The psychology of building a resilient cybersecurity team

Cyber resilience has been a high-profile issue across industries, especially since the pandemic. As organizations were forced to adopt hybrid working, they had to reconsider infrastructural configuration. Facilitating remote working meant that businesses needed to consider a plethora of new endpoint devices connecting to the enterprise network. This increasing digital landscape is creating a wide range of complexities for businesses around network management and device visibility.

The ever-evolving IT estate is only a part of the cyber-security team’s challenges. It is almost impossible to 'solve' the complexity it brings with it because the requirements of dealing with and handling the technology keep changing. The security team's preparedness, ability to work under pressure, and people skills will determine how resilient an organization is, and how well it can detect, defend, and respond to a new or emerging attack. It is therefore vital to give teams the capabilities they need adapt to the ever-changing threat landscape. security teams.

Why is developing a resilient cybersecurity team important?

Building resilience in a cyber security team is crucial as it can help mitigate the impacts of a cyber-attack. The effects of these attacks can be economic, societal, financial, and psychological; the impact can harm the people responsible for protecting an organization. Suffering this type of damage increases risk and reduces resilience.

Teams need to understand that resilience is not an inherent personality trait but something that individuals or groups can learn. The effect of building resilience skills within a cyber security team can be the different between a successful security strategy and increased risk.

To strengthen relationships between team members, they need to exercise together regularly and rehearse crises. Defensive and offensive cyber security teams must practice their skills in complicated scenarios resembling their day-to-day work encounters. This will help them put their best foot forward if real-life incidents occur.

Practicing their skills and keeping a note of the team's performance will help cyber security teams in the long run. The data captured from these exercises can help identify and rectify the team's knowledge gaps. Teams can then work on honing their skills and tracking their progress to prepare them for real-life threats.

This data will also ensure that the team is abreast with attackers, which will help strengthen the organization's overall cyber resilience.

Key pillars of resilience

There are four components of resilience that every workplace needs to have:

1. Confidence -- Teams need to have confidence in their skills, techniques, knowledge, and judgement. They must believe they can make the right decision for their organization's well-being.
2. Adaptability -- Adaptability is a key component for building resilience. To develop the agile thinking skills that are needed for the job, the security teams must consciously carry out regular exercises. This will help them reflect on the decisions they have previously made and understand if they should apply or update their techniques if an actual incident takes place.
3. Purposefulness -- Each security team member must have a certain amount of self-awareness to positively adapt, learn, and grow from their previous experiences. They should have a good understanding of why they are doing the training and the benefits they will achieve. This will help the teams move toward their goals with a sense of purposefulness.
4. Social support -- For a team to develop a greater bond, building trust and having social support is essential. It is paramount that these relations are not tested under pressure and that they are gradually built through rehearsals. The difficult conversations need to be saved for times when the environment is calm. The team must recognize the importance of the individual differences within the group because a diverse pool of skills, knowledge, and judgements brings well-rounded solutions. By carrying out new techniques, the team gains a depth of understanding, which encourages creative solutions.

Understanding how to implement the learnings into the daily lives of security teams is essential. The knowledge of what makes the team better will only be helpful if it is brought into practice.

Resilience in practice

Threat actors constantly use creative ways to carry out their attacks. They hope that their target lacks resilience and will crumble under the stress and panic caused by an attack. Hence, organizations need to improve and continuously work on how they respond to cyber-attacks. The training isn't enough; the teams need to upskill their capabilities through sessions that simulate  real-life, high-stress scenarios.

Resilience is not a trait; it is built through continuous development and exercise. A security team can achieve a lot by working together to build resilience. Studies on resilience are not theory-based but evidence-based, proving that building resilience is essential.

Research carried out by the University of Manchester proves that resilience training is beneficial for workers. The benefits of this training include mental well-being, such as reduced stress, anxiety, and depression, and an increase in the team's confidence. This confidence positively impacts their ability to cope with stressful situations.

An organization must also be able to prove its security team's capabilities by measuring and setting a goal for the team against industry peers. This will help identify gaps in knowledge and upskill, which builds confidence. The organization must support the teams to develop the skills needed to defend and mitigate risk. This can be done by equipping the teams with access to scenarios that mirror the latest threats.

Building the resilience of cyber security teams is essential. To build people skills, adaptive expertise, and technical thinking, teams must go through regular exercises in a collaborative environment with real-world scenarios. It helps the teams to respond successfully to unexpected and unknown threats by building cognitive agility. People and groups need to be resilient because the system won't hold up if the people can’t.

Image Credit: putilich/depositphotos.com

Bec McKeown is Director of Human Sciences at Immersive Labs