What is the impact of automation and artificial intelligence (AI) in staffing for cybersecurity functions?
A survey conducted by the Seattle-based cyber intelligence provider DomainTools, in conjunction with the Ponemon Institute, sought to answer this question by polling 1,400 security professionals based across the Asia Pacific (APAC), US, and the UK.
All respondents in the study are responsible for attracting, hiring, promoting and retaining cybersecurity personnel within their organizations.
The research report based from the survey, “Staffing the IT Security Function in the Age of Automation,” provided key insights on the state of staffing for cyber security personnel.
Overall, the respondents in the UK and US were much more confident that automation will improve their cybersecurity staff’s ability to do their job (59% and 65% of respondents, respectively) than APAC respondents (48%), who were also more likely to distrust AI as a cybersecurity tool.
However, APAC may be a little better off as the study found that shortages also seemed to be lower in the region (67%) compared to the UK (70%) and the US (78%).
"The survey reported that 40% of respondents expect an increased need for hires with more advanced technical skills, aligning especially in Asia Pacific where governments and educational institutions are already accelerating specialized cybersecurity programs and initiatives, such as the ASEAN-Singapore Cybersecurity Centre of Excellence announced during the Asean Ministerial Conference on Cybersecurity (AMCC) in September 2018, where ASEAN nations are adopting a rules-based approach to regional cybersecurity frameworks," the study noted.
The cyber think-tank and training center that the report cited has a S$30-million investment from Singapore and the ASEAN.
ASEAN, or the Association of Southeast Asian Nations, is a ten-nation group comprised of Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, the Philippines, Singapore, Thailand, and Vietnam.
Singapore's Deputy Primi Teo Chee Hean, Deputy Prime Minister and Coordinating Minister for National Security said in a speech during the center’s launch that the rapid growth of digital technologies, such as the Internet of Things (IoT), cloud computing and AI has broken down walls and opened up new opportunities for everyone.
"Innovation is key in an increasingly digital future; but so too is resilience provided by robust cybersecurity," he said.
A partial solution
The research report of DomainTools affirmed that automation will provide a partial solution to staffing problems.
For one, respondents said it could relieve cybersecurity professionals of time-consuming and non-cost-effective tasks, such as malware analysis, which is either already automated (50%), or is planned to become so in the next three years (56%).
However, only 35% of respondents think that automation will reduce the headcount of their cybersecurity function: 40% even expect an increased need for hires with more advanced technical skills.
Poll results also clearly indicated a shortage of cybersecurity staff across geographical regions (78% of all respondents admitted their teams are understaffed).
“Contrary to the popular belief that the rise of automation will threaten the job market, organizations now feel these technologies will help ease the current strain on resources, and offer the potential to promote job security for highly skilled staff, while strengthening cybersecurity defenses,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute.
Although there are geographical differences in the level of confidence placed in AI and automation as cybersecurity tools, Corin Imai, senior security advisor at DomainTools, said that the reasons that motivate their adoption seem to be consistent across regions
“The results of the survey reveal that, overall, cybersecurity professionals are confident that automation will make their workload more manageable and will increase the accuracy of certain tasks, without jeopardizing their job security,” he said.