Cybersecurity and Cyber Resilience
Who watches the watchers?
AI-enhanced tools are growing in number and sophistication at a breakneck pace. The landscape of cybersecurity and cyber resilience is in a constant state of change, and as automation becomes more prevalent, the importance of oversight increases. As threats intensify, however, innovative digital tools are also emerging, making our daily lives smoother and more secure.
Reading time 6 min
AI is filling the cybersecurity talent gap
The cybersecurity sector is facing a significant talent shortage, with a global gap of over four million skilled professionals. This glaring lack of experts is being addressed through technologies powered by generative AI and machine learning.
According to Gartner, about half of entry-level cybersecurity tasks will be shifted to AI by 2028. AI is also reshaping the recruitment landscape, as details like psychological aptitude, contextual insight, and other human-centric factors will weigh more heavily in hiring decisions alongside technical skills in the future. Estimates suggest that AI could reduce the number of cybersecurity breaches caused by human error by nearly half.
While AI will offer substantial assistance, it won’t be replacing humans. The roles of cybersecurity professionals are diversifying, as operational tasks being partially assigned to AI will free up resources for strategic work and process development. New jobs will also emerge as companies face a growing need for experts specialised in generative AI and machine learning.
Sources:
DNA’s Cybersecurity Report (in Finnish)
Gartner
Security Magazine
About half of entry-level cybersecurity tasks will be shifted to AI by 2028.
The cybersecurity ecosystem requires rapid renewal
In July 2024, cybersecurity company CrowdStrike released an update for its widely used Falcon platform. This initiated a chain reaction that tested the cyber resilience of systems worldwide.
A bug embedded in the update's code caused countless information systems to crash with unprecedented speed and totality. Airports, banks, hospitals, and many other zones essential to national infrastructure were suddenly brought to their knees. When the dust settled, the losses amounted to billions, but even more alarming was how many critical systems had proven to be as vulnerable as Achilles' proverbial heel.
The CrowdStrike incident demonstrated that companies must approach cyber resilience as a broader framework. Rather than being solely within the IT department’s purview, it must be infused as a central part of sustainable business planning, ensuring that all business-critical areas remain secure.
Sources:
World Economic Forum
Forbes
Airports, banks, hospitals, and many other zones essential to national infrastructure were suddenly brought to their knees.
“Common sense is a huge part of information security” – cybersecurity lecturer Pia Satopää knows where room for improvement lies
AI-assisted information security attacks, deepfake scams, and the CrowdStrike case have made headlines in the field of cybersecurity. How do constantly changing and developing technologies affect cybersecurity, and where do we focus on information security? Pia Satopää, an experienced cybersecurity expert and lecturer, sheds light on the current situation in cybersecurity.
“Technologies used both in protection and attacks are developing at such a pace that even the newest information may quickly become outdated. The vulnerability of one service provider can, at worst, have a widespread impact on society, and this is particularly concerning at present,” begins Pia Satopää, lecturer in cybersecurity at Turku University of Applied Sciences.
Read more (reading time 4 min)
Such threats are called ecosystem-level threats. An ecosystem-level threat refers to a broader, comprehensive impact that targets the entire digital infrastructure and the networks of different actors – from health and safety to the electricity grid and clean water.
One success is enough for the attackers, but the defence must succeed every time.
A good and scary example of this is the CrowdStrike incident in 2024, where a faulty update to a cybersecurity company's software resulted in an estimated 8.5 million software crashes. The outage disrupted the operation of hospitals and airports, among other things.
“Such threats make us wonder if we have a sufficient understanding of the dependencies between different actors and systems and their management. Organisations should, therefore, consider whether they can recognise dependencies in, for example, supply chains. In the future, I would like to see more management of entire supply chains and threat-oriented risk management from all companies y, instead of point-based risk management,” says Satopää.
The NIS2 directive takes a broad position on this. The directive sets a new minimum level of responsibility for cybersecurity risks for operators, including subcontractors, and increases reporting obligations. In addition, companies must develop basic cyber hygiene practices and invest in cybersecurity training.
Cybersecurity should be part of every process
Satopää has considerable experience in the field of information security for several decades. He worked for the Finnish Defense Forces in several information security departments, most recently as head of information security. She gave up the title when Turku University of Applied Sciences contacted her and asked if she would be interested in building a cybersecurity master’s degree program – and she is still on that path.
“Often, personnel get talked about in a complicated manner about the technical details of information security, when it should be clearly stated what role each employee has in the organisation's information security chain”, explains Satopää.
When it comes to training future cyber professionals, Satopää sees it as important that they should be able to see a broader picture of the situation and form a comprehensive understanding of information security in various organisational functions.
“Nobody has the capacity sufficient to monitor every latest technical development. We can make various protection, contingency and continuity plans, but they can fall apart without regular practice and testing. The challenge of cyber and information security is to get out of their silo so that they are part of every project and process in daily operational activities. One success is enough for the attackers, but the defence must succeed every time.”
Satopää is concerned about the geopolitical situation and the threats that arise when attacks aim to affect states' critical infrastructure. There are constantly better deepfakes to manipulate people and making them is no longer difficult. They can cause instability in the security situation and directly influence politics.
“It would be extremely important to achieve stronger cooperation between different parties. We have learned a lot from Ukraine, for example. However, we need more information exchange between governmental bodies and the private sector, both nationally and internationally. A lot of work has been done for this for a long time.”
“Humans are the only common factor in information security”
Satopää is a firm advocate of human-centred information security. Technology is developing, and at the same time, it is becoming more and more difficult to access the target through technical protections. Therefore, one of the most effective ways to attack an organisation is through a person. We should focus on how to train employees in the field of cybersecurity.
Satopää sees artificial intelligence as an excellent tool for identifying and combating security threats, as it can tirelessly analyse deviations. She also dreams of using AI in the training of new cyber professionals, where an artificial intelligence-assisted training program would apply things that are currently on the surface. But what advice would she give each of us when it comes to information security?
“A significant part of information security is common sense: it's important to pause and think, and to dare to criticise and question sources. The greatest information security resource is people: every employee is a sensor that examines the environment, and this resource must be utilised. As one of my students said, humans are the only common factor in information security. A person is in every gap, whether it's software or a device – so a person should always be at the centre of information security.”
Deepfake technology is becoming more defined – but so are the tools tailored to detect deception
Hacker legend Kevin Mitnick often remarked that for skilled cybercriminals, social interaction is far more crucial than digital savvy. In this arena, the ability to mislead people outweighs the skill of system cracking. Rapidly evolving deepfake technology unfortunately provides highly effective tools for such deception.
Fake advertisements featuring public figures and politically questionable video clips are only the tip of the iceberg. In the future, deepfake technology will find its way closer to everyday work life. Hyper-realistic deepfakes imitate people so precisely that it will soon become nearly impossible to distinguish a real person from their digital counterpart. In such an instance, how can one know if a colleague or supervisor joining a Teams call is truly who they purport to be?
Fortunately, many companies are developing new applications and platforms to make deepfake detection easier. For example, Estonian Sentinel is developing AI-powered technology to help businesses, authorities, and governments identify deepfakes technology. The importance of being able to recognise fraudulently created media content will only increase in the future, as misusing this technology can impact sectors from cybersecurity all the way to geopolitics.
Sources:
MIT Technology Review
Forbes
Hyper-realistic deepfakes imitate people so precisely that it will soon become nearly impossible to distinguish a real person from their digital counterpart.
