Information Security
- Editor's letterWhen cyberthreats are nebulous, how can you plan?
- Cover story
- InfographicEnterprises feel the pain of cybersecurity staff shortages
- FeatureA cybersecurity skills gap demands thinking outside the box
- ColumnReport shows CISOs, IT unprepared for privacy regulations
- ColumnCISOs, does your incident response plan cover all the bases?
stock.adobe.com
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination.
For security defenses to have any chance of working against cyberthreats, IT professionals need to stay on the offensive. One case in point: The increase in the types of security tools powered by AI and machine learning.
These advanced technologies have definitely improved cyber-response capabilities, giving some hope to cybersecurity pros caught in a seemingly endless struggle to counter attacks on their vital infrastructure and data. But the dark side of AI must remain front of mind. AI can help security teams locate vulnerabilities in their systems. But it's important to remember that bad actors can also use it to locate vulnerable systems.
Is AI a force for good or for evil? It all depends on whose hands it's in.
This is no minor problem, either: Email predicting the exponential spread of AI-embedded devices hits my inbox on a weekly basis. For example, one recent message described a study by ABI Research, which projected that the number of AI-enabled devices will nearly double by 2024.
With so much AI in our lives, on all of our devices, it's imperative that cybersecurity leaders figure out how to level the playing field, and fast. Though hailed as the essential cybersecurity technology of the future, it's also true that it's not the answer to perfect security. Because not only can AI not solve every threat, it is simultaneously creating new cyberthreats. We delve into this critical and timely issue in this edition of Information Security magazine.
This urgent need to stay abreast of AI's potential use by bad actors, moreover, is taking place in an era of chronic security staff shortages. Cybersecurity positions in enterprises, governments and other organizations remain hard to fill. But there is reason for optimism: Some security leaders are rethinking old assumptions about where cyber talent can be found or how it can be developed. In this issue of Information Security, we explore some specific tactics hiring managers are using to plug the skills gap. (Speaking of keeping skills current, after reading this issue, test your knowledge and earn CPE credits by taking our quiz.)
Gone are the days when excellent security meant fortifying the perimeter with the best tech available while staying abreast of new IT security tools. These are still crucial elements to security program planning. But keeping cyberdefenses strong as we approach the third decade of this century also requires imagining what could possibly go wrong -- and employing all of our creativity to prepare for it. It gives the phrase "looking for trouble" a whole new meaning, doesn't it?
Related Resources
- Securing Your IT Assets: A CISO’s Checklist for Software Escrow in Supply Chain... –NCC Group
- Triaging Cyber Risk Across the Enterprise with CyberSaint and IBM watsonx –Replay
- The Ripple Effect: How Latest Cyber Threats and Vulnerabilities Impact Business... –Video
- Threat and Vulnerability Management –Video