Cybersecurity is gradually becoming more complex, which leads to an increase in responsibilities and, therefore, cybersecurity functions in organizations.
Recently, the European Union Cybersecurity Agency (ENISA) published a classification report, identifying 12 key cybersecurity roles.
In this article, we would like to review them and describe the main problems that each of the roles faces on a daily basis.
The role of Chief Information Security Officer (CISO) is one of the most recent. It appeared as a response to the digital transformation process, when the role of information security was transformed from supportive to guiding. By managing the organization’s cybersecurity strategy and its implementation within the company, the Chief Information Security Officer ensures information is shared both with external bodies and between internal teams, including the board of directors.
A cybersecurity strategy is unique to every company.. Creating a cybersecurity strategy is not just about reusing best practices from companies of a particular type, size, or vertical. First of all, this requires a clear understanding of the current cybersecurity situation within the company. Thus, assessing both the technical and non-technical components of security is vital for the Chief Information Security Officer. Depending on the scope and business goals of the organization, they may use NIST CSF, Italian National Cybersecurity Framework, ISO 27001, NERC CIP, and other recognized global and local cybersecurity standards to evaluate company security processes, policies, procedures, how they are formalized and applied in practice.
Set up security policies so that everyone in your organization understands them.. The number of policies does not guarantee their successful implementation. One of the tasks of the Chief Information Security Officer is to adjust security policies according to the reality and needs of his company, avoiding those that are not related to the company due to its organizational structure or size.
“Over the years, we have accumulated many policies that almost nobody was aware of or that many may never have read. Moreover, some of them were perhaps too complicated to understand and this undoubtedly led to some hiccups along the way“, commented Stefano Santucci, CIO at Ansaldo Energia, “This aspect should not be underestimated: policies should be written in simple terms and clear language, highlighting the most critical areas of the company, such as the security of the most sensitive data”.
Cyber Incident Responder
With cybersecurity incidents happening every 39 seconds, it is only a matter of time before a company gets hacked. Therefore, there must be someone within the organization who will process incidents, analyze, evaluate and limit their impact on the company’s environment. This is the person responsible for detecting and responding to cyber incidents, who also restores the organization’s systems to full operation after an incident and corrects policies so that the incident does not recur.
Prepare a cyber emergency plan in advance. When an incident occurs, every minute counts to minimize the financial, reputational, and operational impact of the incident on the organization. As with fires and other contingency plans, a cyber incident response plan must be developed in advance so that businesses can get back to work as soon as possible. This may sound like a lot, but an incident that occurred during the day or at night may require the participation of different people and the sequence of actions taken.
Regular testing of the incident response plan. Being responsible for security monitoring in the changing corporate environment, means that cyber incident responders need to evaluate and test the existing incident response plan in practice to ensure that it is up to date and effective.
Cyber Legal, Policy and Compliance Officer
As digital transformation advances, cybersecurity improves, resulting in various regulations that aim to keep data, assets and processes safe and secure for business, people and the environment. Compliance with these security standards is often mandatory and therefore requires support from a cybersecurity legal advisor, DPO, or similar position. This type of professional provides legal advice and ensures that the organization’s cybersecurity management policies and remedial strategies are consistent from both a legal and business standpoint.
Apply vertical compliance standards. While some of the IT cyber security compliance standards such as GDPR and ISO 27001 are well established, new regulations are emerging for industrial (OT) and automotive organizations. For example, UNECE R155-156, effective for all new vehicle models from July 2022, requires OEMs, their suppliers and aftermarket participants to test and address cybersecurity issues by implementing cybersecurity management systems and software updates. With only 30% of automotive suppliers having a well-established product cybersecurity program or team, the Cybersecurity Compliance Officer plays a key role in supporting them on their next steps towards success in the transforming automotive market.
