We’re way past the point where companies can view cyber-security as a second-tier concern. In fact, any business with ambitions to last more than 2-3 years as a going concern should be placing digital threat mitigation at the top of its agenda.
The market for cybersecurity is expanding at around 15% per year, and it’s a multi-billion dollar sector. So plenty of companies are taking it seriously. However, even if they are making the required investments, this doesn’t mean that companies are getting the organizational aspects of cyber-security right – and that’s what we’re concerned with here.
It’s no use spending millions on software and consultants if corporate structures don’t ensure that key roles are in place, and that staff is trained to deal with common security threats. But what are those core roles, and how do they interact? Let’s look deeper, and try to map out a plan for matching responsibilities to job positions.
CEOs
Let’s start at the top. This isn’t just because CEOs need to pilot a company’s overall cyber-security strategy (although that’s vital). CEOs also need cyber-security awareness because they are often the primary targets for hackers.
Attacks known as “whaling” specifically focus on elite-level employees and – if possible – those at the very top. And it’s not hard to find ammunition to mount those assaults. CEOs tend to be highly visible online, where attackers can build convincing profiles of their targets, and come up with creative ways to fool them into handing over confidential data.
This might mean convincing CEOs to approve fake transactions (which can also lead to blackmail). And it’s big business. According to Forbes’ Dante Disparte, whaling attacks have yielded $12 billion since 2013. So if you think you’re at the top of the food chain, think again. It’s time for some phishing awareness training.
Chief Data Officers (CDOs)
After the CEO, the next most important cyber-security position in modern corporations may well be the Chief Data Officer. These officers are responsible for ensuring that data collection, storage, and usage across the organization is compliant with relevant laws, are used in a profitable way, and are properly protected against attacks.
According to Gartner, about two-thirds of Fortune 100 companies have a CDO, and that’s projected to rise to 90% within two years. It can’t come soon enough – for one very good reason
Data breaches are becoming the number one reputational threat to contemporary corporations, and CDOs are tasked with making them as hard to achieve as possible. 2019 saw some shocking breaches, from the 885 million First American Financial mortgage records released to 500 million Facebook user records hitting the Dark Web.
Customers hate when companies betray their trust, and as they become more digitally sophisticated, this kind of lax behavior simply won’t be tolerated. So if you haven’t already done so, bring an ace CDO on board as soon as you can.
Chief Information Security Officers (CISOs)
While CDOs are all about data, the Chief Information Security Officer (CISO) has a different set of tasks to worry about. CISOs are responsible for overseeing enterprise-wide security strategies, including the physical security of servers and digital devices, as well as online dangers.
If you want to make sure that your networks are free of Trojans or viruses transmitting sensitive data to competitors, that’s the role of the CISO. If you want to lock down points of sale that are linked to the Internet of Things, that’s also down to the CISO. This is a technical role – and it can be hard to find people who bridge the worlds of cybersec and management. But searching for the right person is worth the effort.
Security Analysts and Engineers
Moving down the corporate ladder, there’s no substitute for a lean, motivated, and highly-skilled team of information security analysts and network security engineers. These professionals are involved in the day-to-day cybersecurity grunt work – patching software, checking firewalls and routers, analyzing potential security breaches, and constantly testing IT assets to ensure that the dangers are minimized.
If you want to avoid catastrophic data breaches, denial of service attacks, ransomware attacks, and easy insider attacks, it’s vital to invest in these security warriors. Behind most data leaks, you’ll find underinvestment in positions that matter – security engineers leaving posts, posts going unfilled, job-shares making staff demotivated and less efficient.
Don’t go down that route. Build a security plan, and back that plan with the resources required. You won’t regret it.
Everyone Else!
OK, this is a cheap way to end a list of core roles, but it’s true. Every single employee in modern corporations has to be aware of their security responsibilities, and given the knowledge needed to minimize hazards. This means providing password training, being really clear about confidentiality, ensuring that remote workers have access to strong VPN protection, and refreshing staff competencies to keep track of who has been trained, and who needs a booster.
In the future, companies that thrive will be ones that create security cultures. These won’t be police states where workers are terrified of making mistakes. Instead, they will be organizations where staff feel competent and empowered to raise issues, request assistance, and improve their skills. So if you want to reduce your cyber-security risk to the bare minimum, planning how to foster that culture is essential.
Leave us your thoughts on the comment sections below. Head over to Jobstore.com and unveil your next job opportunity.