Threat Intelligence

9/5/2017
10:00 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis

There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.

The cybersecurity skills shortage is common knowledge. But while it's true that companies face significant competition to land qualified security employees, it's myopic to argue there's not enough talent out there. To say there's a dearth of security talent suggests that organizations aren't responsible for shortcomings in security hiring practices. The fact is, companies aren't doing enough to strategically cultivate security talent.

As the need for security roles expands, organizations across industries will face growing pressure to hire qualified security professionals. With the bottom line of many businesses hinging on their ability to effectively oversee cybersecurity, companies should consider turning to intelligent solutions to augment the process.

A Deeper Cybersecurity Crisis
As a May CompTIA study revealed, the cybersecurity skills gap is a growing problem, but few companies are proactively addressing the issue. The study, which surveyed 600 IT and business leaders across firms of all sizes, found that 8 out of 10 respondents surveyed said they were concerned about a dearth of IT skills within their organization. Among the IT skills companies believe they're missing, many highlighted cybersecurity as a particular area of concern. Yet despite clearly understanding the need to prioritize cybersecurity expertise, many businesses aren't actively doing that: As the study revealed, fewer than half of respondents said their organization is strategically prepared to tackle the skills gap.

When it comes to cybersecurity, companies that fail to hire and retain skilled workers face major consequences, with the threat of increasingly sophisticated attacks looming for organizations of all types. But as threats evolve, cybersecurity roles are becoming more niche and therefore harder to fill. As another CompTIA report about the evolution of security skills showed, cybersecurity spans an increasingly specific range of functions, from information oversight to analysis to threat mitigation. To meet today's security needs, companies need both breadth and depth of skills. 

Using AI to Fight the Talent Crisis
As businesses struggle to fill crucial cybersecurity roles, they should consider turning to AI-driven tools to help solve the problem. Here are three ways AI can help mitigate the security talent gap:

● Provide better training for non-security workers: A large part of addressing the cybersecurity skills gap is equipping line-of-business employees with baseline security awareness and skills. As IBM's Marc van Zadelhoff has pointed out, cognitive computing can enable companies to distill relevant security information in order to provide their employee base with helpful security skills.

One approach companies should consider is using a leading security expert in the organization to train the company's AI programs. If you have 10 employees with security knowledge who can train these systems, that's even better. Now you have a solution that is as effective as your top 10 security specialists, which can help lessen the likelihood that knowledge gaps will exist between the security technology and the security professionals in the organization.

● Identify security deficiencies within organizations: One challenge many organizations encounter is knowing where to specifically focus their IT hiring efforts. AI-driven technology has the potential to help companies conduct the internal audits necessary to uncover the specific operational areas in which enterprises need to bolster security hiring the most.

As an example, adaptive authentication systems that use machine learning can be used to find vulnerabilities within organizations. These intelligent solutions build risk profiles that can help identify internal and external users that need to be monitored more closely. These high-risk individuals typically handle more sensitive data, whether it's financial or personally identifiable information, which is why they need to be monitored more closely than other users.

● Help prioritize high-level hiring: One of the biggest advantages AI offers is to automate certain entry-level security functions. By automating tasks such as vulnerability scanning — a role that would previously demand entry hires — AI can enable companies to channel their energy toward higher-level security hiring. Bringing on more seasoned security specialists can help organizations scale security systems and strategies to keep up with emerging threats.

This is something companies often do too late in the game. For example, Target brought its very first CISO aboard several months after its 2013 breach. Prioritizing high-level hiring early is essential to prevent a security catastrophe from occurring down the road.

According to recent data from CyberSeek (a resource that tracks the cybersecurity skills gap) the supply of cybersecurity workers nationally is very low. Meanwhile, the same data reports that nearly 300,000 cybersecurity jobs remained open as of March 2017. Faced with an extremely competitive hiring landscape, employers must harness resources to maximize and build upon the talent they have. AI is one tool that can help them achieve this. 

Related Content:

Learn from the industry’s most knowledgeable CISOs and IT security experts in a setting that is conducive to interaction and conversation. Click for more info and to register.

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
CyberMark
50%
50%
CyberMark,
User Rank: Strategist
9/8/2017 | 10:14:15 AM
Cyber Security Employment
I agree that the companies and Universities don't do enough to train security professionals. Especially Universities, I personally have just finished a Master's degree in The UK studying Cyber security. My time spent studying at Uni was wasted, I feel totally let down, they cover too many subjects without honing in on one particular area and helping me achieve professional status.  

SYSTEM PENETRATION TESTING

I.T STRATEGY & MANAGEMENT  

IMPLEMENTING SECURE NETWORK SYSTEMS

COMPUTER FORENSICS

CLOUD APPLICATION MANAGEMENT & SECURITY

RESEARCH & DEVELOPMENT PROJECT

So I now hold a Master's Degree but am still following tutorials online to become an ethical hacker, thankfully YouTube and Udemy have some good videos and maybe I will actually one day gain the knowledge and experience to find employment in the Cyber security field.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17182
PUBLISHED: 2018-09-19
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations...
CVE-2018-17144
PUBLISHED: 2018-09-19
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...