IASACA: “AI Trainning is an Urgent Need for IT professionals”

In this interview with Chris Dimitriadis, ISACA Director of Global Strategy, we discuss how artificial intelligence is transforming the field of cybersecurity and how automation and AI will redefine tasks in the IT sector.

We also address the importance of certifications to stay competitive in the digital environment and for professionals to adapt to technological changes through continuous training.

Artificial Intelligence and its impact on the workplace

– AI is transforming many aspects of work. What specific changes do you expect to see in IT-related jobs due to AI?

AI is transforming IT functions towards a more strategic and data-driven approach. In order to free professionals to focus their efforts on more critical activities, we expect to see automation of the most repetitive and routine tasks, such as system monitoring or database administration. IT professionals will be freed to focus on more critical activities that drive business value. This shift requires professionals with expertise in data analytics and machine learning.

In addition, there is a need for better-trained cybersecurity professionals with AI skills for optimal implementation to detect and respond to potential attacks. The technology sector will increasingly require profiles capable of developing, training and maintaining AI models, a skill that is also applicable in software development.

– ISACA’s recent survey shows that European IT professionals have little training in AI. What are the main obstacles to improving this training?

The recent ISACA survey reveals major obstacles to improving AI training. One of the main challenges is the lack of dedicated educational resources and high-quality AI-focused programmes. Existing training is expensive, which, combined with the limited time available to professionals, makes productive learning even more difficult.

On the other hand, we face a shortage of qualified staff to deliver this training, which affects the quality and availability of courses. In addition, the context of immediacy and the rapid pace of technological developments further complicate matters.

Overall, this is an area of uncertainty, where much work remains to be done. Our State of Digital Trust survey revealed that 49% of organisations identified a lack of staff skills and training as a major barrier to digital trust. To combat this, ISACA is actively developing specialised AI training programmes and resources tailored to the needs of IT professionals, focusing on both technical and ethical skills.

– ISACA’s study reveals that only 17% of organisations have a formal, comprehensive AI policy. What are the barriers preventing more companies from developing and adopting formal policies for AI use?

Many organisations remain unaware of the strategic importance of AI and there is often a lack of integration of these skills into traditional academic curricula, leading to a lack of understanding about the potential of AI in day-to-day operations. This situation is further exacerbated by the lack of AI specialists who can actually drive these processes. Lack of training is at the root of the shortage of skilled professionals, which, in turn, creates a vicious circle: lack of expertise prevents the creation and execution of comprehensive AI strategies. As a result, organisations are unable to fully exploit the potential of AI for innovation and business efficiency.

– Given that 34% of respondents believe they will need to increase their AI skills in the next six months, what types of training programmes and resources does ISACA recommend to help professionals improve their AI skills?

At ISACA, we recognise that AI training is an urgent need for IT professionals, especially with 34% of respondents indicating that they will need to do so in the near term. We are addressing the demand for AI skills through a multi-faceted approach. We have introduced a series of on-demand AI training courses, including ‘AI Essentials’, which covers the basics of the technology, its core principles and potential applications; ‘Auditing Generative AI’, which focuses on risk mitigation and how advances in generative AI can affect audit processes; and ‘AI Governance’, which covers key principles and effective strategies for AI governance.

Our AI Knowledge Centre provides ongoing resources such as articles, blogs and infographics from industry thought leaders, enabling practitioners to stay abreast of AI trends and best practices.

Reskilling, certifications and continuous learning

– The need for reskilling is a recurring theme in the tech world. Why are certifications so important for IT professionals in today’s context? What are the key areas professionals need to focus on to remain competitive?

Certifications play a crucial role in building confidence, both for employers and for the professionals themselves. They validate a person’s skills and knowledge, which often leads to better employment opportunities, more competitive salaries and career advancement, sometimes opening up opportunities for more senior or specialised positions.

Certifications help standardise knowledge across sectors, which is crucial given the rapid evolution of many fields. They are also valuable for organisations, as they ensure that their staff have the necessary skills to effectively secure and manage their systems and data, as well as those of their customers and/or partners. In today’s complex digital environment, having a certified workforce is essential to maintain strong security postures and foster a culture of continuous improvement.

