The cybersecurity skills shortage is common knowledge. But while it's true that companies face significant competition to land qualified security employees, it's myopic to argue there's not enough talent out there. To say there's a dearth of security talent suggests that organizations aren't responsible for shortcomings in security hiring practices. The fact is, companies aren't doing enough to strategically cultivate security talent.
As the need for security roles expands, organizations across industries will face growing pressure to hire qualified security professionals. With the bottom line of many businesses hinging on their ability to effectively oversee cybersecurity, companies should consider turning to intelligent solutions to augment the process.
A Deeper Cybersecurity Crisis
As a May CompTIA study revealed, the cybersecurity skills gap is a growing problem, but few companies are proactively addressing the issue. The study, which surveyed 600 IT and business leaders across firms of all sizes, found that 8 out of 10 respondents surveyed said they were concerned about a dearth of IT skills within their organization. Among the IT skills companies believe they're missing, many highlighted cybersecurity as a particular area of concern. Yet despite clearly understanding the need to prioritize cybersecurity expertise, many businesses aren't actively doing that: As the study revealed, fewer than half of respondents said their organization is strategically prepared to tackle the skills gap.
When it comes to cybersecurity, companies that fail to hire and retain skilled workers face major consequences, with the threat of increasingly sophisticated attacks looming for organizations of all types. But as threats evolve, cybersecurity roles are becoming more niche and therefore harder to fill. As another CompTIA report about the evolution of security skills showed, cybersecurity spans an increasingly specific range of functions, from information oversight to analysis to threat mitigation. To meet today's security needs, companies need both breadth and depth of skills.
Using AI to Fight the Talent Crisis
As businesses struggle to fill crucial cybersecurity roles, they should consider turning to AI-driven tools to help solve the problem. Here are three ways AI can help mitigate the security talent gap:
● Provide better training for non-security workers: A large part of addressing the cybersecurity skills gap is equipping line-of-business employees with baseline security awareness and skills. As IBM's Marc van Zadelhoff has pointed out, cognitive computing can enable companies to distill relevant security information in order to provide their employee base with helpful security skills.
One approach companies should consider is using a leading security expert in the organization to train the company's AI programs. If you have 10 employees with security knowledge who can train these systems, that's even better. Now you have a solution that is as effective as your top 10 security specialists, which can help lessen the likelihood that knowledge gaps will exist between the security technology and the security professionals in the organization.
● Identify security deficiencies within organizations: One challenge many organizations encounter is knowing where to specifically focus their IT hiring efforts. AI-driven technology has the potential to help companies conduct the internal audits necessary to uncover the specific operational areas in which enterprises need to bolster security hiring the most.
As an example, adaptive authentication systems that use machine learning can be used to find vulnerabilities within organizations. These intelligent solutions build risk profiles that can help identify internal and external users that need to be monitored more closely. These high-risk individuals typically handle more sensitive data, whether it's financial or personally identifiable information, which is why they need to be monitored more closely than other users.
● Help prioritize high-level hiring: One of the biggest advantages AI offers is to automate certain entry-level security functions. By automating tasks such as vulnerability scanning — a role that would previously demand entry hires — AI can enable companies to channel their energy toward higher-level security hiring. Bringing on more seasoned security specialists can help organizations scale security systems and strategies to keep up with emerging threats.
This is something companies often do too late in the game. For example, Target brought its very first CISO aboard several months after its 2013 breach. Prioritizing high-level hiring early is essential to prevent a security catastrophe from occurring down the road.
According to recent data from CyberSeek (a resource that tracks the cybersecurity skills gap) the supply of cybersecurity workers nationally is very low. Meanwhile, the same data reports that nearly 300,000 cybersecurity jobs remained open as of March 2017. Faced with an extremely competitive hiring landscape, employers must harness resources to maximize and build upon the talent they have. AI is one tool that can help them achieve this.
- 10 Time-Consuming Tasks Security People Hate
- Cybersecurity's Ceiling
- Cybersecurity: The Responsibility of Everyone