I didn’t find any compelling stories of emerging threats or data breaches this week. The good news is that it means I can tackle some broader trends and more philosophical issues within cybersecurity. For this week in cybersecurity, let’s take a look at the role of artificial intelligence, challenges of securing elections, and possible solutions for the cybersecurity skills gap.
Here we go:
AI and Cybersecurity
There’s a lot of hype and misinformation out there about artificial intelligence (AI). Artificial intelligence has been tossed around as a marketing buzzword for a few years, which has undermined its credibility to some extent. However, AI also has tremendous real-world potential and it seems that the discussions is shifting to practical applications of AI. For example, the use of AI for cybersecurity.
Networks are under virtually constant siege. AV-Test identifies over 350,000 malicious programs and potentially unwanted applications every day—projecting nearly a billion new threats just in 2019. Attackers have an array of tools that allow them to automate scanning for and compromising vulnerable systems. The sheer volume is too much for manual processes or human effort alone. AI plays a crucial role in analyzing network traffic and potential threats at scale and identifying the events that require more scrutiny by human cybersecurity professionals.
Def Con Voting Village and Election Security
Cybersecurity researchers and practitioners gather in Las Vegas every summer for the Def Con conference. One of the more popular events at Def Con for the past few years has been the Voting Village—a playground of electronic voting machines and other election technology designed to be hacked and exploited by any means possible.
The event is maturing to have more impact in the real-world. The first couple years were more about simply pointing out how vulnerable all of these machines are and sounding the alarm that the integrity of our election results might be at stake. This year, however, things seems to evolve into more of a cooperative effort—less about just pointing fingers and more about how we can work collaboratively to close the hole and secure our elections.
One recent article from Cyberscoop noted, “A more mature village can lead to a more mature election ecosystem. As officials prepare for 2020, they are getting more help on that front. Cybersecurity experts with no prior experience with voting infrastructure are trying to figure out how they can help defend U.S. democracy after Russia’s assault on it in 2016.”
Formal Education and the Cybersecurity Skills Gap
Experts around the world have been talking about the severe shortage of qualified cybersecurity professionals for some time—and the issue doesn’t look like it will improve much in the foreseeable future. As we strive to close the cybersecurity skills gap, though, the question is where will those new skilled professionals come from?
A recent article from Forbes argues that it can’t—or won’t—be through formal education. The author suggests that going to college and/or getting good grades in college are not necessarily indicative of success in the realm of cybersecurity, and that those most inclined to have the skills and experience necessary are less likely to bother with formal education. Demand is high so they can just jump straight into the workforce.
Alert Logic’s Jack Danahy wrote about the challenges of the cybersecurity skills gap and pointed out that cybersecurity is not necessarily something that every company can or should try to do on their own. Managed security services providers (MSSPs) do cybersecurity for a living 24/7 and have the resources—both in terms of technology and infrastructure as well as in human talent—to do the job effectively.
Danahy stressed, “They can attract the security resources that want to work among like-minded teams. They want to be rewarded for thinking of security first, not shunned. They want to learn and grow, to be the object of investment in their advancement and improvement. Non-security organizations can’t provide these options, and so I think that more and more talented security resources, particularly those in the first decade of their career, will gravitate to security services, and the organizations that need the skills, will look there as well.”
You should also read: