Preparing a cybersecurity team for the never-ending onslaught of cyber threats takes a lot of work. Organizations that get it right make the appropriate technology investments, recruit qualified candidates, and clearly define their roles once they are onboarded.
(ISC)2’s Building a Resilient Cybersecurity Culture study provides valuable insights about building and retaining an effective cybersecurity team. It all starts with a commitment from the top. When the CEO and board of directors are serious about protecting the organization and its people from cyber-attacks, the team is emboldened to do its job.
Companies with a strong cybersecurity culture invest in both people and technology. For instance, 62% of study participants cited technology investment as an effective tactic to build a cybersecurity team. This was followed by “offering training and certification opportunities to employees” (57%) and “cross-training on cybersecurity skills and responsibilities” (55%).
Other tactics respondents deemed effective included:
- Clear, consistent performance evaluation (50%)
- Attracting talent with a good salary and benefits (48%)
- Clarifying each team member’s roles and responsibilities (48%)
- Promoting team members from within (46%)
- Listening to team members and implementing their recommendations (44%)
These organizations know where to find qualified candidates. For instance, 50% hire cybersecurity pros from government agencies, where they typically receive good training and gain valuable experience.
The work of a cybersecurity team never stops. The threat landscape is always evolving, forcing cybersecurity professionals to learn new tactics used by attackers and get a handle on evolving risks. In addition, team members must be well-versed in their organization’s technologies and processes.
For these reasons, cybersecurity workers require ongoing training. What you learned last year may no longer be enough to protect the company today. Employers don’t always understand this axiom, and sometimes pay for it when the company suffers an attack.
Companies with strong cybersecurity track records, on the other hand, realize the need for ongoing education. In addition, as the study found, they are not afraid to promote team members from within when the opportunity arises – an effective way to retain experienced employees.
They also take care to cross-train employees on cybersecurity, essentially giving everyone a role in protecting the company. This is another aspect organizations sometimes do not handle properly, failing to recognize any employee can cause a cyber-attack unintentionally simply by clicking an infected attachment or URL.
How Safe Are You?
No business today can operate safely without a commitment to cybersecurity. As Building a Resilient Cybersecurity Culture study reveals, how safe you are really depends on the level of commitment you make to your cybersecurity team.