Reports of the growing skills gap are alarming, with the number of security positions that need to be filled expanding beyond 2 million over the next few years. While many people see new technologies as a solution to the staff problem, a new research report from the Ponemon Institute finds that automation and artificial intelligence are not a panacea to the talent shortage.
The study Staffing the IT Security Function in the Age of Automation, commissioned by DomainTools, found that many enterprises lack a strong security posture because they can't recruit and retain the highly qualified security teams they need to address the complex threats that put the organization at risk.
Of the more than 600 IT and security practitioners who took part in the survey, 75% admitted that their IT security function is typically understaffed. That number is up from 70% in 2013. One of the key issues to adequately staffing their security teams is that highly technical skills are in high demand.
Though 71% of respondents see AI as a dependable and trusted security tool, 56% believe that a machine cannot be trained to do the tasks performed by the security team. Half of all respondents feel that human beings are better equipped to catch threats in real time.
Joseph Carson, chief security scientist at Thycotic said, “The findings of this report are not surprising at all. Artificial intelligence (AI) and machine learning–powered tools don’t learn all by themselves. They require constant human cognitive input to be able to understand what is normal versus abnormal."
Investing in people as much as technology is a critical step toward narrowing the gap, according to Carson. "Don’t expect to get any value out of AI or machine learning–powered tools if you do not have sufficiently skilled staff to use them correctly. These tools will only be as good as the humans interpreting the output."
One recommendation for organizations from the report's conclusion is to "recognize that investments in automation and AI will not reduce your company’s need for skilled IT security personnel. 63% of respondents say human involvement in security is important in the age of automation."