For the past few years, a major problem has been mounting in the cybersecurity industry: a people shortage.
Even before the outbreak of the current global pandemic, enterprises were hurting in the cybersecurity hiring department. Companies are struggling to find employable cybersecurity professionals to handle an ever increasing and evolving number of new threats from bad actors and an overabundance of security alerts from the systems used to support them.
The Annual Cybersecurity Jobs Report recently predicted that by 2021 there would be a total of 3.5 million unoccupied positions globally.
“The majority of chief information security officers around the world are worried about the cybersecurity skills gap, with 58 percent of CISOs believing the problem of not having an expert cyber staff will worsen.”Harvard Business Review
CISO’s across the world are responsible for building the strategy and teams that are facing accelerating old threats along with some brand new ones including adversarial AI, an expanded attack surface, exponentially increasing false positive alerts, zero-day attacks, and more.
According to a recent (ISC)² report, nearly two-thirds of the organizations surveyed reported a shortage of cybersecurity staff. Their number one workplace concern was a lack of skills or experience among security personnel.
Is there any relief on the horizon?
The good news: Artificial Intelligence (AI) and Machine Learning (ML) can remediate a majority of these concerns. Enterprises are now becoming aware of the exponential benefits an AI layer can provide to their security program.
The issue of monitoring, identifying, and investigating alone (forget proactive threat hunting) are impossible in the era of big data without the support of AI:
- 61% of organizations acknowledge that they will not be able to identify critical threats without AI
- Over half (56%) say their cybersecurity analysts are overwhelmed
- Close to a quarter (23%) are not able to successfully investigate all identified incidents.
- 43% of executives noted an increase in machine-speed attacks (ransomware and other automated attacks)
It’s clear: enterprises and organizations need help. Many still believe that hiring more security personnel is the solution. But there is a better, more streamlined solution.
Adopting the right AI into your organization’s security protocol can reduce the headcount (and budgets) needed to run an effective security program. It’s important to note that not all AI is created equal, and that some AI based on supervised machine learning which requires constant human training and tuning can often cause more problems than solutions. With “third-wave” AI (as defined by DARPA) or “self-learning” AI, you don’t have to rely on historical data, it trains itself so humans are not required to train or tune the system, and it evolves over time to new conditions. What kind of problems can the “right” AI solve for these overburdened security organizations?
One massive problem security teams are facing is the threat of Zero-day attacks, which are a top priority of enterprise security teams. These attacks cost businesses millions of dollars in lost revenue and recovery costs and can cripple a company that is not prepared to respond decisively and effectively. They have also become increasingly common over the past few years. According to the Ponemon Institute’s 2018 State of Endpoint Security Risk Report, 76 percent of successful attacks on organization endpoints in 2018 were zero-day attacks.
The problem with zero-day attacks: they are almost impossible to catch through human led monitoring because of their extreme unpredictability and unknown attack signature. They are also impossible to catch with “second wave” supervised learning based AI which use historical data and human training. There is no way to forecast a zero-day attack because they have, by nature, never been seen before. This is why security teams must rely on utilizing AI that is based on “self-learning” or “unsupervised learning” is important.
Generative Unsupervised AI is needed to predict and identify zero-day attacks in real time. MixMode’s unsupervised AI creates a baseline understanding of a company’s network to identify anomalies as they occur, allowing zero-day attacks to be alerted on as they happen in real time.
This baseline tells the AI what the network should look like at all times and able to discover a zero-day attack because it can tell that something does not look as it should on the network. The AI then alerts a security analyst to this anomaly so that they can look deeper into the problem down to a single IP address.
With unsupervised learning on your side detecting zero-day threats, leaner security teams can now put all focus on responding in an intelligent way, understanding the relevance and consequences of a breach or change in behavior, and in real time develop the right response.
Interested in learning more about how generative unsupervised AI can support your security program? See a demo of MixMode today.