How AI Can Help Fill the Cybersecurity Skills Gap
As we approach the end of 2022, the Common vulnerabilities and exposure metrics for this year continue to show an upward trend and this is a surprise to no one.
Just to level-set everyone, Common Vulnerabilities and Exposures, is often abbreviated as CVE and is a list of publicly disclosed computer security flaws. When someone refers to a CVE, they mean a security flaw that’s been assigned a CVE ID number.
At the End of September, 2022 a new zero day which enables attackers to discretely gain full access to an email system, is actively being exploited on Microsoft Exchange Server, a very popular email platform used by millions of businesses across the globe. Thankfully in early September researchers reported the vulnerability to Microsoft privately, so a fix is in the works.
In July, 2022 the National Institute of Standards and Technology (NIST) posted the following facts about today’s Cybersecurity Workforce Demand:
Globally, the shortage of Cybersecurity professionals is estimated to be 2.72 Million.
35% of hiring managers believe it takes 3-5 years for a cybersecurity professional to become proficient.
78% of decision makers indicate it’s hard to find certified people, which is why 91% of organizations are willing to pay for the training and certification of their employees.
Top tasks identified for entry-level candidates include: Alert and Event Monitoring, Documenting Processes and Procedures, Incident Response, Using Scripting languages and Reporting (Developing and Producing Reports)..
For the full fact sheet, click here.
The data suggests there’s an upward trend in exposure to vulnerabilities combined with staff shortages. Subsequently there’s an increased workload on current Cybersecurity technology and Cybersecurity professionals responsible for detecting new threats and defending their organizations.
Savvy, Cybersecurity leaders should be reacting to the current industry conditions by turning to Artificial Intelligence platforms with the goal to augment existing cybersecurity staff. But, will implementing AI Based technology, really, lead to greater capabilities of existing staff? Let’s find out. Check out this set of “Interactions?” between V.P. Technology Solutions, Randy Blasik and OpenAI using the free to use, playground tool.
Artificial intelligence – The theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.
Using AI to reduce the time it takes a Cyber Security professional to become proficient. Use AI to interpret scripts and Security Telemetry:
Explain what this script does?
import hashlib print(“**************PASSWORD CRACKER ******************”) pass_found = 0 input_hash = input(“Enter the hashed password:”) pass_doc = input(“\nEnter passwords filename including path(root / home/):”) try: pass_file = open(pass_doc, ‘r’) except: print(“Error:”) print(pass_doc, “is not found.\nPlease give the path of file correctly.”) quit() for word in pass_file: enc_word = word.encode(‘utf-8’) hash_word = hashlib.md5(enc_word.strip()) digest = hash_word.hexdigest() if digest == input_hash: print(“Password found.\nThe password is:”, word) pass_found = 1 break if not pass_found: print(“Password is not found in the”, pass_doc, “file”) print(‘\n’) print(“***************** Thank you **********************”) #Explanation of what the code does ”’
1. The user enters the password to be cracked.
2. The user enters the name of the text file containing the passwords to be used to crack the user’s password.
3. Then the code will search for the password in the text file.
4. If found, it will print the password.
5. If not found, it will print a message saying it is not found in the text file. ”’
Explain what this alert means:
The code is a series of key-value pairs that describe an event. The event is a suspicious TCP SYN flow that was initiated by the host with IP xxx.60.129.xxx to the host with IP xxx.131.96.xxx. The event is classified as a DDoS attack, and the source and destination networks are listed as “Uncategorized” and “Public”, respectively. Additional information about the event is also provided, including the duration, number of packets, and number of bytes involved in the attack.
AI acting as a guide to Cybersecurity analysts.
Help me with a process
“Can you start an incident response to an angry customer who’s business is down after a ransomware attack?”
Yes, an incident response can be initiated to an angry customer whose business is down after a ransomware attack. The response may include working with the customer to understand the issue, identifying the root cause of the problem, and taking steps to resolve the issue.
Help me with a process
“How do I identify the root cause of the problem?
The root cause of the problem can be identified by conducting an investigation and reviewing evidence to determine what caused the problem. This may include reviewing system logs, reviewing network traffic, and interviewing customers and employees.
Using AI to simplify Threat Intelligence:
Help me with this report
Summarize this for a high school-grade student: Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.
Two different hackers have found ways to break into Microsoft Exchange Server 2013, 2016, and 2019. One way lets the hacker run any code they want on the server. The other way lets the hacker pretend to be someone else to access information they shouldn’t be able to see. Microsoft is trying to fix these problems.
Having some fun with AI:
I need help deciding
If 78% of decision makers indicate it’s hard to find certified cybersecurity analysts, which is why 91% of organizations are willing to pay for the training and certification of their employees should I still consider using artificial intelligence to augment my existing staff?
Yes, you should still consider using artificial intelligence to augment your existing staff, even if it is difficult to find certified cybersecurity analysts. Artificial intelligence can help to automate some of the tasks that certified analysts would normally perform, freeing up their time to focus on more complex tasks. Additionally, artificial intelligence can help to improve the accuracy of some tasks, such as identifying potential threats.
Do you think Implementing AI Based technology will lead to greater capabilities within your organization? Perhaps consider this. The really bad cybercriminals out there are leveraging AI to ingeniously penetrate your organization’s defenses and steal, encrypt, modify or render your data unavailable. Shouldn’t you be on at least equal footing with them?
By deploying technology with an effective and encompassing AI engine any enterprise will enable your existing team and new hires to get to the root of any attack more quickly, effectively, and accurately to prevent costly data or monetary losses.