For several years, companies have been encouraging their professionals to train in new technologies to remain competitive in an ever-changing world. While specific needs may vary from company to company, we are seeing a universal demand for skills in Artificial Intelligence, cybersecurity, data privacy, risk management, IT governance and IT auditing.

Cloud computing and data analytics skills are increasingly crucial across all industries. Our recent State of Digital Trust survey found that 49% of organisations identified a lack of barrier to digital trust, underlining the critical need for continued learning in our field. We cannot forget, however, the soft skills that complement them, such as leadership or problem-solving skills. For today’s professionals, and those of the future, the ability to adapt to new technologies and to learn constantly will be essential when facing an ever-changing world.

AI and cybersecurity

– The survey shows that 61% of respondents are extremely concerned about the malicious use of generative AI. How can organisations balance implementing AI for efficiency and innovation while mitigating the associated security risks?

The balance between implementing AI to be more efficient and innovative and reducing the risks associated with it lies in maintaining a holistic approach, with strong governance, continuous risk assessment to avoid or reduce vulnerabilities, and appropriate training. The use of AI must be aligned with strategic objectives, with clear regulatory policies. ISACA stresses the importance of transparency so that automated decisions are understandable and robust.

Organisations’ staff play an important role, so it is essential to invest in staff education and awareness, and training teams in cybersecurity, AI ethics and compliance. This includes not only IT professionals, but all employees, to foster a culture of security within the organisation. Having AI and cybersecurity experts, as well as participating in professional communities and networks, to keep abreast of best practices and developments in these areas will greatly reduce threats, while helping the organisation in its quest for efficiency.

– You mentioned that AI is used both to develop cyberattacks and to detect them. What are some practical examples of how cybersecurity professionals are using AI today to detect and respond to cyberthreats?

While cybercriminals are taking advantage of the possibilities of new generative models to develop increasingly sophisticated cyberattacks, AI can be a very effective tool to combat these same threats. In particular, by applying AI to evidence of perpetration, we will be able to identify patterns that humans cannot discern.

On the other hand, detecting anomalies by analysing large amounts of data in real time, analysing the behaviour of attackers or predicting risks through models that anticipate future danger based on historical trends and patterns are some of the most widespread uses of artificial intelligence when it comes to dealing with cyberattacks.

Cybersecurity in SMEs

– Cybersecurity is a growing concern, and a study by ISACA mentions that 47% of SMEs do not have a formal cyber-attack response plan. In addition, several common cyber threats such as phishing, BEC and malware are mentioned. Could you elaborate on some specific strategies SMEs can adopt to protect against these specific threats? What are the key steps an SME should take to develop and implement a cybersecurity incident response plan?

In this changing digital landscape, cybersecurity has become one of the most urgent priorities for all businesses, including SMEs. A recent ISACA study found that nearly half of SMEs do not have a formal cyberattack response plan, leaving them exposed to a variety of threats such as phishing, BEC and malware, to name a few.

The first step for SMEs to strengthen their defences is to understand the specific cyber threats they face. Each organisation operates in a unique environment with different needs and resources, so identifying threats is crucial. By assessing vulnerabilities, SMEs can identify critical assets, such as information, systems and applications, that are important to their operations. This knowledge enables them to implement appropriate security measures tailored to their specific risks.

Once the different potential threats have been identified, SMEs should formulate an overall cyber incident response plan that includes very clear protocols on how the organisation should act in case of the respective cyber incidents. Clear roles and responsibilities should be established within the team, so that all members involved are aware of their specific role when a breach occurs. This proactive approach not only reduces reaction time, but also minimises the potential damage of an attack.

Employee education and training play a key role in an effective cyber security strategy. Many cyber-attacks are caused by human error, so it is essential that all staff, not just IT, are trained to recognise and respond to threats. Frequent training and testing of response plans is also crucial to increase the preparedness of the organisation and its partners to deal with an incident.

