Already facing a dearth of talent, cybersecurity teams now need additional skillsets to deal with the growing adoption of generative artificial intelligence and machine learning.
This is further complicated by a threat landscape that continues to evolve and a widening attack surface that needs safeguarding, including legacy systems that organizations are finding tough to let go of.
While the number of cybersecurity professionals in Asia-Pacific grew 11.8% year-on-year to just under 1 million in 2023, the region still needs another 2.67 million to adequately secure digital assets.
The global cybersecurity workforce currently is at 5.45 million, up 8.7% from 2022, and will need to almost double to hit full capacity, ISC2 said.
This demand will continue to grow as organizations incorporate AI into more processes, further driving the need for cloud computing, and the need for both skillsets, France noted.
It means cybersecurity professionals will need to understand how AI is integrated and secure the applications and workflows it powers, he said.
Also: Six skills you need to become an AI prompt engineer.
They need to develop offensive AI security skills to ensure models are not tainted or stolen by cybercriminals seeking intellectual property.
All of these risks stress the need for organizations to have a governance plan, with safeguards and risk management policies to guide their AI use, Pizzala said.
Without generative AI, this would have required a series of complex queries and responses that security teams then needed time to decipher.
Without the aid of generative AI, organizations would need specialized experience to interpret data generated by traditional monitoring and detection tools at SOCs, he said.
Echoing Burn's comments on the need for generative AI knowledge, Pizzala also urged companies to build up the relevant technical skillsets and knowledge of the underlying algorithms.
Such skillsets will need to evolve and continue to upskill, he said.
To address these requirements, she said organizations are tapping the knowledge that security operations and software development or product security teams have on infrastructure and adjusting this for the new environments.
Citing Forrester's 2022 Business Technographics survey on data security, she said companies that had six or more data breaches in the past year were more likely to report the unavailability of security employees with the right skills as one of their biggest IT security challenges in the past 12 months.
Tech stacks need simplifying to ease security management.
He also supported the need for businesses to reassess their legacy systems and work to simplify their tech stack.
To plug the resource gap, Curtis Simpson, CISO for security vendor Armis, advocated the need to look at technology, such as automation and orchestration.
Attacks are going to be AI-powered and continue to evolve, further stressing the need for orchestration and automation so companies can move quickly enough to respond to potential threats, he noted.
Defense in depth remains critical, which means organizations need to have complete visibility and understanding of their entire environment and risk exposure.
This Cyber News was published on www.zdnet.com. Publication date: Fri, 29 Dec 2023 01:29:04 +0000