Building the right Cyber Security team structure
Implementing the right cyber security team structure is crucial to managing the two essentials of business: risk, and cost. The arrival of technology and the emergence of the Fourth Industrial Revolution (4IR) has enabled cybercrime to increase – fundamentally altering how organisations must enhance security measures. Managing risk now means managing cyber risk, which comes at a cost.
In the age of digitisation, protection utilising traditional IT security measures is not enough as threats are no longer just limited to a few devices. Enterprise networks are interconnected, with several endpoints. Any threat or attack on a company has a significant effect on business performance, making security a bigger organisational issue, requiring more than the expertise of an IT department.
Cyber Security is arguably much more than an IT function. Cyber Security staff exist in a specialist space of their own, that involves depth of knowledge and layers of diversity. Cyber crime has grown so much in complexity that it is now truly the domain of multiple specialists.
What roles must exist within your Cyber Security team structure?
A Cyber Security team needs to think like an anti-crime unit. Team members must have a holistic understanding of the latest techniques used by hackers, and the motivations behind them. Cyber Security team members also require a deep appreciation of business. They need to think critically and possess knowledge of where the flaws might be within a business’s networks, applications, or even people – while continually challenging their understanding.
Operational Cyber Security decisions need to be made swiftly, but still must be based on information and data. Strategic decisions involving cyber security can affect the risk profile of a company for years into the future, requiring a completely different pattern of thinking to operational decisions.
Given the complex and different tasks that fit under the umbrella of Cyber Security, how should you structure your Cyber Security team?
A Cyber Security team must include the following roles:
Security Incident Manager
A Security Incident Manager controls incidents in real-time, with a 360-degree view of all security issues within the IT infrastructure. Many businesses operate 24x7x365 – and these businesses need 24-hour monitoring to ensure that there is no breach, or impact on users, at any time. Security Incident Managers usually depend on their security team, situated in a Security Operations Centre (SOC), to conduct continuous monitoring and analysis.
A penetration tester – also known as an ‘ethical hacker’ or a ‘white hat’ – is an expert who finds and exploits vulnerabilities in a computer system. The simulated process identifies an organisation’s weak spots as well as the areas that developers may have missed. It is ideal to do a penetration test just before putting a system into production, then further testing not less than once a year. For environments which are continually changing, penetration tests may be required more frequently – twice yearly, or even quarterly.
A penetration tester is normally not a full-time member of a team, but if organisations rush to get a return on investment while negating this vital part of Cyber Security, the risk of being hacked by a cybercriminal increases drastically.
Cyber Risk and Compliance Specialist
Cyber risk and compliance specialists ensure organisations remain up to date on all regulatory and licensing requirements per company, state, and federal regulations. Risk and compliance roles have traditionally sat in the Chief Financial Officer’s portfolio, whereas Cyber Security roles are often created with a Chief Information Officer’s organisation – meaning the Cyber Risk role often straddles two very different business units.
Businesses in Australia specifically must be compliant with:
- Notifiable Data Breaches Scheme
- PCI DSS (if utilising credit card payments or dealing with information related to card payments)
- APRA CPS 234 Standard (if your business forms part of the entities regulated by APRA)
…and other standards may apply if dealing with high-risk Government departments such as Defence.
Cyber Security Strategist
The Cyber Security strategist is responsible for defining the strategic roadmap for Cyber Security by interfacing with core business functions and technology teams. The strategist identifies future state security capabilities and considers strategic risk areas of the organisation while ensuring every significant business and technology decision includes sound Cyber Security thinking.=
This role cannot be done by a technology professional with technology training alone. It is the realm of MBA-qualified executives or consultants, with years of business experience, who understand both the Cyber world and the business world.
Outsourcing versus in-house teams
Which Cyber Security roles should you outsource, and which should you keep in-house?
In-house IT professionals spend most of their time managing their network and driving new solutions for the business, leaving very little time for security – which requires its own set of niche skills.
In-house Cyber Security teams require skilled people with specialised processes and tools to execute them. Few businesses have the internal staff component necessary to manage such a comprehensive Cyber Security programme, nor the capital. Some of the roles listed above – such as Security Incident Managers and Penetration Testers – are highly specialised and command very high salaries, making them challenging to retain once hired.
Cyber Security team members need to have clear lines of communication to key business executives, with standardised ways of presenting data. They need access to business support applications, analysis tools, data repositories, analysts and more. Moreover, with the continuous disruption of emerging technologies, cyber criminals never rest. Organisations need to ensure that an in-house Cyber Security specialist is provided with on-going training to keep at the forefront of new developments. One must take the cost of training into consideration and budget accordingly for this necessary expense.
Achieving Cyber Security with an internal team while maintaining costs is nearly impossible for most organisations. An outsourced, managed solution then becomes an obvious consideration.
Outsourcing your cyber security resources and leadership affords you a service provider that specialises in understanding your business and lowering its risk. There is no need to worry about hiring, retaining, and training specialist staff. Results are then delivered faster than any in-house effort as help is available at any time. Additionally, the costs of an outsourced service provider, although variable, is significantly lower than the price of hiring in-house experts.
The Cyber Security team structure of the future
Virtual teams will become the Cyber Security system of the future. Keeping up with the pace of security changes for many businesses is a struggle and, in most cases, they don’t have the budget to employ in-house security expertise. As a result, virtual security teams, with retainer-based professionals and specialised knowledge, becomes the only viable option. It makes business sense to have managed Cyber Security services to keep data safe and in turn, control day-to-day security.
At Stickman, our Cyber Security. Managed service provides our customers with a crack team of security professionals, who look after the Cyber Security of your business, 24x7x365. Contact us today to learn more about how we help our clients reduce both their costs and their risk.