The ongoing evolution of the cybersecurity landscape and threat complexity has initiated an arms race between security teams and cyber criminals. As well as scrambling to keep up with new and developing threats, organizations are seeing their talent exfiltrated by recruiters at an alarming rate. The cybersecurity talent pool is short nearly 500,000 people in the United States alone, and over 4 million people worldwide. As the force behind the technology, your people are your most important asset, so ensure that you prepare and defend against talent exfiltration by taking the right steps towards a nurturing, human-first workplace.

The average tenure of a CISO is just 26 months, with many cybersecurity professionals moving roles even more frequently. The reason behind such erratic and frequent job changes is clear; cybersecurity work environments are often negative spaces:

Cybersecurity recruiters understand these challenges, meaning they can easily guide your talent towards new, hot jobs by listening to the marketplace and the professionals in their network, paying close attention to high turnover and stagnating profiles on LinkedIn.

Staying ahead of talent exfiltration means creating a nurturing, inspiring work environment for your cybersecurity team, and taking the right steps to improve work-life balance.

Here are 5 steps towards achieving this:

1. Start with your retention plan

If you’re looking to hire, focus on your retention plan first. If a lot of your employees are leaving, look at what you’re not offering them and the reasons why. Good retention is a key part of your employer brand, showing new hires and existing staff that you care about their career progression and personal needs.

2. A human-first approach
As humans, we all want to be treated kindly, feel safe in our jobs, and, of course, make money. Managing others means caring for and seeing them as more than just their job title. It’s also important to have a good understanding of your employee’s roles and responsibilities, at both a task and project level, in order to identify further requirements.

3. Take security seriously 

People may leave your team for a variety of reasons, and it’s not always your fault, but sitting back and waiting for roles to be filled means you’ll lose more. Leaving open roles unfilled is a sign that you’re not willing to invest in security and therefore don’t see its value. When you don’t invest in resources to find the best professionals, you send a clear message to the rest of your team that you don’t care about their work

4. Monitor and invest in your employees

Make sure that you’re equipped to monitor how your employees are feeling and performing on a regular basis. It’s important to continually invest in training and support based on how your teams progress.

5. Employ the right resources

Working with a talent agency that understands the pressure of the cybersecurity industry and the requirements you have is key to hiring the best candidates and preventing talent exfiltration.

At CyberSN, our expertise in the cybersecurity industry and talent matching helps you build your teams faster, stronger, and to last, understanding not just what roles you’re hiring, but why. We believe that cybersecurity professionals should love their job, so we strive to match our candidates’ passions with the right opportunities. CyberSN are more than just HR; we help attract the most diverse, interested and qualified candidates, quickly filling your jobs with candidates that will succeed and be retained.

With more employees working from home than ever, companies must be vigilant to protect themselves from evolving cybersecurity threats. Your cybersecurity team has likely been hard at work maintaining privacy and safeguarding the enterprise, even as shifts in the workforce present new challenges. But as most cyber professionals know, a major hurdle in risk management is making sure the entire organization values security and is doing all it can to protect the company’s reputation and assets.

Revisit People and Processes

The key to communicating the importance of cybersecurity within a company is to use the established means of communication. Work with the point person for internal communications to emphasize the importance of cybersecurity awareness and encourage compliance through regular reminders. Determine together the best means to disseminate and consume this information company-wide, whether it’s through an e-newsletter each week or a special awareness campaign.

These regular cybersecurity updates should cover the company’s security practices, which can include:

All companies want to protect themselves from cybersecurity threats and data breaches. Communicating the importance of maintaining security practices will go a long way in creating a security-focused culture.

Stay Vigilant Against Phishing Attacks

Phishing continues to be the top entry point of data breach and compromise. The Verizon 2019 Data Breach Investigations Report confirms phishing as the top threat and that cyber attacks are successfully executed with information stolen from employees who unwittingly give away their login and access credentials.

The ideal cybersecurity strategy uses tools and practices that aim to prevent attacks against all systems and people. Cyber solutions, including security products and the people behind them, can only take security so far and ultimately fail. Regardless of the budget a company spends on cybersecurity or the number of products it employs, the actions of a single person can impact the organization. Awareness campaigns arm people with the skills and, hopefully, the skepticism to avoid common cyber threats, supplementing the technical controls put in place by cyber teams.

Extensive working from home only adds to the problem. The environment is target rich for phishing opportunities. People are working in a more casual environment using unfamiliar tools. Emails and alerts prompting users to reset a password or click on a link about a COVID-19 update can fool even cautious employees during this time.

The most immediate step cyber teams can take is to revisit remote access security practices and make sure employees are aware of the increased threat from phishing scams due to the coronavirus outbreak.

Prevent Cyber Staff Burnout

Infosec and cybersecurity teams have been putting out fires and given additional responsibilities for weeks as companies rapidly shift to this new work environment. While cybersecurity professionals often thrive in high-pressure situations, weeks of long hours and growing stress levels can take its toll on morale.

Security managers should continue to advocate for their team; push for the funding you need to give them the right tools and full staffing levels. Check in with your staff to gauge stress levels and create ways to address burnout, whether that be more time off or more staff to spread out the workload.

Cybersecurity is one area of business that’s often a victim of its own success—when you’re doing your job well, no one knows you exist. This can also make advocating for more resources difficult. Cybersecurity attacks cost businesses large and small not only financially, but target their reputation and put them at risk of failing, according to the business strategy firm Accenture. Investment in cybersecurity now, even when budgets are shrinking, will pay off in the long run.

Communicate to Battle Cyber Threats

Information security departments can sometimes take security measures for granted. It’s easy to forget that employees may not use 2FA unless prompted to, or have been recycling the same three passwords for years. By using the internal communication systems to better educate employees of emerging threats, enhancing security practices to increase your cyber resilience, and taking care of your cyber staff to avoid burnout, you will better protect your company’s assets and help contribute to the long-term growth of the company.