBLISHED: 2019-05-21
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The ...