Digital Transformation Asia | Can AI Mitigate the Cybersecurity Talent Gap
Can AI Mitigate the Cybersecurity Talent Gap?

September 20, 2019 | by: Lance Librorania

Digital transformation is in full swing, but is cybersecurity keeping up? At least 95 cybersecurity incidents were recorded last month alone — leading to an estimated total leak of 114 million records — indicating significant room for growth in cybersecurity systems. From banks to social media platforms, it’s clear that security breaches are a universal threat to all IT infrastructure.

SOC vacancies leave holes in your defenses

As cybersecurity threats continue to crop up, private and public sectors race to fill their IT talent needs; a tall task considering the forecast of 3.5-million cybersecurity vacancies by 2021. Organizations affected by the staff shortage face increased workload and burnout risk, overcompensation, and underutilization of security tools.

While organizations scramble for talent, experts are looking at another kind of intelligence to fill cybersecurity ranks. 

A semi-autonomous security center

AI’s deep learning and cognitive computing elements can lend a hand in the detection of malware, intrusion, fraud, and even security risk analysis of users and machines. 

Deep learning (DL) AI can process and learn from unstructured or unlabeled data, setting them apart from other machine learning methods that need to be fed structured and labeled information. DL thrives on large amounts of data, an environment the SOC can provide. Cognitive computing, in the same vein as DL, aims to work like the human brain, adopting various AI techniques in machine learning, natural language processing, and human interaction to form insights and make autonomous decisions by itself.

In the same way professionals use analytics to root out anomalies in their network, an AI-infused security information and events management (SIEM) system augments the detection of threats through deep learning methods. The capabilities of cognitive computing with your SIEM brings forth a cybersecurity system that’s constantly learning and adapting to threats. Once an intrusion has been detected, the AI provides insight and lets analysts take action faster. This frees up time for engineers to shift their focus to other priorities inside the SOC, instead of guiding the SIEM hands-on.

The technology may not be exactly ready, but test results are promising. Several studies compiled by the Johns Hopkins University Applied Physics Laboratory on the application of AI methods to cybersecurity saw some false positive rates reach lower than 1 per cent. And while methods and applications can vary, AI technology has a strong chance to fill the gaps in the SOC sooner than we think.