The Internet of Things (IoT), AI and Cybersecurity : The Natural Trinity
While all other tech sectors are driven by reducing inefficiencies and increasing productivity, cybersecurity spending is driven by the sharp rise in cybercrime. British insurance company Lloyds estimates that cyberattacks cost around $40 billion each year. Nowhere is that threat clearer than at the junction of the Internet of Things (IoT), AI and cybersecurity.
The confluence of AI attacking the billions of vulnerable IoT devices connected to the Internet every year make the need for more cybersecurity professionals even more valuable. We can’t rely on short-staffed security in this existential fight for survival.
A multitude of studies underline the cybersecurity labor shortage and illustrate the drastic need for more experts to fight cybercrime. The need for these professionals is real and students in higher education have an opportunity to be the next-generation of skilled cybersecurity experts.
According to Burning Glass, “job postings for cybersecurity openings have grown three times as fast as openings for IT jobs overall and it takes companies longer to fill cybersecurity positions than other IT jobs. That’s bad for employers but good news for cybersecurity workers, who can command an average salary premium of nearly $6,500 per year, or 9% more than other IT workers. Or put another way, there were nearly 50,000 postings for workers with a CISSP certification in 2014, the primary credential in cybersecurity work. That amounts to three-quarters of all the people who hold that certification in the United States — and presumably most of them already have jobs. This is a gap that will take time to fill.”
Jennifer Teeters, Director of Authorized Training at Fortinet, the $9B security networking vendor says that “while the workforce shortfall is one we cannot ignore, the question becomes how do we load the pipeline of skilled workers in the field.” She continues, “many higher education institutions are not equipped to give students the education or hands-on training required for their students to enter the corporate world prepared for these roles. Students in higher education environments need to be given the tools and curriculum to give them a leg-up in order to enter into these positions straight from college.”
“Investors have also gone on buying sprees as companies have been snapped up for their cybersecurity technology or in-demand security engineers,” according to Teeters.
Teeters leads the Fortinet Network Security Academy (FNSA) program, which runs over 90 Academies in 36 countries, training a next generation of security professionals to fill the overwhelming gaps between qualified workers and the staggering number of security professional jobs that go unfilled.
The FNSA program is designed to provide industry recognized Fortinet training and certification opportunities — previously restricted to the company’s customers and employees — to Academy students around the world.
In only two years, Fortinet’s program has grown from inception to the point where it partners with educational organizations, nonprofits and veterans’ groups to train students who can provide great value to future cybersecurity employers. Fortinet has plans to expand the program quite significantly as students finish the program with the skills needed to help protect global organizations from cyberattacks.
Teeters believes that Academy graduates will be “recognized in as an elite group who can command high salaries and play an essential role in the cyberterrorism fight.”
The need for these individuals has ramped up based on the fact that IoT is so prevalent, leaving millions or billions of unsecured “things” — sensors that can collect data and communicate it over networks.
The trends in security spending call for more trained professionals to combat cybersecurity.
Cybersecurity Ventures estimates that the market for cyber products and services will be $1 trillion cumulatively over the next five years. Cybercrime has dwarfed security spending over the past decade. Companies and governments are finally spending massive amounts to fight this threat. The market is finally beginning to catch up out of sheer necessity. As a result, the Cybersecurity market grows 35X from $3.5B in 2004 to $120B in 2017. According to Cybersecurity Ventures, spending is predicted to exceed $1T in the next 5 years.
IT analyst forecasts are unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally.
In the wake of Facebook’s hacking of 87M users, companies need to be increasingly concerned about who they connect with. As a result, people are spending to protect themselves and also counter direct attacks after they happen.
And it’s no wonder that artificial intelligence is hot in cybersecurity. As the number of IoT devices is projected to reach into the tens of billions in coming years, enterprise companies will be compelled to embrace AI, machine learning and automation tools to help secure and manage their networks.
“Cybersecurity is beginning to look like an endless game of chess that pits human hackers against AI-enhanced security professionals. It is already possible to automate cybersecurity responses with machine learning and AI. Hackers, however, change tactics frequently, and cybersecurity is not a finite problem that can be solved, as a recent Harvard Business Review article notes. There is no end state where cybercrime goes away or is permanently eliminated. It is, in fact, a cat and mouse game that will remain so.
In any event, machine learning has already changed the rules of the IoT cybersecurity game, making it look more like a chess match that pits machine against machine. However, it will be up to AI-armed security professionals — whether they come out of the Fortinet Academies or elsewhere — to stop vulnerable, or potentially vulnerable, devices from compromising network integrity.
AI can be used to take advantage of IoT devices, but it can also be countermanded to fight the criminals. To that end, we need all the trained professionals we can get.
On the other hand, it is possible that powerful hacking groups — such as those supported by nation states — could be looking at AI to fuel crippling attacks against targets of their choosing.
The other threat of AI, as Elon Musk and others have warned, it is the risk that humans could lose control of AI-enhanced cyber-weapons or that powerful autonomous weapons emerge that can select targets without human intervention.
However, the more obvious AI threat is that human passivity allows IoT devices to be connected without sufficient security. After all, people want IoT devices connected and running their remarkable functionality. Security is an afterthought. It bears emphasis: the network is only as strong as its weakest link. If a nuclear force at sea goes black because of a cyberattack, it could be only seconds until a full-scale nuclear attack and annihilation.
On a less alarmist but equally disturbing note, it was a baby monitor using a default password of “p-a-s-s-w-o-r-d” that enabled hackers to perpetrate the most heinous and costly cyberattack last year.
Greater security strategy that takes into account IoT’s vulnerabilities and an army of trained professionals are needed to fight more such threats. With cyber spending growing exponentially to stay up with cybercrime, efforts to create the requisite counterattack workforce are finally being undertaken in new training programs with great promise.
