AI security solutions are being deployed to address the cybersecurity skills gap: ISACA


Thirty per cent of survey respondents are using artificial intelligence (AI) and machine learning tools in their security operations to combat cybercrime, according to ISACA.

While adoption is still relatively low, despite the numerous products now available in the marketplace, early indications suggest these solutions provide increased visibility, with respondents better able to quantify attack rates. Additionally, the use of AI is one of the top four ways in which organisations are tackling the cybersecurity skills gap, ranking just behind performance-based training of cybersecurity staff.

“As senior leadership and crisis management teams plan for the new normal, cybersecurity is a key discussion point. Though the use of AI in mitigating the cybersecurity skills gap is still not yet widely adopted, we expect implementation of AI security solutions to increase, as these strategies are increasingly proven beneficial across various industries,” says Ed Moyle, founding partner, Security Curve.

ISACA also highlights the increased use of cloud-based software and how the threat landscape may change as a result.  Enterprises continue to embrace software-as-a-service (SaaS) applications for critical business activities and continue to look to platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) solutions to bolster or replace internally hosted resources.

“As resources continue to move externally, a shift in the number of attacks from end-user computing environments to cloud services providers is probable,” says Jo Stewart-Rattray former ISACA board director and Director of Information Security & IT Assurance, BRM Advisory. “This may also lead to a decrease in an enterprises’ visibility into the type and number of cyberattacks, as attacks are counted and managed by the cloud provider’s security operations team.”

Cybercrime still underreported

The top attack types are social engineering (15%), advanced persistent threat (10%) and ransomware and unpatched systems (9% each). Yet, respondents believe that cybercrime remains underreported, with 62% of professionals believing that enterprises are failing to report cybercrimes, even in situations where they have a legal or contractual obligation to do so.

This trend, highlighted in last year’s report, continues unabated. Worryingly, as some regulations carry a penalty for failure to report, this data suggests many organisations are knowingly or unknowingly taking on regulatory risk. Additionally, as 53% of respondents report that the board of directors has adequately prioritised cybersecurity, it would be expected that the security function would therefore be integrated into enterprise governance. The fact that the perception of underreporting continues given strong coordination with other departments and implicit oversight implies a systemic failure to report.

“These findings also reveal some hard truths our profession needs to face around the need for greater transparency and communication around these attacks, so that practitioners can fully understand and effectively respond to the current threat landscape they are facing,” adds Moyle.

The survey, with responses from more than 2,000 respondents from over 17 industries and 102 countries, found cyberattacks are also continuing to increase, with 32% of respondents reporting an increase in the number of attacks relative to a year ago.