Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementLogical SecuritySecurity & Business Resilience

Tactical strategies for strengthening the security profile

By Terry Jost, David Taylor
cyber security worker
January 20, 2022

Ransomware and cryptocurrency. The hybrid workplace. The cyber skills labor shortage. It’s all top of mind for CISOs, CEOs and board members concerned with these accelerating trends. The current ransomware phenomenon has leaders monitoring an evolving threat landscape as businesses and governments alike act to limit ransomware risk. The risks and the threat actors change, but the company’s primary goal remains the same: keep the business running. No one can afford an attack that shuts operations down for any length of time.

The availability of cryptocurrency — the mechanism for collecting most ransoms — has enabled and emboldened ransomware gangs. Meanwhile, leaders’ challenges with retaining skilled cybersecurity professionals compound risks and hinder resilience. What are the best ways to strengthen resilience and develop a broader security posture? Let’s take a closer look.

Cryptocurrency as ransom

While bad actors continue to steal data from small- and mid-tier businesses that lack a proper defense, better-funded targets can fend off most data breaches. Ransomware attacks, however, are on the rise for all organizations. They do more damage than breaches. Instead of merely stealing data, these attacks halt business operations, costing businesses lost revenue in addition to the ransom payment — creating more expenses as operations are restored.

Ransomware attacks are complex; attackers gain access to the environment and may remain there undetected for weeks or even months. They learn the locations of sensitive information and who the key employees are. Finally, they remove business critical data and then take over system operations to stall and extort the business.

We know that ransomware gangs, our modern-day bank robbers, are smart, highly skilled and well-funded. The total value of ransomware-related suspicious activity reports during the first six months of 2021 was $590 million: more than all of 2020, according to a financial trend analysis from the U.S. Department of the Treasury. So, it was encouraging to see the Treasury, in September of this year, announce it’s taking several actions to disrupt virtual currency exchanges responsible for laundering ransoms, while also improving cybersecurity within the private sector and increasing incident and ransomware payment reporting to U.S. government agencies — all as a way to thwart ransomware gangs.

Bridging the cyber talent shortage

By far, the most critical threat to businesses today is the cybersecurity talent shortage. Businesses struggle to retain the people who can identify risks and close gaps to prevent a ransomware attack. Remote and hybrid workplaces — while initially COVID-19-driven concerns — have now introduced other workforce challenges.

Disruption of the cybersecurity workforce is a significant source of risk that impedes an appropriate response to cybersecurity issues. Strategies to backfill and retain a full cybersecurity roster are central to maintaining a strong security posture. Now, at a time when businesses have reason to augment cybersecurity teams, even highly desirable employers are losing good people to competitors. As such, leaders are leveraging both new and proven approaches to keep their best cybersecurity professionals on board and backfill via other means.

These leaders are building stronger relationships with employees to convey appreciation, enhance performance and build loyalty. With remote workforces, relationship building requires greater creativity and intentionality, such as virtual happy hours, 1:1 in-person coffee meetings or regular virtual check-ins with staff. Professionals also value empowerment in their role. Providing assignments with well-defined objectives and sufficient resources to achieve them enable staff to operate independently, perform well and discourage them from looking for new jobs.

Leaders are also outsourcing routine functions like vulnerability scanning and augmenting internal security operations teams to specialists. Managed technical services offer staff augmentation paired with consulting expertise, so businesses can balance insourcing and outsourcing as they see fit.

Finally, we can’t ignore that people do leave for better salaries — even when they love their jobs and their working relationships. To stay competitive and retain quality talent, leaders may have to offer salary increases that exceed previous budget assumptions. By discussing these leading practices and potential pitfalls to the C-suite and board, businesses can realign compensation plans to reflect the higher rates cybersecurity professionals command now.

Where cybersecurity leaders and boards should focus

Looking to the future, cybersecurity leaders and board members must consider how resources are allocated to manage current and future threats. They will want to evaluate how the business changes over time, impacted by mergers and acquisitions or the adoption of emerging technology, all of which introduce new cybersecurity vulnerabilities. Businesses will drive progress toward cyber resilience maturity by factoring security considerations into every business decision, with a particular focus on the infrastructure, budget and resources necessary to recruit and retain a cyber-skilled workforce.

KEYWORDS: cryptocurrency cyber security leadership cyber talent gap employee morale ransomware retention workforce gap

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Terry Jost is a Managing Director at Protiviti.

David Taylor is a Managing Director at Protiviti.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • data-center

    Strengthening the frontlines for unstructured data security: Protect it first

    See More
  • cyber freepik

    Strengthening your security culture: Does the “fear factor” approach really work?

    See More
  • empty conference room

    5 strategies for advocating for a security budget increase

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing