Recommendation #5: Make Adjustments to Teams
Security staffing continues to be a challenge. Fifty-seven percent of over 2,000 cybersecurity professionals surveyed by ISACA for the "State of Cybersecurity 2020" report found 57% have unfilled positions, and 62% said their security teams are understaffed.
Budget constraints certainly won't make this situation better, so it is a good time for CISOs to readjust teams to reflect skills that are essential now. As network infrastructure takes on a more hybrid state with the move to cloud, SkyBox Security's Cohen said it is critical to flesh out teams to include members who understand how these environments intersect.
"As companies move deeper into initiatives such as digital transformation, they need to also ensure they're transforming their security teams, bringing on new members with diverse skill sets or ensuring current teams continue their education for this new technological wave," he says.
And because it is often so hard to bring in new talent, it's worth evaluating existing team members and offering them opportunities to train and learn the skills needed now.
"Look to upskill team members from reactive, hardware, and operations-based positions to forward-looking proactive software and analytics positions focused on big data analytics, data science, and proactive investigation of potential new threats," advises Michael O'Malley, VP of strategy at Radware.
Recommendation #6: Automate Wherever Possible
Events that are common, repeatable, and do not typically require human interaction are targets for automation, says IronNet Cybersecurity's Swearingen, who advises security managers to look for other manual tasks where technology can take over.
"Events that should rarely happen are a high target for automation," he says. "For example, alert the security team if a domain administrator user is added."
Recent research from the SANS Institute found adoption of automation technologies increased 12% year-on-year, but Hausman says some security teams are still very far behind and can benefits from investments in this area.
"There's a shocking amount of manual work in security, and it isn't the exhilarating, 'Sherlock Holmes' investigative work," Hausman says. "Look for people still using spreadsheets, for starters. Most companies target the volume drivers for their security team: phishing, malware, vulnerability management, and access management. They automate enrichment, scoring, assignment, and remediation handoffs."