It seems like 2024 is starting off like 2023 with AI one of the hottest topics of 2023, and still a hot topic in 2024. According to Wikipedia, the most viewed article in 2023 was about ChatGPT, more popular even than the Barbie movie or Taylor Swift.
As highlighted in previous newsletters, the shortage of skilled cybersecurity workers remains a significant issue, posing a threat to companies, governments, and particularly the military. As we start the new year, can AI assist in meeting these labor demands, potentially providing solutions to the ongoing labor shortfall? The question that we ask is: how will AI in general address or help the cybersecurity industry? Can it impact one of its most critical issues – the lack of skilled workers in cybersecurity. This amid the backdrop of nation states like China showing an uptick in cyber-attacks on the United States, highlighting the need for this talent gap of skilled workers to be closed as quickly as possible.
While the cybersecurity workforce has significantly increased over the past few years, there is still an alarming shortfall in the number of professionals needed to meet the rising demand. In a study conducted by ISC2, they concluded that “the demand is still outpacing the supply,” even as the estimated global cybersecurity workforce recorded an 8.7% increase from 2022, creating 440,000 new jobs, the highest number historically recorded. Even so, “the cybersecurity workforce gap has reached a record high, with 4 million professionals needed to adequately safeguard digital assets.” In addition, 75% of cybersecurity professionals report that the current threat landscape is the most challenging it has been in the last five years. Only 52% believe their organization has adequate tools and people to respond to cyber incidents over the next two to three years. Perhaps one answer is to combine more skilled workers with secure AI solutions that have been created with carefully crafted guardrails.
According to some prognosticators, AI presents a feasible and cost-efficient answer to labor shortages in the cybersecurity workforce. The cyber landscape is getting more difficult each year. Complications include the rapidly changing threat landscape combined with the labor shortage and the frequency of hackers – especially nation state attackers – which continues to rise. Eitan Worcel, writing for Builtin.com, suggests that no matter how fast the cybersecurity field grows, it can’t keep pace with vulnerabilities that arise daily, and the field needs to increase efficacy and resilience in responses to cyberthreats, including the ability to predict potential threats or vulnerabilities before they happen.
According to Worcel, this is where AI might prove useful: “To effectively secure our digital assets, it’s time we shift our focus from a human-centered approach to one that embraces technology as a partner. This shift is not just necessary; it’s inevitable in our industry.”
He goes on to say that “Rather than viewing technology and automation as substitutes for human expertise, we should see them as complementary tools. The collaboration between humans and machines can leverage the strengths of both — the creativity, intuition, and contextual understanding of humans, coupled with the speed, scalability, and precision of machines. This synergy represents the future of cybersecurity.”
An article on LinkedIn weighed in on the problem with an analysis of the recent Billington Cybersecurity Summit, where government and private sector leaders discussed strategies to address the cybersecurity personnel shortfall. They noted that “analysts are drowning in alerts” – to the point that virtually all of them fear they will overlook a relevant security event because it’s “buried” under alerts. AI, they asserted, is a useful asset, and need not be viewed solely as a threat. IBM research reveals that organizations with extensive automation and AI will identify and contain a data breach 108 days faster than those which do not use the technologies, while reducing the average cost of breaches “by nearly $1 million.” The Linkedin article quoted Mark Gorak from the Defense Department, who indicated at the Billington Summit that as the investment in AI and automation grows, “anyone who thinks AI is going to replace humans in all aspects is wrong. We actually need more humans to work with the AI to make sure that it’s doing what we want it to do.” As the article stressed, it won’t be AI and automated tools by themselves, or more humans that will solve the problem. It will have to be people working to maximize the value of the tools.
Simply increasing the number and volume of skilled workers will not alone solve the problem; instead, AI can help optimize the approach to cybersecurity, making it more efficient and resilient in the face of evolving threats from other nation states. With China increasingly going on the offensive in its attacks on the US, and with cybercrime on the rise, the military, as well as the private sector, is looking to use AI to augment its shortage of workers.
Ellen Nakashima, writing for The Washington Post, recently reported that “The Chinese military is ramping up its ability to disrupt key American infrastructure, including power and water utilities as well as communications and transportation systems, according to U.S. officials and industry security officials. Among the recent attacks are a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline, people familiar with the incidents told The Washington Post. The hackers also attempted to break into the Texas power grid, which operates independently from electrical systems in the rest of the country.” Known as “Volt Typhoon,” this cyber campaign was uncovered a year ago as part of China’s effort to lay the groundwork in the event of future clashes with the US in the Pacific.
In the same Washington Post article, according to Brandon Wales, executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), “it is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict, to either prevent the United States from being able to project power into Asia or to cause societal chaos inside the United States — to affect our decision-making around a crisis.” This represents “a significant change from Chinese cyber activity from seven to 10 years ago that was focused primarily on political and economic espionage.”
Morgan Adamski, director of the National Security Agency’s Cybersecurity Collaboration Center, sounded this important alarm: “This is a fight for our critical infrastructure. We have to make it harder for them.” NBC News reported similar warnings by Jen Easterly, the director of the U.S. Cybersecurity and Infrastructure, who urged people to take very seriously the threat China poses to critical infrastructure in the U.S.
An article in Politico noted that while Russian cyber-attacks have been in the news due to the war in Ukraine, American officials have been increasingly alarmed by China’s advances, particularly as they may impact Taiwan, an important ally of the US.
Politico notes that “China is viewed as one of the most dangerous nations in cyberspace, and its cyber espionage operations are among some of the U.S. government’s top cyber-related investigations. And the intelligence community’s threats assessments have long warned that China is “almost certainly capable” of launching disruptive and destructive cyberattacks.”
In 2020, FBI Director Christopher Wray stated that his agency opens a new investigation into a Chinese counterintelligence effort every 10 hours, and half of the FBI’s counterintelligence investigations are related to China.
It's clear that AI will be an important player in the future of cybersecurity. It remains to be seen how AI will be utilized to help address the cyber workforce shortage, as well as head off potential malicious threats from nation states and other sources.
It’s clear from this report and others that there are some major concerns in the cybersecurity industry – chief among them being lack of workers and the need to utilize new technology such as AI in a way that helps to alleviate this shortage and harden existing networks against persistent cyber threats. Fortunately, CYRIN can help on both fronts. For the education market, we consistently work with colleges and universities both large and small to create realistic training to meet the environment students will encounter when they graduate and enter the workforce.
For industry we continue to work with our partners to address major challenges including incident response, ransomware, and phishing and set up realistic scenarios that allow them to train their teams and prepare new hires for the threats they will face. Government agencies have been using CYRIN for years, training their front-line specialists on the real threats faced on their ever-expanding risk surface.
We also work with all our users to create new content which will fit into this rapidly changing cyber landscape. In an increasingly digitized world, training, and experiential training is critical. Unless you get the “hands-on” feel for the tools and attacks and train on incident response in real world scenarios, you just won’t be prepared for when the inevitable happens. A full-blown cyberattack is not something you can prepare for after it hits. The best time to plan and prepare is before the attack.
Our training platform teaches fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!