Cyber Threat Intelligence Specialist
Cyberattacks often start with a click when someone opens a phishing link or downloads a malicious attachment. While most data breaches are due to the inattention of your colleagues, the other part is carefully thought out in advance. When cybercriminals are looking for sensitive data to exfiltrate, they can spend days or even weeks searching for information about their target using open source channels or the dark web. The Cyber Threat Analyst identifies and monitors their company’s digital footprint to mitigate existing security risks and detect early signs of attacks.
Assess threat actors, their TTPs and campaigns. Each threat actor uses a unique combination of Tactics, Techniques and Procedures (TTPs). These authentic attributes, well collected and updated in the MITRE ATT&CK global knowledge base, help to recognize adversaries even after years of silence. Understanding which threat actor a company is dealing with helps determine whether an organization is an end target or not, consider non-cyber events that may be part of a campaign, and determine the best defence strategy.
Useful reports to reduce risks. Once the cyber risks become clear, an action plan will be required to prevent further development of the attack. Cyber Threat Intelligence specialists are responsible for such a plan, which should include many aspects, including adjustments to security controls and procedures. Regular review of the plan is an important factor to ensure that mitigation measures remain relevant and sustainable.
The digital transformation and subsequent deployment of remote working models triggered by the pandemic has led to the use of a variety of digital systems for businesses. These include corporate and personal devices, cloud applications, services, IoT and other assets in IT and OT environments. Cybersecurity architects help ensure that all areas are protected at all times, and therefore effectively.
Security-by-design. Cybersecurity Architects develop and continually refine architectural models based on several principles. These include minimizing the potential attack surface, separating user roles within the organization and granting sufficient access rights, properly addressing emerging security issues while keeping security as simple as possible.
Ongoing architecture review. Every new application, technology, or organizational change affects the overall security architecture and therefore requires the cybersecurity architect to review the existing security architecture.
Unlike a Cyber Compliance Officer who deals with the legal aspects of cybersecurity, a Cybersecurity Auditor conducts security audits in practice. He makes interviews, assesses existing policies and procedures, and evaluates, tests, and verifies security products to ensure they meet regulatory requirements.
Map out the path to your desired level of security maturity. The security maturity of a company does not depend on its size, age, or the number of security technologies in use. Instead, it arises from understanding the current level of vulnerability through an analysis of the current security management model and its effectiveness. The Cybersecurity Auditor helps the CISO and the Compliance Auditor to identify and prioritize the organization’s security gaps as well as build an action plan to achieve the desired level of security maturity by planning and technically executing the audit steps.
Everyone in the organization, from the top manager to the administrator, uses digital applications, has access to the Internet, and works with data on a daily basis. This means that cybersecurity requires the participation of every employee in the company. Cybersecurity Educators raise the awareness of corporate users about cyber risks by helping them acquire the competencies necessary to behave safely in cyberspace.
Reach multiple audiences within the organization.Reach multiple audiences within the organization. Technicians, salespeople, accountants, marketers or top managers – all team members have different responsibilities, work contexts and digital experiences. The job of a Cybersecurity Educator is to tech people with different roles and entry levels to help them gain an understanding of security risks, useful skills and habits for securely using corporate assets and applications, handling sensitive data, and reporting suspicious activity.
Add realistic context and practice.Add realistic context and practice. To create an effective training program, Cybersecurity Educators need to make an effort. Realistic organizational structure, examples based on familiar interfaces, and real-life daily tasks and activities help you achieve learning outcomes faster. Regular simulations of phishing attacks, specifically created based on real malware samples targeted at a company, will keep users informed and improve their cybersecurity skills over time.
The “set it and forget it” principle no longer applies to cybersecurity technologies. Without proper tuning, they are at least not as effective as expected. Cybersecurity Implementers help integrate cybersecurity solutions into corporate infrastructure by deploying, testing and maintaining them, so they work correctly and bring maximum value to the business.
Keep the balance. Security solutions often work by allowing what is whitelisted and blocking what is blacklisted. One of the tasks of a Cybersecurity Implementer is to find a balance, to ensure reliable control, but not to slow down business processes.
