Using AI to address the cybersecurity skill shortage
Article by IBM New Zealand security practice leader John Martin
Humans are the weak link when it comes to cybersecurity - over 90% of security incidents are attributable to human error.
This is when people do things like click on a bad link, open an attachment which is laden with malware or fail to change default passwords.
However, humans are also our greatest strength when defending ourselves from cybercrime.
Security analysts monitor processes and activity, research and respond to incidents, perform testing and proactively manage organisational threats.
It’s a role that taps into some uniquely human characteristics, including investigative curiosity, a passion for problem-solving, strong ethics and an understanding of risks.
The problem is that there is an expected shortage of over 1.8 million security professionals worldwide over the next few years.
Couple that with the fact that cybercrime costs the global economy US$600 billion each year and we have a perfect storm brewing.
While cybercriminals hone their craft, the businesses defending against them literally have empty seats at the other end of the wire.
This skills shortage is pushing many organisations to consider managed security service offerings rather than trying to compete for that talent and grow the capabilities in-house.
The centralisation of security resources in these security operations centres (SOCs) also enables greater collaboration and sharing of information on threats and how to stop them.
IBM’s command centres now manage over 20 billion events per day, with more than 3,700 clients worldwide in 133 countries.
It’s managing that growth by augmenting human expertise in SOCs with Artificial Intelligence (AI).
At a consumer level, AI can help spot phishing websites and filter spam.
At an organisational level, AI can support teams of security analysts poring over an estimated 200,000 security incidents per year.
The AI system can look for threats to the business and alert the humans to investigate or respond when anomalies occur.
The rise of the new collar job
There has been plenty of debate on the role AI will play in our future.
Some point to the technology as a job killer, but in the world of cybersecurity, AI could actually be a job multiplier and create opportunities for “new collar” positions.
A new collar job is a job that prioritises skills, knowledge and willingness to learn over a university accreditation.
That means an employee doesn’t necessarily need a four-year degree in computer science to make a difference in an SOC.
IBM is not alone in this line of thinking; last year hundreds of New Zealand companies endorsed an open letter from the Strategic Insights Panel committing to removing tertiary qualification requirements from the skilled job openings in their workplaces.
People with the right skills and aptitudes can be taught the necessary technical skills on the job, in community college classrooms, and through modern vocational and skills education programs.
IBM created a new education model in the US called Pathways in Technology, or P-TECH, as one way to train these new collar workers for a job in cybersecurity.
Accelerating growth with AI
Launched in 2011, P-TECH provides public high school students aged 14 to 19 with a clear path to post-graduate opportunities in fields aligned with the skills employers are looking for. They combine the best of high school, community college, hands-on-skills training and professional mentoring.
There are now nearly 100 P-TECH schools around the world, including ten in Australia, and IBM is exploring opportunities to introduce the programme in New Zealand.
Once these P-TECH graduates enter the workforce, AI helps them get a fast start.
For example, junior analysts now have the ability to investigate a new malware infecting mobile phones of employees, as the AI system helps to augment the analyst’s daily activities like an assistant.
It would quickly research the new malware impacting the phones, identify the characteristics reported by others and provide a recommended remediation.
With the threat landscape rapidly changing rapidly and the sophistication and numbers of threat variants becoming more complex, traditional approaches are falling short.
IBM sees AI as the clear path forward and is investing in AI to help organisations defend themselves and cope with these challenges.