Cybersecurity is among the most prominent concerns for businesses in the 21st century. In the past, physical security was all a company needed. However, poor cybersecurity today could put a business' assets at risk without perpetrators even needing to perform a physical break-in.
Cybersecurity teams are a critical element in aiding enterprises in staying one step ahead of online criminals. The development and management of a strong cybersecurity team isn't an easy task either. To support companies that may need to build a cybersecurity team from scratch, 14 members of Forbes Technology Council offer their advice for making and maintaining a professional cybersecurity team to deal with potential threats to the business.
1. Keep Security Front And Center
Invest in a strong security culture by ensuring that the security team is visible and regularly spotlighted company-wide. If security is always on the agenda, it signals to everyone in the organization to be all in. The return on this investment is the retention of top talent because they are not only influential in the company, but also valued and respected throughout. - Christian Lund, Templafy
2. Focus On Building Up
There's huge untapped potential in junior level employees and workers coming from other disciplines who transitioned to security. Focus on ensuring that you have adequate onboarding programs and can challenge your employees by giving them responsibility and ownership over areas where they can see their direct impact. "Rockstar" hires will typically have narrow expertise and problematic culture. - Ian Amit, Cimpress
3. Craft Your ‘Why’
Crafting and evangelizing a strong "why" is the single most important attribute any team (cybersecurity or otherwise) can have. It’s the linchpin that will get that team through any endeavor regardless of magnitude because the team will have meaning and purpose to key in on and anchor onto. When properly woven into the team's fabric, the "why" elevates teams from good to great. - Yu Lee, Kasasa
4. Train And Educate Employees
We have a proprietary training program on cybersecurity, which is held as a part of newcomer onboarding and then repeated every 12 months. The training covers work with accounts, passwords, emails, websites, social networks, as well as PC and mobile device security. Employees check their comprehension via quizzes. We also hold project meetings on cybersecurity and play simulation games. - Alexey Makarov, Qulix Systems
5. Invest In Career Development
Investing in career development for your entire cyber team is critical. The threat environment moves fast and your team also needs to move quickly and stay current on the latest trends, tools and techniques. A solid career development plan will also help attract and retain the best cyber talent, who consider ongoing professional learning key to building their careers. - Paul Lipman, BullGuard
6. Make Sure Everyone Understands Their Value
What I’ve noticed in recent years is that the cybersecurity team has become a group that is there to protect an institution/company, and everyone must conform to their requests. However, that makes them a group that is not liked by the rest of the teams in IT at times. We need to educate everyone to ensure they understand the value cybersecurity brings. - Elaine Montilla, CUNY Graduate Center
7. Leverage Network Data And Analytics
The key to cybersecurity for any organization is leveraging network data and analytics to identify threats and vulnerabilities more quickly and accurately. This is because of the swift pace at which would-be hackers hack. Computers can simply analyze data faster than people, identifying anomalies that are potential security problems for IT staff. Artificial intelligence for IT operations (AIOps) is essential to solving this issue. - Abe Ankumah, Nyansa
8. Run Simulations
With cybersecurity, I like to gamify scenarios that might cause problems for our company. We must run simulations to make sure the cybersecurity team is on edge and up to date with the latest knowledge. Gamifying the simulation makes it fun rather than a trip hazard. This will keep the team strong, focused and ready for any potentially real situation at hand. - WaiJe Coler, InfoTracer
9. Create A ‘Yes’ Culture
The strongest cybersecurity team is made up of expertise and experience that consistently enables the business. Leadership's focus should be on building a flexible security framework that can be leveraged and adapted based on business needs and business risk. Approaching every interaction with other business leaders with the mindset of "Yes, and here's how" will set the team and the business apart. - Phil Alberta, IPM
10. Have A Leader And Mission
To get the best security talent, you need to have a strong leader and mission people want to follow. Reduce hiring friction and widen the net of potential talent by offering to allow people to work virtually or set up a security center of excellence in a location with lots of security talent. Overall, because of supply and demand, you have to be willing to pay more for top people. - Jason Clark, Netskope
11. Create And Maintain A Cyber Policy
It only takes one breach to cause irreparable harm to a company. To prevent or mitigate this, every company should create a cyber policy, update it consistently and share it with all members of the organization. A cyber policy includes things like guidelines and best practices for handling hardware, password controls, what to do in case of a breach and how to report it to the right person. - Marc Fischer, Dogtown Media LLC
12. Have A Management System
First and foremost, have a good information security management system with the approval of the management of the company. If you are just starting out, look at ISO 27001. If you want to improve your existing processes, make sure you are following the latest trends. Adjust your security systems in accordance with new threats and organizational changes in your company. - Ivailo Nikolov, SiteGround
13. Recognize The Problem And Your Constraints
Having served on international industry forums trying to solve the skill gap, my advice to businesses is for them to be honest with themselves. Not everyone is working on the “next big thing" and that is okay. If you cannot compete for candidates with compensation, compete with factors that cost little to you, but go far with your workforce, like offering flexible work schedules and remote work. - Michael Thiessmeier, Enjoy Technology
14. Partner With A Firm
A key strategy is to partner with a firm that can provide skilled security resources to react when needed. The right partner will be an extension of your team. They will relieve the pressure the team feels, and provide information sharing and training of internal resources. The essential position to keep internal is the security evangelist who can convey the vision, sell importance and gain buy-in. - Jeffrey Ton, InterVision
