Global Survey Reveals Critical AI Security Skills Shortage
As cybersecurity becomes a paramount concern for businesses and governments alike, so do the methods and sophistication of cyber attacks.
Cyber attacks threats are a constant challenge for organisations to protect their digital assets and data across the world.
Yet along with this evolution of cybersecurity has come a growing demand for skilled cybersecurity professionals, particularly in emerging fields such as AI and cloud computing.
Addressing this issue, O'Reilly, a company that provides technology and business learning resources, has released its 2024 State of Security Survey report.
The study, which surveyed over 1,300 technology professionals globally, offers insights into the current state of cybersecurity, emerging threats and how organisations are adapting their security strategies.
AI security skills gap
One of the most significant findings of the report is a critical shortage of AI security skills.
According to the survey, 33.9% of technology professionals reported a lack of expertise in AI security, particularly in addressing new vulnerabilities such as prompt injection.
Prompt injection is a technique where cyberattackers manipulate AI systems by inserting carefully crafted inputs to produce unintended or harmful outputs.
This vulnerability has become increasingly relevant as AI systems, particularly large language models, are integrated into various applications and services.
The report suggests that this skills gap is a direct result of the rapid adoption of AI across industries, outpacing the development of security expertise in this area.
Cloud security expertise lacking
Despite cloud computing being a well-established technology for nearly two decades, the survey reveals that cloud security remains a significant concern.
The report states that 38.9% of respondents identified cloud security as the area with the most substantial skills shortage.
This finding indicates that many organisations are still struggling to secure their cloud-based infrastructure and services effectively.
Consequently, as businesses continue to migrate their operations to the cloud, this expertise gap could potentially leave them vulnerable to cloud-specific security threats.
Emerging priorities and persistent threats
Looking ahead, the report indicates that AI-enabled security tools are the top priority for the coming year, with 34.4% of respondents highlighting this area.
Security automation follows closely behind at 28.2%, signalling a strong push towards automated cybersecurity defences.
However, despite the focus on advanced technologies, the survey reveals that traditional threats remain prevalent.
Phishing, a technique where attackers use deceptive communications to trick individuals into revealing sensitive information, continues to be the primary security concern for 55.4% of respondents, for instance.
This is followed by network intrusion (39.9%) and ransomware (35.1%).
Network intrusion is unauthorised access to a digital network, often to steal data or cause harm, whereas ransomware is malicious software that encrypts files, demanding payment for their release.
The persistence of these "low-tech" threats perhaps highlights the importance of comprehensive employee training and awareness programmes.
Certification and continuous learning
The report additionally highlights a notable gap in security certifications among professionals.
While 51.3% of companies require certifications for hiring, 40.8% of security team members remain uncertified.
This discrepancy is particularly pronounced among incident responders, with 70% lacking certifications.
However, the survey also reveals a strong emphasis on continuous learning within the industry.
The report states that 80.7% of employers mandate continuing education for security professionals, with 32.2% requiring 41 or more hours annually.
Laura Baldwin, President of O'Reilly, emphasises the importance of ongoing education in the face of evolving cyber threats: “Our survey reveals a seismic shift in the security landscape – it's no longer just an IT concern, but a company-wide imperative.
"To truly safeguard our digital future, we need high-quality, continuous learning that goes beyond exam preparation and empowers every employee to be a frontline defender against evolving threats.”
******
Make sure you check out the latest edition of Technology Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Technology Magazine is a BizClik brand