A study conducted by the Information Systems Audit and Control Association (ISACA) has found that a lack of skilled cyber security workers is forcing companies to rely on AI tools to defend against cyber threats.
30% of organisations in Europe have been unable to fill open cyber security positions because of a lack of qualified candidates.
A Cyber Security Jobs Report published by research firm Cybersecurity Ventures earlier this year revealed that the total number of vacant cyber security jobs will touch 3.5 million worldwide by 2021, up from 1.4 million at present.
The report added that by 2021, 100% of large companies worldwide will have a CISO position and that such CISOs will be indispensable as organisations will need security leadership to overcome the shortage of available cyber security talent.
However, a new study conducted by the Information Systems Audit and Control Association (ISACA) now raises several questions, the most important being: will enterprises continue to look for skilled cyber security workers or will they shift completely to AI tools to defend against cyber threats.
The study, titled ISACA’s State of Cyber Security 2017: Current Trends in Workforce Development, states that as many as 30% of organisations in Europe and 27% of organisations in the U.S. haven’t been able to fill open cyber security positions. This is due to several factors.
First of all, close to 70% of enterprises require a security certification for open cyber security positions and close to 55% require experienced and skilled cyber security workers with practical hands-on experience in the field.
However, their requirements are mostly not met as more than 1 in 5 organisations get fewer than 5 applicants for open cyber security positions. Among those who apply, fewer than 1 in 4 candidates are qualified enough to satisfy prospective employers. ISACA concluded that due to the mismatch between demand and availability of workers, as well as the mismatch between qualifications required by employers and those held by employees, the global shortage of cyber security workforce may exceed 2 million by 2019.
To plug their vulnerabilities to cyber threats as a result of such an exposure, a number of organisations are now relying on Artificial Intelligence and machine learning to protect their IT systems and servers.
For example, Endgame, a U.S.-based cyber security firm, recently launched Artemis, a chatbot that allows relatively-inexperienced cyber security specialists to conduct investigations of a large server without having to learn advanced skills.
Similarly, Booz Allen Hamilton, a U.S. defence contractor which has suffered various breaches in the past, is now using AI tools to categorise cyber threats so that cyber security workers can concentrate on the most critical threats at a given time.
Recently, Michael Wignall, CTO for Microsoft UK, batted in favour of AI tools and machine learning as cyber security weapons, stating that it is vital for organisations to attune themselves with the changing technology environment.
‘It’s vitally important to understand your technology environment and how it’s changed – you’re now much more connected than ever before. We have to think about cybersecurity in a very different way.
‘A lot of the threat isn’t as targeted and sophisticated as you might think, it’s actually much more opportunistic – they’re taking advantages of some of the changes in the tech landscape. If you’re not taking advantage of AI in your systems, you better believe that the attackers are – so you’ve got to keep up,’ he said.