All managers understand that both recruiting top talent as well as crafting a winning team and company culture is crucial to high performance. However, 22% of security decision makers note their team being understaffed as one of their biggest security challenges. A further 20% list the unavailability of employees with the right skills as one of their biggest security challenges. Given the prevalence of these challenges, how should security managers go about building an effective team? This month, the research of the security and risk team addresses some of these challenges and provides ideas on how to improve security culture.

  • New technologies that change the way we automate and source data will be disruptive for the day-to-day jobs of security practitioners. Learn more about truly disruptive security technologies in Amy DeMartine’s new report, “The Top Security Technology Trends To Watch, 2019.” The security and risk team used a six-criterion methodology to judge the potential influence of new security technologies. As two of the six criteria were customer experience and employee experience, truly disruptive technologies will contribute to a positive employee experience.
  • Whistleblowers are an essential safety valve in ethical corporate culture. They provide a mechanism for healthy corporate governance by exposing fraud and corruption and, more recently, revealing abusive practices, sexual harassment, discrimination, and privacy issues. But today, they’re imperiled by workplace digitalization that shreds their anonymity and evolving regulations that fall short of legal protection from retaliation. For more information, read Alla Valente’s new report, “Protect Whistleblowers For Business Success.”
  • Cyber ranges are emerging as a key tool for training employees on security practices in an intelligent and realistic way. Cyber ranges use a simulated breach environment to prepare your workforce for the stress, panic, and communication barriers they will face during a real cyberattack. In an inevitable cyberattack, how your firm responds will be the difference between permanent brand damage and costly, but short-term, disruption. See Claire O’Malley and Jeff Pollard’s most recent report, “New Tech: Cyber Ranges, Q3 2019.”
  • Third-party vendors are increasingly fatigued by security assessment questionnaires. While not completely replacing questionnaires, cybersecurity risk rating solutions can complement and strengthen the third-party risk management process without additional fatigue for third parties. To better understand the limitations of these rating solutions as well as to learn how to effectively integrate ratings into your third-party risk management program, see Paul McKay and Trevor Lyness’ report, “Cybersecurity Risk Ratings Enhance Third-Party Risk Management.”
  • Data security and privacy is crucial to protect sensitive data, meet compliance, and continue to mature practices for data security and privacy. Companies must adopt a whole toolbox of these technologies for sufficient protection and to meet requirements. Heidi Shey and Enza Iannopollo help sift through the confusion by evaluating 20 key technologies that support data security and privacy. For more information, see their latest report, “The Forrester Tech Tide™: Data Security And Privacy, Q3 2019.”
  • Every day, we hear news stories, speeches, and vendor pitches that lament our acute cybersecurity talent shortage, one that will take years to address. However, the shortage is largely self-inflicted, which means CISOs can tackle it quickly by changing the ways they recruit, train, and retain people. This report dissects the myths, misconceptions, and half-truths within cybersecurity staffing and explains a more effective way for security and risk pros to build a complete, qualified security team. Read the newest report from Jeff Pollard, Chase Cunningham, and Joseph Blankenship, “Reverse Cybersecurity’s Self-Inflicted Staffing Shortage.”

(Written with Elsa Pikulik, senior research associate at Forrester)