Insights from Chris Dimitriadis, Chief Global Strategy Officer, ISACA.
getty
From healthcare to manufacturing to agriculture and beyond, artificial intelligence (AI) is revamping business models and creating new opportunities for organizations to innovate.
Just as AI is reshaping what is possible across a range of vertical sectors, it is also pulling the cybersecurity profession in a bold, new direction. This AI-powered shift in what is possible will not only change the activities cybersecurity practitioners perform daily but also call for new roles and skill sets to be integrated into the profession.
The Cybersecurity Profession Today
Encouragingly, several jurisdictions around the world are taking the initiative to address the expanding skills gap, and they’re defining the cybersecurity profession toward guiding government, industry and academia in a structured manner.
In the U.S., the Workforce Framework for Cybersecurity (NICE Framework) applies across public, private and academic sectors, and it defines seven high-level cybersecurity functions (the categories) linked to 33 specialty areas and 52 work roles describing specific knowledge, skills and abilities. The cybersecurity functions vary from cybersecurity governance to design and development, threat management, operations, analysis and investigation.
Meanwhile, the European Cybersecurity Skills Framework (ECSF) lists 12 cybersecurity professional role profiles along with their identified titles, missions, tasks, skills, knowledge and competencies—varying from those in managerial roles to those in legal, operational, assurance and risk management, among others.
Additionally, the U.K. Cyber Security Council defines 16 specialisms in cybersecurity, from managerial to technical. Those governmental skills frameworks are, in turn, mapped to credentials offered by associations in the cybersecurity space to guide professionals in further building their skill sets.
These are critical initiatives, as the cybersecurity profession may be considered as one. However, the complexity introduced by the rapid adoption of AI and other emerging technologies (plus the creation of larger digital ecosystems and the increased sophistication of cyber threats) points toward the need for a more holistic set of skills per function for cybersecurity to be holistic and effective. Cybersecurity expertise is critical per function, but looking into cybersecurity in a silo is causing many of the failures we see today.
There is a need for cybersecurity professionals to understand the business context of the ecosystem they’re trying to protect in order for them to be targeted and relevant when applying or embedding cybersecurity. There is also a need to understand adjacent domains like audit, privacy, risk, and digital technology governance and management to ensure cybersecurity is integrated to the needs of those domains and not siloed.
Finally, they need to understand emerging technologies like AI, as one cannot protect what they do not understand—whether this means identifying risks and building controls or conducting forensics and investigations in ecosystems that embed AI.
Changes Coming To The Cybersecurity Profession
While AI will continue to change the profession in the coming years, the new, AI-shaped reality has already arrived.
As our whitepaper, The Promise and Peril of the AI Revolution, puts it, "From application programming interface (API) integration to the creation of increasingly persuasive phishing emails, AI opens the door to a much more sophisticated world of cybercrime. Bad actors are already using AI to write malware faster, generate hacking scripts, launch ransomware attacks and convincingly imitate CEO voices." At the same time, we see rising threats against AI, from attacks targeting algorithm manipulation to privacy breaches.
Within that scope, the cybersecurity profession will become exponentially more important in the following years. But in what form?
AI provides an unmatched ability to identify threats and patterns, automate real-time responses, swiftly process entire datasets and speed up recovery operations. The next generation of cybersecurity professionals will need to prepare for a future in which the threat landscape will be more sophisticated, but thanks to AI, there also will be more robust tools to leverage to keep their organizations secure.
For example, IBM is already demonstrating how AI can replace manual processes by automating incident responses—accelerating alert investigations and triage by an average of 55% as well as simplifying access for verified users and reducing the cost of fraud by up to 90%. Microsoft is using AI to provide guidance to cybersecurity teams so they can quickly respond to incidents.
When we look at the tasks that cybersecurity functions are called to perform, we can safely predict that AI will heavily support (if not replace) manual work in areas like data collection, analytics, risk assessment, audits, cybersecurity operations and even the design of cybersecurity architectures.
Audits will be executed upon whole datasets, and AI will recognize patterns invisible to the human eye. AI systems collecting and correlating evidence in real time can run forensics. AI will conduct reporting in a form that is closely coupled with business value and financials. Operations in security operations centers will be fully automated, reducing false positives. Security testing will be more complete, reducing zero-day vulnerabilities. Additionally, risk assessments will be more holistic and targeted to critical assets, and human omissions and mistakes will be reduced.
AI won’t replace cybersecurity professionals, but it will transform the profession. AI will reshape many cybersecurity roles so that practitioners can focus their time and attention on what humans do best—devising strategy, setting policy, thinking creatively, addressing the human element and motives of attackers, applying negotiation tactics, and monitoring the operation of AI itself while applying ethical standards.
Productivity will increase, and the main enemy of cybersecurity—complexity—will gradually fall as the speed, completeness and sophistication of AI will permit more holistic prevention, detection, response and recovery.
Rising To The Challenge
Cybersecurity has long been a challenging field. AI will become a great ally to the cybersecurity profession. At the same time, adversaries will use AI to make the profession more demanding. Action needs to be taken today to educate and upskill cybersecurity professionals and have the cybersecurity community start thinking about the future of the profession. At the end of the day, the way we treat AI today and the effort we put toward preparedness will define the world we will live in tomorrow.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
{Categories} _Category: Takes{/Categories}
{URL}https://www.forbes.com/sites/forbestechcouncil/2024/07/03/the-future-of-the-cybersecurity-profession-with-the-rise-of-ai/{/URL}
{Author}Chris Dimitriadis, Forbes Councils Member{/Author}
{Image}https://imageio.forbes.com/specials-images/imageserve/5fa5af64c1571671084b661d/0x0.jpg?format=jpg&height=600&width=1200&fit=bounds{/Image}
{Keywords}Innovation,/innovation,Innovation,/innovation,technology,standard{/Keywords}
{Source}POV{/Source}
{Thumb}{/Thumb}