The cybersecurity industry faces a skills gap exacerbated by an increasing volume of targeted, repeated cyberattacks.
Ransomware, phishing, account hacking, identity and credential theft, supply chain attacks, and other cyberattacks aimed at stealing user, corporate, healthcare, higher education, and government data continue to hamper operations across the public and private sector.
According to reports, a cyberattack occurs approximately every 39 seconds somewhere on the web. And C-suite leaders are investing healthy portions of their technology budgets as a result—a recent CIO survey released by Gartner found 66% of respondents said they planned to increase investment in cybersecurity.
Government agencies need well-trained and well-equipped staff to protect their networks and systems. But there are just not enough cyber experts to meet the demand as the government competes with the private sector for top talent. Additionally, cybersecurity professionals are overburdened by heavy workloads and time-consuming tasks that have only scaled because of relentless cyberattacks.
Time is of the essence—the federal government “must close the skills gap and hire IT/cyber talent to strengthen our cyber defense,” according to the U.S. Office of Personnel Management (OPM), which provides guidance on ways agencies can modernize IT and increase capacity in the government.
Hackers and cybercriminals are regularly performing reconnaissance seeking to penetrate weak points, including on-premises and cloud networks. Federal agencies should also turn to automation, artificial intelligence (AI), and machine learning (ML) to ensure personal data and intellectual property remain safe—not to replace workers but to empower them with the right tools to augment their skills and address talent gaps in cybersecurity.
Robotic process automation (RPA) and AI offer the workforce intelligent self-service and digital efficiency of repetitive tasks, allowing cybersecurity teams to focus on higher-value tasks. Throughout the day, a cybersecurity engineer may spend a lot of time defining and enforcing security rules and policies for all areas of network infrastructure, scanning for threats and monitoring vulnerabilities to combat attacks, monitoring continuous security audits, and tracking access control to critical resources.
Here are a few ways AI and automation can enhance security team operations by reducing the time from alert to action and mitigating the cybersecurity skills gap.
1. Process and analyze cybersecurity alerts
AI can help address the security alert overload. Some agencies receive millions of daily security alerts that flag potential risks from cybercriminals and nation-state operatives moving through networks to steal data and intellectual property. A cyber team can only manage so many alerts before they are missed, especially with such a large volume of alerts. AI can separate actual alerts from the noise and ensure that critical alerts are at the top of the priority list. AI can also analyze the alerts and add any related context to help government analysts better understand the incident and risks involved, allowing them to take appropriate action. The technology analyzes substantial amounts of data at scale, significantly taking the pressure off cybersecurity teams.
2. Respond to cyber intrusions faster
More security teams rely on AI to stop threats from escalating even at the preliminary stages of a potential compromise. By automating tedious incident tasks, security teams can quickly identify, investigate, and remediate threats. As many experts have noted publicly, reacting in a timely manner is crucial for national cyber defense. AI will reduce the human effort required to respond to security events, enabling security teams to apply their skills to higher-value tasks and empower their decision making.
3. Improve threat hunting
Manual threat hunting can be expensive, time consuming, and draining for human resource staff. Combining automation technologies (including AI and ML) with threat intelligence enhances pattern recognition in data, enabling security systems to learn from experience. As mentioned, AI and ML can also help security teams reduce incident response times and comply with security best practices. Traditional tools that use signatures or indicators of compromise to identify threats detect the majority of previously known threats. But they are not effective for undetected threats. By applying AI, behavioral analysis can be integrated into the threat hunting process. So, using traditional techniques and AI/ML, cybersecurity analysts are more likely to achieve greater detection while minimizing false positives and bridging the skills gap.
Humans and digital assistants working together: what’s next?
Humans working with automation and AI is the best scenario for augmenting security teams and addressing the talent shortage problem. AI can identify patterns and risks that humans cannot see. However, human oversight of AI is still essential to address privacy and ethical issues. Humans still need to determine what is accurate and what is flawed data. However, as networks become more sophisticated, generate more data, and are exposed to increasingly advanced threats, AI and automation will augment security operations teams and help solve the cybersecurity talent shortage.
This is a companion discussion topic for the original entry at https://www.uipath.com/blog/null/how-automation-can-address-government-cybersecurity-skills-gap