How to build an effective security team

In order to effectively tackle the plethora of threats, organisations need a dedicated cybersecurity resource. But how do they get it right?

By Jo Best

Wed 22 Aug 2018 @ 17:07

Constantly fending off DDoS, ransomware and other attacks is a reality of running a business today. As a result, companies of all sizes need dedicated security resources to tackle threats and manage risk. But how should organisations go about creating, or scaling, an effective security team? Here are some ideas to consider:

Act 24/7 even if you can't staff 24/7

Data breaches and cyberattacks happen around the clock, but only the very largest organisations are able to afford a security team that's available and able to respond to threats 24 hours a day. For most businesses, automation can help fill this gap: rather than hiring additional security staff, examine which processes can be automated, and allow employees to focus on the most business-critical threats.

Find the great communicators

It may be a cliché, but security is no longer just an IT issue, it's something that every employee in the company needs to be actively involved in. For that reason, when choosing your security personnel, look for people who can find ways to convey the importance of security protocols and best practice to every member of staff. Overly technical and badly written communications are likely to be filed and never read.

Work across the business

Similarly, businesses need to think of security as going beyond simply protecting IT resources. Instead, they need to make sure security-minded staff are part of product teams from the get-go, rather than drafted in just before a finished product is scheduled to go live. With agile methodologies embedded in a significant number of companies, businesses need to give more thought to how good security practices can be woven into the development lifecycle.

Balance architects vs builders

The security architect is the lynchpin of any new, growing or reimagined security team. The architect has the best all-round knowledge of how a company's security infrastructure functions, and is responsible for the design of its security operations centre and other vital work. While architects may be the rock stars of the security function, they should be able to rely on a number of highly-competent builders to turn their vision into reality.

Be prepared to be flexible

A security function is only as good as its personnel, so finding the best available candidates is a must. Companies need to find ways of broadening the pool of potential employees, whether that's by looking for part-time staff, offering flexible hours or remote working, or interviewing staff that may not come from traditional security backgrounds. Staff within the company who are keen networkers or who regularly attend security conferences and forums may also help to identify individuals outside the company who are looking for a new role.

Consider external resources

Not all security resource needs to be within a company's offices, however. If your business has a specific security problem that needs addressing only over the short term, or has a particularly niche issue that needs solving but can't find the skills locally, consider hiring freelancers or finding specialist agencies to help.

Ensure your suppliers are on the same page

In addition, companies need to think about where vulnerabilities outside of their own office may lie. For example, a law firm handling sensitive information about a large corporate merger may be targeted by criminals looking for valuable data, as bad actors may believe the lawyers' security is easier to break than the corporation's. Appoint a member of the security team to liaise with customers and suppliers to help foster a joined-up security strategy.

Ask if it's time for a CISO

As the penalties associated with data breaches and lax cybersecurity have increased post-GDPR, security has risen up the board's agenda. For larger companies, it may now be time to consider a dedicated function head who can help set and deliver IT security strategy, and liaise with the board on the security team's KPIs.