Post-pandemic security review. The pandemic has disrupted corporate security in many ways. In an effort to ensure the execution of business processes by any means, companies have had to massively move to cloud applications and allow access to corporate assets from personal devices and home networks. In the post-COVID era, many companies are finding balance with a hybrid operating model based on the fact that the corporate perimeter with its strict access policies will not return. This requires Cybersecurity Implementers to significantly rethink the approach to security in their organizations, adapting to the new reality and user demands for greater flexibility.
Digitalization is transforming entire verticals, where innovative technologies help businesses stand out from the competition. Cybersecurity researchers promote cybersecurity innovation and work with multi-stakeholder groups to update enterprise IT, OT, and IoT environments.
Innovation on time. Why change something if cybersecurity measures have already been taken and there are no serious incidents? As cybercriminals are constantly improving their tools and methods, cybersecurity trends are rapidly changing. Instead of recklessly waiting until they are the victim of a cyberattack, cybersecurity researchers study trends and look for the most effective ways to increase the cyber resilience of their companies.
Security scouting. The cybersecurity approach of a telecommunications company or energy producer is different from that of a supermarket chain or a supplier of car charging stations. Business maturity and goals can also vary significantly. This means that a company’s security needs may be so authentic that there can be no off-the-shelf solution to meet those needs. Cybersecurity researchers look for suitable technologies and evaluate them to ensure that all improvements in enterprise ecosystems are cyber safe.
Cybersecurity Risk Manager
Cyber risks have increased and redistributed as the pandemic has accelerated the erosion of the corporate perimeter. Instead of protecting workstations and servers, which have been key entry points for cyberattacks for years, the focus has shifted to more granular control of access to data. This is just one example of what Cybersecurity Risk Managers are responsible for as they constantly identify, analyze, evaluate, prioritize and mitigate cybersecurity risks across corporate infrastructures, systems and services.
Prioritize risks and criticality of assets. When using several digital systems, it is almost impossible to provide the same protection for all of them. Thus, in addition to identifying and prioritizing security risks, Cybersecurity Risk Managers also prioritize the criticality of enterprise systems, choosing the most effective defence strategies.
From cyber protection to cyber resilience. The better IT and OT infrastructures are able to withstand any changes, modifications and stresses, including cyberattacks, and quickly return to a stable state, the more cyber resilient they are. Thus, evaluating security risks in terms of cyber resilience is one of the objectives of the Cybersecurity Risk Manager.
When cybersecurity incidents occur, companies must properly report and investigate them. For example, according to the GDPR, companies have only 3 days to do this. Digital Forensic Investigators uncover all digital evidence supporting malicious activity.
Catch me if you can.Companies often discover they have been cyber-attacked when it is too late – data stolen, machines encrypted, business processes and manufacturing processes defined. In many cases, cybercriminals do all this on weekends to cover their tracks and leave as little evidence as possible about the attack. This is why collecting quality data for analysis, reconstruction and interpretation of digital evidence is one of the biggest challenges for Forensic Investigators.
There is no need to wait for a real cyberattack to test how strong a company’s cybersecurity controls are. Penetration Testers assess their effectiveness by identifying cybersecurity vulnerabilities, evaluating their criticality and likelihood of exploitation.
Vertical experience. As critical infrastructures, industrial facilities and vehicles get connected, specific vertical skills are required from Penetration Testers. In addition to understanding the key difference between IT and OT cybersecurity, they need to be able to work with sensitive and safely-relevant environments.
Choosing the right modes and techniques. The ability to understand and therefore apply various penetration testing modes (such as black or white box), combining them with automatic and manual vulnerability testing, is another challenge that distinguishes an experienced Penetration Tester.
Smaller organizations often miss out on some key cybersecurity roles, having to combine them and perform multiple roles with fewer people. Not surprisingly, this is putting pressure on cybersecurity professionals, making stress and burnout the most significant personals risks relating to their roles.