Seattle, WA – May 1, 2018 DomainTools, For better and for worse, the age of automation has reached the cybersecurity industry. Surprisingly, according to new research published today from DomainTools® and the Ponemon Institute, the already profound shortage in skilled IT security personnel is expected to increase with the adoption of automation technologies. Seventy-five percent of respondents divulged that their IT security function is typically understaffed and have trouble attracting qualified candidates. Compounding the issue, 76 percent believe that machine learning and artificial intelligence tools and services aggravate the problem by increasing the need for more highly skilled IT security staff.
The “Staffing the IT Security Function in the Age of Automation” surveyed over 600 U.S. security and IT professionals across industries and found that the cybersecurity skills gap has increased by five percent since the Ponemon Institute began the research in 2013.
“One of the biggest barriers to a strong security posture is attracting and retaining the right people that can deal with complex and serious internal and external threats to the organization,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “This research reveals that despite the adoption of advanced and automated tools, the skills gap has increased, leaving organizations more vulnerable than ever before.”
The hype of artificial intelligence
Forty-one percent of organizations say the inability to properly staff security positions has increased investment in cyber automation tools. Yet despite the hype around this technology, only 26 percent of organizations currently use automation tools as part of IT security, and only 15 percent state that AI is a dependable and trusted security tool for their organization.
“As cyberthreats and threat actors grow in numbers and expertise, organizations worldwide rely on both highly skilled staff and advanced technology to combat these threats,” said Tim Helming, director of product management at DomainTools. “What we’ve found is that automation is great for certain low-skill tasks and the additional work on more advanced threats must be done by a high-skilled security professional, which continue to be in very short supply.”
Additional findings of the study include:
- Sixty-three percent of respondents say human involvement in security is important in the age of automation.
- Sixty percent of respondents believe automation will improve their IT security staff’s ability to do their jobs because it will enable them to focus on more serious vulnerabilities and overall network security (68 percent of respondents)
- Only 23 percent of respondents say automation will reduce the headcount of their IT security function.
To review recommendations for companies to address these challenges, including steps to take to hire the right IT security personnel, visit our blog here.
The study, conducted by the Ponemon Institute on behalf of DomainTools, analyzes a variety of staffing issues within the IT security function in the age of automation. For the report, data was collected from over 600 interviews with top U.S.-based security staff and business executives from industries including financial services, healthcare, government, retail, and technology and IT. The report can be downloaded here and the full data is available by request.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter:@domaintools
Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.