2024: Biggest cyber skills gap is around Artificial Intelligence and cloud security

Understandably, there’s a growing disconnect between the increasing sophistication of cybersecurity threats and the ability of IT teams to combat them. In a recent study, approximately “33.9% of tech professionals report a shortage of AI security skills, particularly around emerging vulnerabilities like prompt injection.” This leads to an ever-growing natural concern for IT professionals to learn AI security skills.

Even though cloud computing has been around for approximately two decades, a recent report noted that “38.9% of respondents identified cloud security as the most significant skills shortage… potentially leaving them vulnerable to cloud-specific security threats.” To address this shortage of AI security skills, it’s more evident now that organizations need to invest in upscaling their teams through dedicated AI security training programs. These programs should be based on fundamental AI security knowledge and learning about the evolving threats and new attack methods hackers are using to penetrate cloud environments.

Most security professionals realize that implementing AI security tools provides real-time threat detection and learning capabilities that will help them identify these types of new attacks. Just as important as identifying new attacks is also the use of policy-based automation and security tools, which would allow security teams within any organization to respond to these cyber hacks proactively and at a large scale. 

Additionally, because this is such an ever-evolving threat, cloud environments like Amazon Web Services (AWS,) Microsoft Azure, or Google Cloud are also starting free online classes to invest in hands-on security-based training. This is in the hopes of closing the security gap that currently exists. However, this will not solve this problem alone. IT security teams should be required to implement strong Identity and Access Management (IAM) frameworks that consist of compensating controls like Multi-Factor Authentication (MFA) to mitigate some of the various hyper-personalized phishing attempts powered by AI.

Most IT security companies are now seeing that hackers are targeting weaker parts of the perimeter, such as non-human identities, which control machine-to-machine access. This is critical in cloud environments.  

Security professionals who desire to obtain more knowledge within cloud environments should leverage industry resources from institutes of higher learning. These include the National Institute of Standards and Technology (NIST,) the Cybersecurity and Infrastructure and Security Agency (CISA,) and even the Massachusetts Institute of Technology (MIT).  Other valuable resources include reputable podcasts and online courses for security professionals to upskill themselves and obtain better knowledge of IT security. This also serves to leverage their career objectives. 

Any organization with a vested interest in cloud environments must focus on implementing AI techniques to drive accurate detection and data analysis. Needling Worldwide’s Certification Readiness for AI (ISO 42001) can also help better equip cybersecurity teams to gain a greater understanding and improve their cyber resilience. 

In closing, organizations should seriously consider providing interactive training sessions, free online classes, and incentives to their employees to better equip themselves for facing artificial intelligence and cloud security. This will ultimately allow the organization to create a baseline proactive approach that will be enacted for the foreseeable future.