There is a growing disconnect between the increasing sophistication of cybersecurity threats and the preparedness of IT teams to combat them, according to an O’Reilly study of more than 1300 IT professionals.

The survey found roughly a third of tech professionals were aware of a lack of AI security skills, particularly in addressing emerging vulnerabilities such as prompt injection.

Nearly 40% of respondents identified cloud security as the most significant skills shortage, despite cloud computing’s long-standing presence.

The report also highlighted that AI-enabled security tools are expected to be a top priority in 2024, with 34% of professionals focusing on their deployment, closely followed by a rise in security automation efforts (28%).

Report author Mike Loukides noted AI introduces a whole new set of threats that are only starting to be understood.

“AI has made a lot of progress in the past decade, but when GPT-3 appeared in November 2022, everything went off the rails,” he said. “Everyone, including the security community, was blindsided — both by the possibilities and by the risks.”

Roughly a third of respondents pointed to a shortage of AI skills, particularly around vulnerabilities like prompt injection.

“Companies need more people who understand forensics and red teaming,” Loukides said. “However, it’s likely that these will always be skills shortages — people who do forensics and red teaming must have a solid knowledge of the basics, and they must keep up with the latest developments.”

Concern Over Traditional Threats

Meanwhile, traditional threats like phishing remain a prominent concern for 55% of respondents, while network intrusion (40%) and ransomware (35%) continue to pose significant risks.

On the preventive side, multifactor authentication is widely adopted, with the vast majority (88%) of tech teams implementing it, along with 60% adopting endpoint security and nearly half utilizing a zero-trust model.

However, the survey results also underscore a certification gap: While 51% of companies require certifications for hiring, 41% of security team members remain uncertified, most notably in incident response teams, where 70% were uncertified.

Deploying IT Security Intelligently

Nicole Carignan, vice president of strategic cyber AI at Darktrace, said that faced with limited resources, organizations need to ensure their technology is helping to augment the expertise and skills that they do have.

“Organizations should seek integrated solutions purpose-built for cloud data rather than trying to retrofit on-prem tools,” she said.

Carignan explained with the right implementation, AI can significantly enhance visibility and threat detection across multi-cloud, hybrid and on-premise environments.

“AI-powered agentless cloud solutions can reduce the complexity and costs associated with installing and maintaining agents on cloud resources,” she said.

They can help reduce the performance impact on cloud workloads and can streamline security deployment across large, dynamic environments.

“With tools that provide constant visibility, autonomous investigation and real-time response, security teams can focus their limited time and resources where they are needed most,” Carignan said.

Invest in Training, Partnerships

Stephen Kowski, field CTO at SlashNext Email Security+, added organizations can address AI security skills shortages by investing in specialized training programs and partnering with AI security experts.

“Encouraging cross-functional collaboration between AI and security teams can foster knowledge sharing and skill development,” he said.

Leveraging advanced AI-powered security solutions can also help bridge the gap by automating complex threat detection and response tasks.

To prepare for AI-enabled security tools and automation, Kowski said organizations should first assess their current security posture and identify areas where AI can add the most value.

“Investing in solutions that seamlessly integrate with existing security infrastructure and provide actionable insights is crucial,” he said.

He added upskilling security teams on AI concepts and fostering a culture of continuous learning would help ensure successful adoption and maximize the benefits of these technologies.