Can robotics and AI really fill cybersecurity skills gap?
Posted on March 1, 2021
By Richard Hibbert, CEO at SureCloud
According to a report released by the UN, phishing scams increased by a staggering 350% in the first quarter of 2020, with many targeting healthcare services and hospitals as they struggled to cope during the early months of the COVID-19 pandemic.
This reinforces something we’ve known about cybercriminals for a long time – they’re opportunists. For them, the pandemic is little more than an opportunity to take advantage of businesses as they’re forced to quickly adapt to agile working, throwing new security policies together and asking their IT staff to go above and beyond in order to not leave themselves vulnerable.
Cybercriminals are constantly evolving their efforts to take advantage of businesses that let their guard down, even for a moment. This year, ENISA, the European Union Agency for Cybersecurity, published its 8th annual report which highlighted the growing sophistication of the threat landscape, with malware and web-based attacks topping the list. It paints a sobering picture for businesses concerned with their risk posture, many of them currently struggling under the weight of their cybersecurity budgets.
That, however, may be about to change as AI and robotics begin to play an increasingly prominent role in cyber defence. Technology has permeated every aspect of our working lives and, for the most part, dramatically improved efficiency, and productivity.
It has also increased the ‘surface area’ of a business for attackers, giving them more openings through which to carry out their attacks. It could be said that, while we’ve excelled at adapting technology to make our businesses more profitable and efficient, we’re yet to apply that same technology to the realm of cybersecurity. However, we may be ready to finally turn that corner.
We are now seeing the introduction of AI-driven tools that can draw upon the expertise of a full-time cybersecurity consulting team, interfacing directly with businesses to perform risk assessments, carry out penetration tests, monitor and audit internal controls, and even prepare security strategy reports.
Using such tools, which balance robotics, AI and machine learning with human judgement and expertise, are akin to a business having its own cybersecurity department without the typically large overheads. This makes outsourcing a much more viable option for businesses trying to balance their finances, but can AI-driven technology really increase an organisation’s risk posture in a cost-effective way?
Businesses might justifiably be concerned about outsourcing their cybersecurity to something underpinned by robotics and AI, but it’s important to remember that just because a tool is AI-driven, doesn’t mean it’s AI-exclusive. In some tools, for instance, the robotic and AI elements only serve to complement the human element.
By automating the more mundane, every-day tasks associated with cybersecurity and only asking for human input as and when it’s needed, expertise can be spread more broadly without compromise. By tapping into a broad pool of AI-enabled tools and human expertise without needing to buy or hire them exclusively, businesses can significantly elevate their risk posture and close any skills gap that may leave them vulnerable.
The cybersecurity industry has been experiencing a skills shortage for some time. This shortage has only been exacerbated by the COVID-19 pandemic, with many staff being made redundant or placed on furlough. This has left IT teams spread thin, unable to cope with an increasingly complex threat landscape.
Robotics isn’t about replacing these cybersecurity professionals; it’s about filling the small gaps that are left open when budgets are spread thin and human errors are more likely.
In other words, the role of robotics is to make businesses more robust and resilient. Artificial intelligence is an ally in the fight against cybercrime, empowering consultants with more insight while freeing up their time to focus the more human decision-making aspect of cybersecurity.