This article is part of a series where we are discussing your role as an organizational leader in the cyberwar that has been all over the news on regular basis lately. I started with a frank discussion on whose side you might actually be on when you don’t protect your organization’s network. In the second article we discussed creating a culture of security and the third article was all about strategy. This is the fourth and final article in this series and we are discussing resources for your security team and organization.
In order for your security team to be on the front line of this cyberwar, defending your network and your data, they need to have the best resources available in order to defend against the many threat actors attacking organizations like yours every day.
One of the biggest challenges in this war we defend against in cyberspace is that it is always changing. The adversaries continue to get better and change their strategies, and if we don’t arm our people with knowledge and skills we will continue to be on the losing side. Depending on your industry that could result in a loss of data, intellectual property, or national security secrets, and could literally be a question of life or death for those in the healthcare industry.
New technologies emerge at lightening speed, which provide hackers new ways to launch their cyber attacks that we need to keep up with. Every time a new application is deployed, a new line of code is written, or a new Internet of Things (IoT) device is connected to the network, we invite the bad guy in. Not because we are asking to be attacked, but because they know how to use our technologies against us for their gain.
Let’s look at the three categories of resources and the key factors they address to win this never ending cyberfight waged against us on a daily basis.
Have you created your cyber team with the best offensive and defensive players? Like sports and traditional war, you have to have the best players or soldiers to win in a cyberwar. Not only does that mean that you have the right people in the right roles; it also means you have trained them and continue to train them. This applies to your internal employees and any third parties that work on-site or off-site to help secure your organization’s cyberspace and data.
Security personnel are in a constant state of adversity, trying to keep up with new technologies and threat actors. They almost never hear “job well done.” Often your security team is only recognized when something goes wrong, but not for the success of stopping a breach, which is their job every day. Other employees are recognized for a job well done, for doing their job well, but the security team is often overlooked since their success is typically invisible.
People want to be recognized for what they do and often the security professional goes without such recognition most of their career. You want to help your team avoid burnout and apathy, this is going to be one of the key ways you can do that.
Time is most definitely a resource and if you have ever said “I don’t have time for that” you know what I’m talking about. I’ve seen it myself, too many times, good people leave due to overwhelm and exhaustion.
This is a team of highly specialized people where you can’t afford high turnover. Not only because turnover is expensive in and of itself, but because these individuals have such specific knowledge that when they leave the time it takes a new employee to catch up is dangerous. In the time spent ramping up, they can easily miss what their predecessor would have seen. While you can’t avoid all turnover, it will happen, you can reduce the amount of turnover by understanding how much your team can actually do and providing additional resources like contractors, third parties, and tools where needed.
Whether you hire more staff or outsource, you must remember that time is a resource that cannot be changed and security is a role that cannot be given to just anyone or ignored due to budget constraints.
Every good mechanic needs a set of tools and the same is true for your security team. The problem often becomes which tools to use within your security team since there are so many and the tools can be very noisy. Noisy being all the alerts they can generate if not configured (or tuned) properly.
The best way to ensure you are getting the right tools for your team is to include your frontline defenders in the vetting process for new tools. Who knows better what you need, the person doing the work day in and day out or their manager or the executive team? You want what’s best for your security team so ensure the users are part of the decision making process.
It is often good to include a vendor-neutral security consultant who can ask questions of the vendor that you and your team may not have thought about and do it with complete objectivity.
- What is the tool truly capable of?
- Does your team already have a tool that can do something similar they are not fully utilizing?
- Does the new tool integrate with the current infrastructure?
- What alerts will it generate?
- How hard is it to configure?
- And often missed but extremely important, will you need a support contract or consulting contract from the vendor just to make it work?
With the right team doing the amount of work that makes sense with the right tools, you are setting your organization up for success in the fight against cyber attacks. If you have not given this issue much thought or deep thought before, that’s okay;, you’re not alone in that. It’s time to get started and the sooner the better because as we continue to see there are more and more breaches, attacks, and threat actors in cyberspace than ever before. As we continue to put more in the cloud, connect more devices, and have a larger remote workforce, this becomes more and more part of your everyday operational concern just like keeping the lights on and the water running.
If you want to discuss any of these resource concerns with a vendor-neutral consultant email firstname.lastname@example.org to start discussing the resource questions you have now. Sharon provides virtual Chief Information Security Officer (vCISO) and advisory services, consults with clients on security strategies, writes policies, and helps organizations of all sizes become and maintain security and compliance.