– Given that the average cost of a cyber attack can be devastating for SMEs, what preventative measures does ISACA recommend that are affordable and effective for SMEs?

When it comes to cybersecurity, SMEs have always found themselves between a rock and a hard place. While the average cost of a cyberattack can be devastating for SMEs, they are typically not in a position to devote as many resources as large corporations to digital defence.

Instead, what SMEs should be looking for are basic, easy-to-implement controls that promise maximum value for every dollar spent. What needs to be established is a security-conscious culture rather than mere reliance on sophisticated technology.

At the basic level is employee education. Most cyber-attacks exploit human error. Thus, regular training sessions on identifying phishing attempts and observing basic security protocols can help an SME reduce its vulnerabilities quite significantly. There are also a number of practical and relatively low-cost actions that provide a solid first layer of defence.

To protect against increasingly common ransomware attacks, SMEs must adopt a rigorous prevention, response and recovery strategy, also focusing on their suppliers (a holistic approach involving the supply chain). It is a step that can mean the difference between a minor inconvenience and a business-ending disaster.

– In the context of the news, you mention the importance of working with a specialised partner to improve digital trust. What qualities and services should an SME look for in a specialised cyber security partner?

In these cases, it is very important to have a partner with proven experience in protecting businesses that understands the specific threats facing your sector because, by understanding your unique needs and particular risks, they will be able to develop a customised cybersecurity plan.

The partner must also know how to deliver a flexible and scalable plan, as your cybersecurity needs will evolve as your business grows. He or she must also be able to explain complex technical concepts in simple terms to keep you informed about the state of your cybersecurity.

Ultimately, the right cybersecurity partner should feel like an extension of your team. They should understand your business objectives and tailor their security strategy accordingly. It’s not just about implementing technology, it’s about building a relationship of trust and collaboration.

– The ISACA study highlights that 36 per cent of SMEs do not offer cybersecurity training to their employees. What types of training do you consider essential for employees to be an effective line of defence against cyber threats?

ISACA provides a variety of educational resources tailored to SMEs to bridge this knowledge gap. From webinars to white papers to conferences, these resources help SMEs stay up to date on the latest threats and best practices. In addition, ISACA certifications, such as CISA, CISM and CRISC, demonstrate cybersecurity competency and can help SMEs take their cybersecurity to the next level. These certifications will not only ensure competence, but will also help SMEs attract and retain the necessary talent.

Innovation and the future of technology

– How do you see technology continuing to evolve over the next 5-10 years, and what challenges and opportunities do you foresee? What role will ISACA play in the future of technology development and digital trust?

We are on the threshold of a technological revolution. Artificial Intelligence, quantum computing and the Internet of Things are about to reshape our world in ways we are only beginning to understand. We believe we are heading towards a future where decision-making in industries will be driven by AI, and quantum computing opens up new frontiers in data processing and problem solving. The potential for innovation is staggering, but where the power is greatest, so is the responsibility.

Indeed, the challenges on the horizon are as great as the opportunities. However, we must remember that the more we depend on technology, the more vulnerable we become. We continue to expect a significant increase in the frequency and sophistication of cyber-attacks. The cyber security landscape will have to change rapidly to keep pace.

However, it’s not all about defending against threats – there are also the ethical considerations that accompany these developments. And as AI will increasingly permeate decision-making, questions of bias, transparency and accountability will arise. Ethics in the use of technology will define the next decade.

– What will be the focus of the ISACA 2024 Europe Conference in Dublin this October?

During the three-day ISACA event in Dublin, international experts will discuss current technology trends and the future of key business issues such as artificial intelligence and data privacy. Keynote speakers will include AI expert and business strategist Elin Hauge, who will share her insights on the impact of AI on business, and Amy Brann, founder of Synaptic Potential, who will talk about applying neuroscience principles to build strong teams.

However, there will be many more keynotes, panel discussions and spaces to talk and share ideas about best practices and the future role of digital trust and cybersecurity. Today, and in the future, these areas are more important than ever due to the unstoppable development of technology.