New Research has revealed that overworked and understaffed security departments are forcing 63% of IT decision makers to use AI technology solutions to automate their security processes.
A recent report from Tripwire found that a staggering amount of businesses in all sectors are majorly struggling to implement appropriate cyber security measures, which are vitally needed by the organisation, and also struggle to adequately fill security teams or are already understaffed in this area.
68% of IT security professionals are now worried that their organisation could be exposed to cyber threats due to their inability to keep abreast of cyber vulnerabilities. 60% are concerned they will lack the knowledge and experience of even identifying and responding to emerging cyber threats in a timely manner, and 53% fear their organisation will lose the capability to manage and protect configurations properly.
Due to the continuous shortage of expert cyber security personnel, a majority of businesses have had no choice but to outsource detection and prevention, automate technologies, and increase their training programmes, according to a new report from Trend Micro.
69% of IT Leaders informed Trend Micro that Artificial Intelligence (AI) could be used in everyday cyber security jobs which would lessen the impact from the lack of professional security employees, and 63% of them said they’re going to utilise AI technology to automate their security processes.
Greg Young, Vice President for cyber security at Trend Micro said: “There’s a real and critical shortage of cybersecurity people. But there’s a fix for it today. AI and machine learning can reduce the workload today on the people we have, by handling the low value tasks we currently use our high value people for.
“Next is lowering the tsunami of low value alerts we throw at teams. More security products adding more alerts is not helpful, instead, when we add smarter and integrated security it should have more intelligence and be better integrated, ideally reducing junk alerts.
He further added: “More security data collected doesn’t have to mean more alerts, that data should be used to weed out the false alarms. Let staff focus on the real and complex attacks. Satisfying work is a staff retention element in this tight cybersecurity people market”
Commenting on IT decision makers planning to adopt AI technologies to automate their cyber security tasks, Jan van Vliet, VP EMEA at Digital Guardian, said that a continued skills shortage and increasing comfort levels with cloud technology will provide a surge in demand for managed security services in 2019. He said: “The winning solutions will be those that leverage the power of artificial intelligence, and its subset, machine learning, to help identify and manage threats hidden within the sheer volume of data produced by organisations today.”
According to Steve Wainwright, MD EMEA at Skillsoft believes the most effective strategy is not employing staff with the relevant skills required for digital transformation, but for organisations to train existing employees to prepare for digital transformations. He said:“Businesses know the skills of tomorrow, but helping the employees of today achieve proficiency in them will be crucial to long-term success. Helping employees gain skills that will make them productive in the workplace will also offer their organisation a competitive advantage. It will prepare employees for the roles of tomorrow while driving transformation within the organisation.”
At the end of last month, the Solicitors Regulation Authority attended the LegalEx conference where they presented on cyber crime. During their presentation, they highlighted that the vast majority of cyber attacks reported to them involve email compromise – and that everybody is now 20 times more likely to be a victim of cyber crime than a victim of in-person crime.
Jen Williams, head of IT and security specialist at Lawyer Checker comments on the usage of AI for cyber security. She said:
“Although the introduction of AI into the security space can have some advantages for huge firms who are dealing with large volumes of false alerts, for the vast majority of Law firms, this just isn’t relevant or realistic. Law firms are more likely to suffer a cyber attack due to low tech methods such as phishing or having their domain spoofed. Law firms would be much wiser to spend their cyber security budget on verifying that they have implemented the basics correctly.
“The National Cyber Security centre has already published a report specific to the legal sector advising them on what security steps to take. The report recommends implementing DMARC on all domains to prevent them been used in a spoofing attack where a criminal can send an email legitimately looking like it has come from your firm. This can be achieved very simply using tools like OnDmarc. The report also recommends that firms can prevent up to 80% of cyber attacks by implementing the controls under the Cyber Essentials Scheme.”
