The cybersecurity world has been transformed. The days of using simple malware and phishing attacks are over for attackers. Now, cybercriminals are using AI to automate fraud and evade defenses, while generating super realistic deepfakes to commit fraud. The problem? Cybersecurity specialists are ill-prepared to face these AI-driven threats, creating an urgent crisis.
The skills gap in cyber security has been widely reported with over 4 million unfulfilled roles worldwide. However, the latter is a more serious problem: a skills mismatch. It’s not just a case of insufficient cybersecurity practitioners; it’s a case of them lacking the right skills to guard against trendy threats. This is a matter that needs to be discussed urgently.
Why Cybersecurity Skills Need To Evolve
Cybersecurity is a very different place than it once was. Long story short, attackers are already outpacing defenders and using AI to create more complex, large-scale attacks. But for the most part, cybersecurity professionals remain inexperienced in AI-driven defense strategies.
A World Economic Forum report found that 68 percent of cybersecurity jobs now require skills associated with artificial intelligence. Still, less than 20 percent of workers have received considerable training in the technology. This broad skills gap is a serious problem, particularly in an environment where attackers innovate faster than defenders. The transition to AI has created a cybersecurity desert in which security teams cannot address AI-driven cyber threats.
The answer to this problem is simple: cybersecurity professionals must adapt quickly. This includes knowing how AI is integrated into offensive and defensive campaigns, and embracing AI for security techniques as a skill set.
Recent Cybersecurity Threats: The Wake-Up Call
Suppose the skills gap wasn’t a cause for serious concern. In that case, the recent spate of cyberattacks shows that organizations need more than more professionals—better-trained professionals—and they need them now.
- MOVEit Data Breach (June 2023) – A MOVEit file transfer software flaw resulted in a massive data breach, impacting around 100 million individuals (Wikipedia). This was a sign that attackers are exploiting weak links in popular software.
- IRLeaks Attack on Iranian Banks (August 2024) — A hacker group known as IRLeaks targeted several Iranian banks, stealing sensitive data and demanding millions of dollars in ransom from financial institutions. (Wikipedia).
- CrowdStrike Update Disaster (July 2024) — A botched update to CrowdStrike’s Falcon Sensor software resulted in 8.5 million Windows systems crashing worldwide — and approximately $10 billion in damages. Even a good-faith security update can wreak havoc if not executed properly. (Wikipedia).
Experiences like these illustrate the real-world impact of the cybersecurity skills gap. It is increasingly vital that we can predict, track, and mitigate these threats through AI-enabled strategies.
How the sector is bridging the AI skills gap
The good news? The industry isn’t turning its back on the issue. Industry giants are stepping in to bridge the gap, providing much-needed support. In November 2020, rising cybersecurity organizations and certificate authorities, such as (ISC)2 and ISACA, introduced enhanced training and certification paths for AI in enterprise security.
Certifications That Are Raising the Bar
The leading cybersecurity certification training providers have overhauled their curricula to embrace AI-based defense protocols, which will help security experts stay ahead of the threat curve.
EC-Council —Best known for its Certified Ethical Hacker (CEH) program, EC-Council has interwoven its AI-powered threat detection and hands-on hacking simulations into CEHv13. In addition to CEH, EC-Council provides CCSIO, CPENT, CHFI, and CCT certifications.- ISC2 – Added AI risk management techniques to the CISSP certification.
- GIAC – AI-Driven PenTesting and Forensic Analysis are being integrated into Advanced GIAC certifications.
- CISCO – CCNP Security and CyberOps now train professionals for AI-based network security and automated threat response.
These changes illustrate a simple fact: Cybersecurity professionals can’t afford to be stuck in the past. The industry is evolving, and defenders must adopt AI — not merely respond to it.
Big Tech Is Investing in Cybersecurity Training
Besides certifications, tech giants are also turning up to help fill the cybersecurity skills gap.
- Recently, Microsoft announced that it would train one million professionals in skills related to AI-driven security, with a particular focus on emerging markets. (Microsoft).
- Google kicks off a new era of cybersecurity with a brand-new suite of Advanced Security Training programs that will educate security teams on AI-powered cyber defense strategies. (Google).
Cybersecurity’s Future: Adapt or Be Left Behind
Cybercriminals are as quick to adapt to AI. They’re deploying it to automate phishing campaigns, crank out malware that adjusts on the fly, and produce deepfake scams that outsmart even the best security systems.
The question now isn’t whether cybersecurity professionals need AI expertise — it’s how quickly they can acquire it.
What Needs to Happen Next?
- Security Needs To Be Deep IT-Wide—AI applications aren’t “nice” anymore—they’re a need. Hands-on practice with AI-based tools and threat detection is crucial for every cybersecurity professional.
- Certifications Need to Be Up with the Times—As cyber criminals step up, the industry must continue developing AI-driven defense strategies as part of training programs.
- Continuous Learning Is Non-Negotiable – Cyber threats evolve daily. Cyber specialists must protect and defend against it, and that new skill has become far more challenging to navigate. This underscores training and continuing education’s critical role in upskilling to meet that demand.
The future of cyber security doesn’t simply involve hiring more professionals—it’s about ensuring they have the skills needed to battle AI-powered threats.
Because in the cybersecurity world: Adapt or die.
This story was distributed as a release by Kashvi Pandey under HackerNoon’s Business Blogging Program. Learn more about the program
