Data and securityCyber SecurityAI support: Outnumbered but not outgunned

AI support: Outnumbered but not outgunned

AI support can address the high rates of burnout and skills gap amongst cybersecurity analysts: Piers Wilson, Head of Product Management, Huntsman Security

High-profile data breaches are now a regular feature in news headlines. From the 2018 attack on British Airways which saw thousands of customers’ data stolen to the more recent theft of Airbus employee details – the reality of cybercrime is visible. And yet, at a time when cybersecurity is increasingly critical, it is no secret that organisations are often poorly equipped to fend off attacks.

While it’s common knowledge that the industry faces a severe shortage of cyber analysts, it’s important to understand its scale. ISACA said the shortage would rise to two million this year, while the number of attacks is expected to rise exponentially.

Thin on the ground

To gauge whether this shortage is visible, in 2018 Huntsman Security submitted Freedom of Information requests to government departments across the UK, asking how many cybersecurity analysts were currently employed.

The results showed a worrying trend. Two large Scottish agencies reported no full-time security analysts, while a large Northern Ireland agency reported just two. Meanwhile, other departments reported almost no increase in the number of security analysts employed in the last few years, indicating teams weren’t scaling up to address a growing threat and workload.

At a time when governments counter up to 200 attacks a day, it is obvious that under-resourced defences cannot stand up for much longer. Businesses themselves face the same staff shortages whilst experiencing almost three times the number of attacks, at 578 a day.

Given this scale of threats, the current dependency upon human analysts to manually triage and investigate every single potential threat is unrealistic. Addressing even a few dozen attacks a day reduces analysts’ roles to a game of whack-a-mole, constantly trying to catch new threats popping up from every angle.

Burn out: An inside threat

The skills shortage has only exacerbated the problem, with 63 percent of cybersecurity professionals saying it has led to increased workloads.  As analysts become increasingly stretched, and as attacks multiply, the threat of an over-run workforce and a spiral of successful breaches looms closer. Already, 38 percent of cybersecurity professionals have said they believe the skills shortage is leading to high rates of burnout.

The problem then becomes a self-fulfilling prophecy. Exhausted, over-worked analysts leave their line of work or change jobs, which in turn increases workloads for remaining employees – and so begins a vicious cycle.

One answer is to employ more people with the necessary skills to plug the gap. But training takes time; whether it is through increasing numbers from education, apprenticeships or through career transitions, the shortage isn’t going to be solved immediately. In the meantime, there needs to be continued investment in technology on AI support for the existing analysts.

AI support in an overwhelmed workforce

Many commentators have pointed to AI support as the greatest cure-all, or biggest threat, in security. From single-handedly managing security defences; to attacking faster than defenders can react; to stealing job opportunities from workers – its capabilities are often vastly exaggerated.

But what automation and machine learning can do is reduce analysts’ workload by taking care of time-consuming, mundane activities so that they can concentrate on issues that really demand their attention. For instance, tools that can automatically identify, analyse, triage and quarantine potential threats mean that analysts can focus on resolving true dangers to the network, instead of chasing after every false alarm.

For instance, analysts could dedicate their time to learning from attacks and improving security accordingly. The Heartbleed bug is a prime example of how, if analysts spend their time chasing after threats, dangerous vulnerabilities in networks can escape detection. In 2017, some three years after the vulnerability was initially discovered, 200,000 servers were found to be still unpatched. Analysts not preoccupied purely with reacting to threats would have had far more opportunity to hunt down and resolve these bugs.

Some may struggle to justify the monetary costs of implementing new technologies for AI support; but this is akin to refusing to buy insurance, or locks, because of the cost: the potential costs of not having the right precautions in place dwarfs the initial cost. With research showing a deterioration in the detection of threats looming in the next 12 months, investment is critical to halt further decline.

Governments and businesses alike need to accept that cyber threats are only going to become more aggressive over the coming years. With analyst numbers growing slowly and attacks fast on the rise, the manual approach to cybersecurity risks creating a workforce overwhelmed by the scale of attacks. If organisations do not begin to look at modernising cybersecurity systems and looking at AI support, we risk turning the question of a successful attack from a matter of ‘if’ to a matter of ‘when’.

Chris Huggett, Senior Vice President, Europe & India, Sungard Availability Services had mentioned that the mismatch between the demands and availability of skills for cybersecurity in the UK.

Related Articles

Government and tech industry hold roundtable on IoT security

Cyber Security Government and tech industry hold roundtable on IoT security

4y Jay Ashar
New Army cyber operations centres for MOD

Cyber Security New Army cyber operations centres for MOD

4y Jay Ashar
Competing priorities biggest roadblock to cybersecurity

Cyber Security Competing priorities biggest roadblock to cybersecurity

4y Jay Ashar
Cybersecurity is a market for lemons

Cyber Security Cybersecurity is a market for lemons

4y Bernard Parsons
Compulsory cyber awareness training for Cardiff council staff

Cyber Security Compulsory cyber awareness training for Cardiff council staff

4y Jay Ashar
Room for more cybersecurity over and above GDPR

Cyber Security Room for more cybersecurity over and above GDPR

4y Jay Ashar
A shot in the arm for Bristol's cybersecurity

Cyber Security A shot in the arm for Bristol's cybersecurity

4y Jay Ashar
Cyber security starts with people and processes

Cyber Security Cyber security starts with people and processes

4y Austin Clark