Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

AI

5/1/2018
09:35 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

AI: Not the Cure-All for IT Security Skill Shortage

A new report by DomainTools and the Ponemon Institute finds that while automation will replace low-level security tasks, it will only increase the demand for highly skilled pros.

Business leaders who believe artificial intelligence and machine learning will help alleviate what is soon expected to be a 1 million-plus shortfall in skilled security pros may want to rethink that idea.

Cybersecurity has quickly become a top use case for the rapidly expanding AI field, both for its capabilities to help businesses protect themselves from the growing number of increasingly sophisticated attacks and breaches as well as enabling companies to automate some of the cybersecurity jobs and mitigate what's widely expected to be a large shortfall of skilled IT security workers. ISC(2) is predicting that by 2022, the shortfall globally will reach 1.8 million workers.

At the same time, businesses are embracing AI and machine learning for their cybersecurity efforts.

By 2020, 60% of the Global 2000 businesses will use AI-based security, according to IDC analysts, and a MarketsandMarkets report is predicting that spending on AI security will reach $34.8 billion by 2025, a 31.4% increase over spending in 2017. And despite the rising need for skilled IT security professionals, AI will replace some of the security jobs now being done by humans, including security analysis, intrusion detection and vulnerability assessment. (See AI Is Stealing These IT Security Jobs Now.)

But while automation that will come with AI and machine learning will replace some of those lower-skill security tasks like 24/7 monitoring and threat hunting, it actually will increase the shortage of skilled IT security personnel, according to a report by security platform vendor DomainTools and the Ponemon Institute. Automation may replace those tasks, but that will only increase the need for workers with more advanced skills, according to the report, "Staffing the IT Security Function in the Age of Automation," in which more than 600 IT and IT security professionals were surveyed.

Security skills in an age of automation
"While the majority of respondents believe that automation will improve the IT security staff's ability to do their jobs, it's because it will replace tasks like log analysis," Tim Helming, director of product management at DomainTools, wrote in an email to Security Now. "This leaves more time for the advanced staff to tackle more serious vulnerabilities and overall network security. More than three quarters of the respondents say that the use of automation in cybersecurity will not lessen the need for skilled IT security personnel. The fact is, no matter how sophisticated automation technology becomes, it will never replace human intuition and hands-on experience."

The data in the study indicated that highly-skilled IT security people are in short supply, Helming wrote. As humans are called upon to do even more advanced IT jobs, there will be more pressure on businesses to find people with such skills. Seventy-five percent of respondents said their InfoSec staffs are not only understaffed, but they are having difficulties finding qualified candidates to fill those jobs. In addition, 76% report that the use of tools and services leveraging AI and machine learning will only increase the problem by heightening the demand for more high-skilled people.

Only 23% report that automation will mean a reduction in their IT security staff. Forty-four percent said the use of automation tools will increase their need to higher people with greater technical skills.

The predicted increase in the shortage of IT security people has been talked about for several years, and now there is a growing concern that the increasing use of AI technologies for cybersecurity programs and IT in general will lead quickly to a shortage of AI skills. Hyperscale cloud providers like Google, Microsoft and Amazon Web Services also are cranking up their AI and machine learning capabilities, including in the area of security. (See Cybersecurity AI: Addressing the 'Artificial' Talent Shortage .)

According to the results from the new survey, which was released May 1, 41% of respondents said their inability to find the skilled people to staff their security programs has led to an increase in the investment of automation tools. Still, only 26% said they currently use such tools for cybersecurity, and 15% said AI is a trusted security tool in their companies.


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

New skills
However, while many companies expect automation will increase the need to higher more people, most say such tools will improve their staffs' ability to do their job. Sixty-eight percent of respondents report that their IT security personnel will be able to focus on more serious threats and overall network security, while many of the jobs that AI will automate are time-intensive that are mission-critical but not a good use of staff time.

In addition, 36% said automation will reduce human error.

The key for companies in this time of automation -- where AI and machine learning will replace some tasks but lead to a greater demand for higher skilled workers -- is to find ways to attract and retain talent in a tight market, according to DomainTool's Helming. The study's authors noted that offering better compensation and a career path are keys to getting and keeping talent. The survey found that only 24% of respondents said their companies see IT security as a career path and 39% said their organizations' compensation packages are enough to attract top people.

A little over half -- 52% -- typically promote from within.

Given the "dichotomy" of more automation leading to the need to hire more people, "we are advocates of on-the-job training and continuous education," Helming said.

Companies also said IT professionals need a combination of technical skills as well as "soft skills" -- such as a good work ethic, creative problem solving, dependability and being a team player.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.