Last year was full of relentless ransomware attacks, state-sponsored hacking campaigns, and wave after wave of data breaches. On top of direct attacks, security teams face a complicated geopolitical environment and rapidly changing workplace requirements as the COVID-19 pandemic continues. Meanwhile, they have to protect an expanding and shifting attack surface of operational technology (OT), IoT, mobile, cloud, and internet-enabled devices around the globe in addition to managing the accelerated digital transformation and continued erosion of the corporate security perimeter.
2020 showed us that security threats are changing by the day, and all of this is occurring amid a labor shortage. Considering the continuously evolving threat landscape, what is the state of the cybersecurity industry today, and what will it be in the future?
LogRhythm recently partnered with Dimensional Research to conduct a global survey of more than 300 security professionals and executives. The results revealed that 75% of security teams have more work stress than they did just two years ago. When it comes down to it, the challenges security professionals find most problematic are not all that complex. Here are four aspects companies must consider to set up their security teams for success in 2021.
CSOs often lack executive involvement and support in their cybersecurity strategies, which means they are often left without the necessary guidance, tools, or budget to do their jobs effectively.
Gaining buy-in also guarantees security teams are effectively communicating the value they provide to the C-suite. Reaching this point of mutual understanding is crucial for two reasons. First and foremost, it helps guarantee the security program will run effectively. Achieving alignment with the executive team and board ensures a continuous understanding between the security program and the business. The mutual interests of the business are core to any successful security program, so this is extremely important. Second, it helps flag potential areas of tension that may be felt by other employees within the company and lays the groundwork for effective communication from top to bottom, allowing for a more straightforward execution.
The Right People
Security teams face a difficult job as the threat landscape continues to expand, along with their responsibilities. Offering competitive pay, balancing the amount of responsibility with the role, investing in professional growth and development (training, promotions, personal brand support, etc.), and defining the value of the security team’s contributions to the overall business is important.
As the cybersecurity skills gap widens, finding and retaining the strongest talent is getting more challenging, which is why investment in these roles must start at the top. Candidates know that alignment (or lack thereof) will ultimately make or break a company’s security program.
Additionally, other perks, such as company-paid health care, 401(k) match contributions, and flexible time off can also make a position stand out. Many of these factors are often overlooked or downplayed, but it could be the deciding factor for some of the industry’s top talent.
After aligning with the executive team, the next step is getting program buy-in from every employee. Everyone needs to understand their roles in safeguarding company assets. This means security teams must have the resources to implement meaningful employee education resources that outline security best practices for avoiding cyberrisks.
Every person who can access an organization’s physical facilities and digital systems is a potential risk and must be taught how to avoid falling victim to a cyberattack. Being given the resources to proactively educate staff on the most prevalent risks will ultimately make things easier for security teams.
Tools for Success
When it comes to security tools, teams are facing two seemingly opposing challenges simultaneously: known solution gaps and unplanned overlaps. Many security teams lack the tools to detect known security threats, which puts them in a reactive posture versus a proactive one. Managing disparate, overlapping tools also harms productivity, which is why solution consolidation is badly needed in many organizations to lower costs and improve security posture. When redundancies are removed, security teams can spend less time on maintenance and focus on faster issue detection, identification, and resolution.
Overly stressed security professionals present a significant risk for companies, especially as cybercriminals continue to find new ways to take advantage of the continued need for remote work. This year, there needs to be a complete shift in the way companies view their security teams — it must start at the top with the executive team providing strategic guidance, proper budgetary funding, and the tools needed for success.