Using Artificial Intelligence to Enhance Cybersecurity Training
Artificial intelligence (AI) made significant strides between 2014 and 2016. The world was treated to improved language translation apps, self-driving cars, smart home devices, and a slew of other AI-enhanced applications and devices. However, during the same time period, cybercriminals raised the stakes for organizations by expanding their attack methods; upgrading their skills; becoming more organized; and obtaining sources of funding for their illegal projects, such as phishing attacks, ransomware, data theft and doxware.
To combat the constant threat of attacks, cybersecurity professionals have increased their use of AI and machine learning to bolster their security and reduce the workload on a security operations center that is often understaffed. However, using machine learning to train cybersecurity analysts is an idea that is just beginning to receive serious attention.
The History of Machine Learning
Machine learning means that the system is capable of improving automatically with experience. Traditional software does not become “smarter” with repeated use; it awaits instructions from the user before executing a command. Software that is capable of machine learning, however, learns to predict the user’s future behavior based on the actions he or she performed in the past. To accomplish this task, the machine relies on data — which should not be an issue for most organizations in the era of big data.
For example, early email spam filters were basically limited to blocking certain addresses that were known to send spam. With machine learning, software can compare emails that have been verified as legitimate with verified spam to identify which elements were more common in each classification. The system learned, for example, that likely indicators of spam included hyperlinks to websites that were known to be malicious, deliberate spelling errors and malware hidden in attachments.
Machine learning is now being used for facial and image recognition and to assign labels to new data. There are thermostats that learn when to adjust temperature settings and refrigerators that can keep track of their contents. In the world of cybersecurity, machine learning can be used for situational awareness, network analytics, malware analysis, insider threat detection and secure coding.
How Machine Learning Can Expedite the Training of Cybersecurity Professionals
It is no secret that there is a serious shortage of cybersecurity talent. According to the Bureau of Labor Statistics (BLS), the demand will be very high for information security analysts through at least 2024. Job opportunities are expected to increase by 18 percent for this occupation between 2014 and 2024; the total increase for all occupations during that decade is projected to be 7 percent. For companies engaged in computer systems design and similar services, the demand for information security analysts is expected to increase by 36 percent. Overall, the BLS expects to see 97,700 slots for information security analysts in the United States by 2024.
The problem is that there are not enough qualified candidates to fill the increased demand. According to a 2015 article Washington Examiner article, cybersecurity hiring is lagging behind; Yahoo’s CIO stated that there were only 4,000 to 5,000 people he could hire in North America who possessed the technical skills the company needed. A major problem in hiring and retaining cybersecurity professionals is the lack of adequate training. Many college programs do not cover the many complexities and varying requirements that the cybersecurity industry mandates.
In an effort to solve the cybersecurity talent gap, some organizations are becoming more willing to hire people who lack traditional credentials or who have not received training in every aspect of cybersecurity. The organizations then invest in training to bring the new hires up to speed as quickly as possible. Machine learning and automation can help with this task in a variety of ways. For example, an AI-enhanced program can learn the proper actions to take for a specific type of incident and notify a junior analyst of the steps to take. There are also AI-powered games that replicate real-life threats without the risks. These games help trainees learn what it is like to deal with an actual threat and to think creatively and adapt when a new challenge emerges.
These types of AI programs can also help solve another critical problem that hampers cybersecurity training. Just as there are not enough qualified individuals to fill the open jobs, there are not enough qualified instructors to provide in-depth training in all aspects of cybersecurity. Furthermore, senior analysts are typically far too busy to ensure that new hires receive proper training.
In the foreseeable future, cybersecurity will require a combination of people and machines. AI can free people to concentrate on the tasks that demand human intervention, leaving the “grunt work” to the machines. However, the cybercriminals are also making use of machine learning; staying secure against attackers means that cybersecurity professionals must ensure that their skills are always up to date. Whether training a new hire or enhancing the skills of a current employee, AI can help ensure that cybersecurity professionals have the knowledge they need to defend their domains.
Rishi Bhargava is co-founder of Demisto.