Threat Intelligence

9/5/2017
10:00 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis

There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.

The cybersecurity skills shortage is common knowledge. But while it's true that companies face significant competition to land qualified security employees, it's myopic to argue there's not enough talent out there. To say there's a dearth of security talent suggests that organizations aren't responsible for shortcomings in security hiring practices. The fact is, companies aren't doing enough to strategically cultivate security talent.

As the need for security roles expands, organizations across industries will face growing pressure to hire qualified security professionals. With the bottom line of many businesses hinging on their ability to effectively oversee cybersecurity, companies should consider turning to intelligent solutions to augment the process.

A Deeper Cybersecurity Crisis
As a May CompTIA study revealed, the cybersecurity skills gap is a growing problem, but few companies are proactively addressing the issue. The study, which surveyed 600 IT and business leaders across firms of all sizes, found that 8 out of 10 respondents surveyed said they were concerned about a dearth of IT skills within their organization. Among the IT skills companies believe they're missing, many highlighted cybersecurity as a particular area of concern. Yet despite clearly understanding the need to prioritize cybersecurity expertise, many businesses aren't actively doing that: As the study revealed, fewer than half of respondents said their organization is strategically prepared to tackle the skills gap.

When it comes to cybersecurity, companies that fail to hire and retain skilled workers face major consequences, with the threat of increasingly sophisticated attacks looming for organizations of all types. But as threats evolve, cybersecurity roles are becoming more niche and therefore harder to fill. As another CompTIA report about the evolution of security skills showed, cybersecurity spans an increasingly specific range of functions, from information oversight to analysis to threat mitigation. To meet today's security needs, companies need both breadth and depth of skills. 

Using AI to Fight the Talent Crisis
As businesses struggle to fill crucial cybersecurity roles, they should consider turning to AI-driven tools to help solve the problem. Here are three ways AI can help mitigate the security talent gap:

● Provide better training for non-security workers: A large part of addressing the cybersecurity skills gap is equipping line-of-business employees with baseline security awareness and skills. As IBM's Marc van Zadelhoff has pointed out, cognitive computing can enable companies to distill relevant security information in order to provide their employee base with helpful security skills.

One approach companies should consider is using a leading security expert in the organization to train the company's AI programs. If you have 10 employees with security knowledge who can train these systems, that's even better. Now you have a solution that is as effective as your top 10 security specialists, which can help lessen the likelihood that knowledge gaps will exist between the security technology and the security professionals in the organization.

● Identify security deficiencies within organizations: One challenge many organizations encounter is knowing where to specifically focus their IT hiring efforts. AI-driven technology has the potential to help companies conduct the internal audits necessary to uncover the specific operational areas in which enterprises need to bolster security hiring the most.

As an example, adaptive authentication systems that use machine learning can be used to find vulnerabilities within organizations. These intelligent solutions build risk profiles that can help identify internal and external users that need to be monitored more closely. These high-risk individuals typically handle more sensitive data, whether it's financial or personally identifiable information, which is why they need to be monitored more closely than other users.

● Help prioritize high-level hiring: One of the biggest advantages AI offers is to automate certain entry-level security functions. By automating tasks such as vulnerability scanning — a role that would previously demand entry hires — AI can enable companies to channel their energy toward higher-level security hiring. Bringing on more seasoned security specialists can help organizations scale security systems and strategies to keep up with emerging threats.

This is something companies often do too late in the game. For example, Target brought its very first CISO aboard several months after its 2013 breach. Prioritizing high-level hiring early is essential to prevent a security catastrophe from occurring down the road.

According to recent data from CyberSeek (a resource that tracks the cybersecurity skills gap) the supply of cybersecurity workers nationally is very low. Meanwhile, the same data reports that nearly 300,000 cybersecurity jobs remained open as of March 2017. Faced with an extremely competitive hiring landscape, employers must harness resources to maximize and build upon the talent they have. AI is one tool that can help them achieve this. 

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
CyberMark
50%
50%
CyberMark,
User Rank: Strategist
9/8/2017 | 10:14:15 AM
Cyber Security Employment
I agree that the companies and Universities don't do enough to train security professionals. Especially Universities, I personally have just finished a Master's degree in The UK studying Cyber security. My time spent studying at Uni was wasted, I feel totally let down, they cover too many subjects without honing in on one particular area and helping me achieve professional status.  

SYSTEM PENETRATION TESTING

I.T STRATEGY & MANAGEMENT  

IMPLEMENTING SECURE NETWORK SYSTEMS

COMPUTER FORENSICS

CLOUD APPLICATION MANAGEMENT & SECURITY

RESEARCH & DEVELOPMENT PROJECT

So I now hold a Master's Degree but am still following tutorials online to become an ethical hacker, thankfully YouTube and Udemy have some good videos and maybe I will actually one day gain the knowledge and experience to find employment in the Cyber security field.
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979
PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469
PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146
PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727
PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.