Cybersecurity professionals are bracing for continued attacks this year, effectively boosting their budgets by an average of 21%, according to the 2017 Cybersecurity Trends Report published by the National Center for the Midmarket.\nThese cybersecurity professionals are focused specifically on cloud infrastructure, training and educating end users, and securing mobile devices.\nWhile concerns around cybersecurity are high, more than half of midmarket companies operate with limited to no strategy at all.\u00a0\nAdding to the issue is the fact that cybersecurity is ever changing, according to Brian Hill of Computer Forensic Services. Technology offers convenience, but \u201cevery time we gain convenience, we give up something in security,\u201d he said.\u00a0\nGone are the days when an attack was the final wake-up call for companies to allocate IT budget towards security staff and strategy.\u00a0\nIn 2017, cybersecurity requires a dedicated full-time team.\nSecurity is everyone\u2019s business\nKip Bates\u2019 role as the director of cybersecurity and strategic initiatives at the University of California in Santa Barbara evolved significantly from the early 1990s when he was hired to establish a computer network and support a computerized maintenance system.\u00a0\nNow, more than 14,000 devices in the university\u2019s residence halls alone access the school\u2019s network. From a security strategy development standpoint, the watershed cybersecurity moment came with an alert from federal authorities to investigate a specific machine using one of the university\u2019s IP addresses.\u00a0\nWhat followed was a year-long process of recovering from a cyber attack by the Iranian government known as Operation Cleaver.\nThere were several speculations by authorities around the intent of the attack, but Bates said nefarious reasons included intelligence gathering for a potential kidnapping of a student or students related to renowned Middle Eastern oil barons.\nFollowing the attack, information security officers were strategically placed in critical organizations across the campus\u2019s centralized IT division.\u00a0\n\u201cWe\u2019re of the opinion that security isn\u2019t my job; it\u2019s everyone\u2019s job,\u201d Bates said.\u00a0\nStaff up cybersecurity teams from the inside\nAt Boston-based MathWorks, IT director Jim Habeeb had only a part-time security team composed of networking specialists and various IT staffers. He sat down with the CFO and president, who now sits on the company\u2019s security advisory team, to persuade them to hire a full-time chief information security officer (CISO) who could then help develop a hiring plan.\nAfter advertising for positions to build the security team, Habeeb opted to post the positions internally.\u00a0\n\u201cHighly skilled staff require a premium salary, and you want to be fair to your internal staff to expand their skills,\u201d he explained. \u201cWhen you hire from the outside, it can be hard to get someone who wants to hit the ground running in the best interest of the company rather than doing what they already know or are familiar with doing.\u201d\u00a0\nBuild partnerships across business lines\nWhen Jeff Sullivan assumed the role of director of enterprise IT for American Advisors Group in Orange County, California, just over a year ago, the security team consisted of two individuals: an information security officer and a network administrator.\nSullivan has since doubled the team in the company\u2019s corporate office, but it was challenging to find and hire skilled staff because of stiff competition in the Greater Los Angeles area.\u00a0\nThen came the challenge of determining what to focus on.\nThe team conducted a vulnerability scan of the company\u2019s network environment and examined the perimeter for gaping holes. It then worked with risk management and legal counsel to prioritize what information to protect and what\u2019s risky enough to ignore.\u00a0\n\u201cWe\u2019re trying to balance our team with managed services and leverage key vendors to ensure we\u2019re protecting our environment,\u201d Sullivan said. \u201cWith information security, you simply don\u2019t have the luxury of time.\u201d\u00a0\nIT executives still working to build their cybersecurity teams have a host of programs that can help, including CompTIA Security+ and Parameter Security\u2019s Hacker University.