Threat Intelligence
9/5/2017
10:00 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis

There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.

The cybersecurity skills shortage is common knowledge. But while it's true that companies face significant competition to land qualified security employees, it's myopic to argue there's not enough talent out there. To say there's a dearth of security talent suggests that organizations aren't responsible for shortcomings in security hiring practices. The fact is, companies aren't doing enough to strategically cultivate security talent.

As the need for security roles expands, organizations across industries will face growing pressure to hire qualified security professionals. With the bottom line of many businesses hinging on their ability to effectively oversee cybersecurity, companies should consider turning to intelligent solutions to augment the process.

A Deeper Cybersecurity Crisis
As a May CompTIA study revealed, the cybersecurity skills gap is a growing problem, but few companies are proactively addressing the issue. The study, which surveyed 600 IT and business leaders across firms of all sizes, found that 8 out of 10 respondents surveyed said they were concerned about a dearth of IT skills within their organization. Among the IT skills companies believe they're missing, many highlighted cybersecurity as a particular area of concern. Yet despite clearly understanding the need to prioritize cybersecurity expertise, many businesses aren't actively doing that: As the study revealed, fewer than half of respondents said their organization is strategically prepared to tackle the skills gap.

When it comes to cybersecurity, companies that fail to hire and retain skilled workers face major consequences, with the threat of increasingly sophisticated attacks looming for organizations of all types. But as threats evolve, cybersecurity roles are becoming more niche and therefore harder to fill. As another CompTIA report about the evolution of security skills showed, cybersecurity spans an increasingly specific range of functions, from information oversight to analysis to threat mitigation. To meet today's security needs, companies need both breadth and depth of skills. 

Using AI to Fight the Talent Crisis
As businesses struggle to fill crucial cybersecurity roles, they should consider turning to AI-driven tools to help solve the problem. Here are three ways AI can help mitigate the security talent gap:

● Provide better training for non-security workers: A large part of addressing the cybersecurity skills gap is equipping line-of-business employees with baseline security awareness and skills. As IBM's Marc van Zadelhoff has pointed out, cognitive computing can enable companies to distill relevant security information in order to provide their employee base with helpful security skills.

One approach companies should consider is using a leading security expert in the organization to train the company's AI programs. If you have 10 employees with security knowledge who can train these systems, that's even better. Now you have a solution that is as effective as your top 10 security specialists, which can help lessen the likelihood that knowledge gaps will exist between the security technology and the security professionals in the organization.

● Identify security deficiencies within organizations: One challenge many organizations encounter is knowing where to specifically focus their IT hiring efforts. AI-driven technology has the potential to help companies conduct the internal audits necessary to uncover the specific operational areas in which enterprises need to bolster security hiring the most.

As an example, adaptive authentication systems that use machine learning can be used to find vulnerabilities within organizations. These intelligent solutions build risk profiles that can help identify internal and external users that need to be monitored more closely. These high-risk individuals typically handle more sensitive data, whether it's financial or personally identifiable information, which is why they need to be monitored more closely than other users.

● Help prioritize high-level hiring: One of the biggest advantages AI offers is to automate certain entry-level security functions. By automating tasks such as vulnerability scanning — a role that would previously demand entry hires — AI can enable companies to channel their energy toward higher-level security hiring. Bringing on more seasoned security specialists can help organizations scale security systems and strategies to keep up with emerging threats.

This is something companies often do too late in the game. For example, Target brought its very first CISO aboard several months after its 2013 breach. Prioritizing high-level hiring early is essential to prevent a security catastrophe from occurring down the road.

According to recent data from CyberSeek (a resource that tracks the cybersecurity skills gap) the supply of cybersecurity workers nationally is very low. Meanwhile, the same data reports that nearly 300,000 cybersecurity jobs remained open as of March 2017. Faced with an extremely competitive hiring landscape, employers must harness resources to maximize and build upon the talent they have. AI is one tool that can help them achieve this. 

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
CyberMark
50%
50%
CyberMark,
User Rank: Apprentice
9/8/2017 | 10:14:15 AM
Cyber Security Employment
I agree that the companies and Universities don't do enough to train security professionals. Especially Universities, I personally have just finished a Master's degree in The UK studying Cyber security. My time spent studying at Uni was wasted, I feel totally let down, they cover too many subjects without honing in on one particular area and helping me achieve professional status.  

SYSTEM PENETRATION TESTING

I.T STRATEGY & MANAGEMENT  

IMPLEMENTING SECURE NETWORK SYSTEMS

COMPUTER FORENSICS

CLOUD APPLICATION MANAGEMENT & SECURITY

RESEARCH & DEVELOPMENT PROJECT

So I now hold a Master's Degree but am still following tutorials online to become an ethical hacker, thankfully YouTube and Udemy have some good videos and maybe I will actually one day gain the knowledge and experience to find employment in the Cyber security field.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.