There is a gaping hole in the digital defences that companies use to keep out cyber thieves.
The hole is the global shortage of skilled staff that keeps security hardware running, analyses threats and kicks out intruders.
Currently, the global security industry is lacking about one million trained workers, suggests research by ISC2 – the industry body for security professionals. The deficit looks set to grow to 1.8 million within five years, it believes.
The shortfall is widely recognised and gives rise to other problems, says Ian Glover, head of Crest – the UK body that certifies the skills of ethical hackers.
“The scarcity is driving an increase in costs,” he says. “Undoubtedly there’s an impact because businesses are trying to buy a scarce resource.
“And it might mean companies are not getting the right people because they are desperate to find somebody to fill a role.”
While many nations have taken steps to attract people in to the security industry, Mr Glover warns that those efforts will not be enough to close the gap.
Help has to come from another source: machines.
“If you look at the increase in automation of attack tools then you need to have an increase in automation in the tools we use to defend ourselves,” he says.
‘Drowning’ in data
That move towards more automation is already under way, says Peter Woollacott, founder and chief executive of Sydney-based Huntsman Security, adding that the change was long overdue.
For too long, security has been a “hand-rolled” exercise, he says.
That is a problem when the analysts expected to defend companies are “drowning” in data generated by firewalls, PCs, intrusion detection systems and all the other appliances they have bought and installed, he says.
Automation is nothing new, says Oliver Tavakoli, chief technology officer at security firm Vectra Networks – early uses helped antivirus software spot novel malicious programmes.
But now machine learning is helping it go much further.
“Machine learning is more understandable and more simplistic than AI [artificial intelligence],” says Mr Tavakoli, but that doesn’t mean it can only handle simple problems.
The analytical power of machine learning derives from the development of algorithms that can take in huge amounts of data and pick out anomalies or significant trends. Increased computing power has also made this possible.
These “deep learning” algorithms come in many different flavours.
Some, such as OpenAI, are available to anyone, but most are owned by the companies that developed them. So larger security firms have been snapping up smaller, smarter start-ups in an effort to bolster their defences quickly.
‘Not that clever’
Simon McCalla, chief technology officer at Nominet, the domain name registry that oversees the .uk web domain, says machine learning has proven its usefulness in a tool it has created called Turing.
This digs out evidence of web attacks from the massive amounts of queries the company handles every day – queries seeking information about the location of UK websites.
Mr McCalla says Turing helped analyse what happened during the cyber-attack on Lloyds Bank in January that left thousands of customers unable to access the bank’s services.
The DDoS [distributed denial of service] attack generated a huge amount of data to handle for that one event, he says.