Story image

Using AI to address the cybersecurity skill shortage

14 Aug 18

Article by IBM New Zealand security practice leader John Martin

Humans are the weak link when it comes to cybersecurity - over 90% of security incidents are attributable to human error.

This is when people do things like click on a bad link, open an attachment which is laden with malware or fail to change default passwords.

However, humans are also our greatest strength when defending ourselves from cybercrime.

Security analysts monitor processes and activity, research and respond to incidents, perform testing and proactively manage organisational threats.

It’s a role that taps into some uniquely human characteristics, including investigative curiosity, a passion for problem-solving, strong ethics and an understanding of risks.

The problem is that there is an expected shortage of over 1.8 million security professionals worldwide over the next few years.

Couple that with the fact that cybercrime costs the global economy US$600 billion each year and we have a perfect storm brewing.

While cybercriminals hone their craft, the businesses defending against them literally have empty seats at the other end of the wire.

This skills shortage is pushing many organisations to consider managed security service offerings rather than trying to compete for that talent and grow the capabilities in-house.

The centralisation of security resources in these security operations centres (SOCs) also enables greater collaboration and sharing of information on threats and how to stop them.

IBM’s command centres now manage over 20 billion events per day, with more than 3,700 clients worldwide in 133 countries.

It’s managing that growth by augmenting human expertise in SOCs with Artificial Intelligence (AI).

At a consumer level, AI can help spot phishing websites and filter spam.  

At an organisational level, AI can support teams of security analysts poring over an estimated 200,000 security incidents per year.

The AI system can look for threats to the business and alert the humans to investigate or respond when anomalies occur.

The rise of the new collar job

There has been plenty of debate on the role AI will play in our future.

Some point to the technology as a job killer, but in the world of cybersecurity, AI could actually be a job multiplier and create opportunities for “new collar” positions.

A new collar job is a job that prioritises skills, knowledge and willingness to learn over a university accreditation.

That means an employee doesn’t necessarily need a four-year degree in computer science to make a difference in an SOC.

IBM is not alone in this line of thinking; last year hundreds of New Zealand companies endorsed an open letter from the Strategic Insights Panel committing to removing tertiary qualification requirements from the skilled job openings in their workplaces.

People with the right skills and aptitudes can be taught the necessary technical skills on the job, in community college classrooms, and through modern vocational and skills education programs.

IBM created a new education model in the US called Pathways in Technology, or P-TECH, as one way to train these new collar workers for a job in cybersecurity.

Accelerating growth with AI 

Launched in 2011, P-TECH provides public high school students aged 14 to 19 with a clear path to post-graduate opportunities in fields aligned with the skills employers are looking for. They combine the best of high school, community college, hands-on-skills training and professional mentoring.

There are now nearly 100 P-TECH schools around the world, including ten in Australia, and IBM is exploring opportunities to introduce the programme in New Zealand.

Once these P-TECH graduates enter the workforce, AI helps them get a fast start.

For example, junior analysts now have the ability to investigate a new malware infecting mobile phones of employees, as the AI system helps to augment the analyst’s daily activities like an assistant.

It would quickly research the new malware impacting the phones, identify the characteristics reported by others and provide a recommended remediation.

With the threat landscape rapidly changing rapidly and the sophistication and numbers of threat variants becoming more complex, traditional approaches are falling short.​

IBM sees AI as the clear path forward and is investing in AI to help organisations defend themselves and cope with these challenges.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.