Cyber security is a constant race between the good guys and the bad guys. In an ideal world, the good guys must always walk two steps ahead of the bad guys to keep the latter at bay. But the ever-increasing cyber attacks indicate that we are often unable to protect ourselves from the bad guys and that we are grappling with serious security skills shortage.
As per a McAfee report titled “Hacking the skills shortage”, the cybersecurity workforce shortfall remains a critical vulnerability for companies and nations across the world. Chris Young, CEO, McAfee, said during the recently-concluded McAfee MPOWER event in Las Vegas that in the U.S. alone, there are some 750,000 people employed in cyber security and 300,00 positions yet to be filled. These unfulfilled positions lead to more workload being put on the shoulders of the existing professionals due to which they change jobs frequently chasing better paycheques.
“If we could make those 750,000 people 20% more efficient, we could eliminate half of those job openings,” Young said. “It’s a matter of discovering where you can improve efficiency.” He said McAfee would be happy to help customers figure out those efficiencies and help them solve it regardless of them using McAfee tools or not.
Young believes a lot of the required efficiency will come from automation and human machine collaboration that McAfee is betting big on. As per a McAfee commissioned report by 451 Research, “As long as there are human adversaries behind cybercrime and cyber warfare, there will always be a critical need for human intellect teamed with technology.”
Citing the report, Steve Grobman, SVP & CTO, McAfee says, “Machine learning means security teams are better informed so they can, therefore, make better decisions. Security executives realise that the intelligence and creativity of their security operations experts are critical business resources. Machine learning is a technology that allows chief security officers (CSOs) to get the most out of human and security product assets.”
McAfee technology seeks to improve the way humans and machines work together to protect the digital enterprise, through implementation of an intelligent security platform, that takes advantage of powerful new technologies, such as machine learning and automation. The company announced the launch of its new product McAfee Investigator that utilises both machine learning and AI to increase the accuracy of investigations by automating data collection and enabling security analysts to assess threats in real time.
With regards to automation replacing humans, McAfee’s stand is clear that human and machines will continue to work alongside each other. “We must leverage machine learning, AI, deep learning etc to learn as much as we can and put the power back to the human’s hands so that they can ultimately decide,” Raja Patel, VP & GM, Corporate Security Products, McAfee told The Startup Observer. The CISO will continue to exist for all critical decisions as he would continue to hold responsibility for the actions. “He can get fired, not the machine,” Patel says.
Technology research firm Gartner echoes the opinion that humans will continue to work in sync with technology. “There is a severe shortage of cyber security skilled workforce and this shortage is going to increase in the future as the threat landscape is changing and workforce with updated skills will always be a requirement. While there have always been multiple technologies to help prevent, detect and respond to cyber threats the human intervention will always be there. Humans and machines have been working together since ages now, but right utilization of each other’s skills will be the best way to move forward,” says Rajpreet Kaur, Senior Research Analyst, Gartner.
McAfee also believes that no one person, product or organisation can fight cybercrime alone, which is why McAfee announced the OpenDXL initiative in 2016, launching an open industry standard for all developers. This year, McAfee announced the widescale adoption of the data exchange layer (DXL) and interoperability with Cisco Platform Exchange Grid (pxGrid) which work together to share threat event context and enable automation between the network and endpoint.
To fill the skills gap, Rajpreet Kaur, Senior Research Analyst, Gartner has the following recommendations for cyber security companies:
- Build automation wherever possible.
- Make using of advanced tools using machine learning and AI techniques.
- Integration is the key to success, develop open APIs and do OEM partnership with leading cyber security vendors so that your tool can talk to other tools in the ecosystem.
- Hire the right people, get them trained regularly so that their skills are updated and work towards retaining them.