News & Analysis

Cybersecurity Conundrum: AI or Certifications?

While AI is being touted as a magic wand, certifications still doesn’t solve resource shortage

Cybersecurity is in the throes of change, as in fact is the entire IT and IT-enabled industries. And sole reason could be attributed to the hype around artificial intelligence with GenAI models being presented as the magic wand for every challenge. Cybersecurity researchers believe that AI alone can counter threats posed by AI to data breaches. 

Well, if that seems to be a no-brainer, consider this… A recent survey by Fortinet claimed that 82% of the respondents felt their enterprises would benefit from cybersecurity certifications and 90% would pay for an employee to obtain such credentials. The question now is how do knowledge givers keep pace with the bad actors who are ahead of the curve? 

AI in cybersecurity – the swings and roundabouts

A report by Morgan Stanley believes the solution is simple. “You don’t need to learn a new set of cybersecurity rules. Instead, you should review your current cybersecurity protection and make sure it follows best practices in critical areas such as passwords, data privacy, personal cybersecurity and especially social engineering.” 

Of course, the report is gung-ho about AI in cybersecurity, noting that the products market grew from $15 billion in 2021 and could touch $135 billion by 2030, indicating increased reliance on AI and traditional tools to guard against cybercrime. In fact, security experts are unanimous in observing that AI could help in a few areas. 

These include more accurate cyber attack detections, identification and flagging suspicious emails or messages, simulating social engineering attacks to spot potential vulnerabilities and analyzing massive quantities of incident-related data to provide insights for security teams across large enterprises. 

That’s all fine, but who’ll do the job on ground?

In other words, AI could potentially help identify weaknesses in codebase while insights gathered over millions of cases could provide an edge to cybersecurity companies in preventing future attacks. Which brings us to the moot question of how enterprises themselves should use AI. Or who in these companies should be using AI? 

The industry has been crying hoarse of a 75% shortfall in the cybersecurity labor pool and in such a situation where to find these resources to use AI and develop use cases? Maybe, this is where entry-level cyber certifications could help. Non-profit training consortium ISC2 recently launched such a course in collaboration with IBM. 

Clar Rosso, the CEO of ISC2 believes that a big change that companies need to adopt is to do away with the need to hire cybersecurity experts with IT backgrounds. Instead, they should go for folks with diverse backgrounds, which is where entry-level knowledge and training would come to the fore. 

Of course, ISC2 offers to help any organization willing to train its staff in cybersecurity whereby those completing it would get “Certified in Cybersecurity” certificates. In fact, there are several such courses available. Some of these include: CompTIA Security+, Certified Ethical Hacker programs and the Certified Information Systems Auditor among others. 

Certifications! But beyond the IT professionals

In fact, the Fortinet survey points out that business leaders are turning to certifications that establish technical competencies and develop deeper understandings on how to apply them. Of course, the irony is that Fortinet itself has been struggling with security breaches that put several thousand servers on the watch list. 

The ISC2 beginner-level Cybersecurity Specialist Professional Certificate is offered in 22 languages and based on content that covers five key areas, including security principles, business continuity, disaster recovery and incident response, access control concepts, network security and security operations. 

In fact Rosso is quite sure that the way forward is what the ISC2 is on now. Right from helping non-techies to a career in cyber security to helping the industry deal with shortages on the cybersecurity front. The organization has been tracking this workforce gap and identified cloud security, zero trust and AI / ML as the biggest deficiencies. 

Which brings us to the question asked in the headline – and the answer can be summed up best in the words found in an article published by Security Intelligence… “With a back-to-basics approach, enterprises can reduce risks, mitigate impacts and develop improved threat intelligence.” (You can find out how by reading the full article here)