According to research into the UK cyber security labor market, carried out on behalf of the Department for Digital, Culture, Media and Sport (DCMS), approximately 680,000 businesses (50%) have a basic skills gap. The people in charge of cybersecurity in those businesses lack the confidence to carry out the basic tasks laid out in the government-endorsed Cyber Essentials scheme and are not getting support from external cybersecurity providers to plug that gap.
It seems to be a problem that we cannot get away from, but part of the answer may lay in the way in which new technologies such as artificial intelligence (AI) and machine learning (ML) can support the fight through the automation of some tasks and relieve already stretched cybersecurity staff to focus on higher-value tasks within their role.
AI and ML have had several false dawns over their history, usually due to unrealistic expectations and misrepresentation in the mainstream media. But these technologies have advanced immensely and are a part of our everyday lives. Advances in speech and image recognition and areas such as drug discovery are entirely down to how AI/ML technologies are deployed. The technology is also used to automate repetitive tasks in various industries, from accountancy to environmental modeling.
Many companies have begun taking advantage of AI and ML to streamline their business, and for some sectors, this has started to cause concern about how jobs will be affected. Cybersecurity professionals, on the whole, believe AI and ML can help, especially by automating repetitive tasks. This will give them the time to expand our experience and analytical skills to make a real difference rather than firefighting.
In addition, the use of AI and ML can help improve security by increasing the volume of data that can be analyzed — a particularly powerful tool in threat detection. This would undoubtedly reduce the likelihood and impact of a cyber event. AI and ML, deployed correctly, will uncover more security vulnerabilities and identify live threats faster than any human can.
The Two Skills Elephants in the Room
So, if AI and ML can make such a huge difference in the cybersecurity world, what is the problem? For one, as an industry, we need to be prepared to use these tools. However, they are not tools that should be left to complete autonomy — that would be irresponsible and not something any cyber professional could stomach today. Skilled professionals are needed to train and monitor their performance.
In effect, by wanting to use this new generation of cybersecurity technology, we are widening rather than closing our skills gap as things stand today. Cybersecurity professionals are in high demand, with little supply. AI/ML professionals, too, are in short supply. The Venn diagram where the two skills groups cross is nothing short of a desert.
The World Economic Forum Future of Jobs Report 2020 lists AI and ML specialists as the second most highly demanded emerging job role. Cybersecurity remains in the top 10, reinforcing the pressure enterprises are under to protect their assets and customers from an increasingly dangerous threat landscape.
For the rains to fall and the desert to turn into a forest, organizations and academic institutions will need to invest in creating a new generation of professionals with competencies in AI/ML and cybersecurity. It will take a long time for these people to come through traditional academic routes, and it would be a mistake for the industry to limit itself in this way. Our ongoing collective struggle with attracting candidates from diverse backgrounds, including those currently working in other careers, is a huge shackle slowing us down.
Strides are being made by a number of notable campaigns, but more needs to be done to realize the full potential of AI and ML in the cybersecurity sector. The tools alone are not going to help us protect the networks for which we are all responsible. Our skills gap is already vast, and now we need even more varied skills. If we do not act fast to upskill AI and ML in cybersecurity, the gap will widen even further, and the threat through our own engineering will become even greater.