Tip #26 for National Cybersecurity Awareness Month: Get the right expertise.
Executive-level cybersecurity resources are expensive and thrive in complex environments with continuous cybersecurity challenges.
Quite often in the mid-market, organizations don’t have the budget or the constant cybersecurity challenges to keep top-tier talent fully engaged.
Additionally, while many smaller organizations may have “an IT person,” they are usually busy managing the infrastructure and taking care of end-user issues and aren’t focused on proactive protection of the business, much less in possession of the capabilities to respond to a cybersecurity incident and prevent a breach or evict attackers.
That means you need access to experts to validate management’s representations and claims of cybersecurity effectiveness.
Steps you can take
Evaluate the current skill and knowledge level of your in-house team, and identify gaps.
- Establish executive responsibility for cybersecurity. It should be someone at a high level of responsibility within the organization and who will have ultimate accountability.
- If there is a board of directors, a committee — if not the general board — should have cybersecurity as a regular agenda topic.
- Identify independent expertise that the executives or board can engage for cybersecurity advice and expertise.
- Consider engaging expert consultants to fill critical roles, such as a virtual chief information security officer, so that you get access to necessary expertise and cyber risk management experience on a fractional basis.