Is there a disconnect between business leaders and security teams?
Just a decade ago, cybersecurity was a concern only for the most prominent market players, but not anymore. Handling cybersecurity is no longer just about protecting your business against viruses, spyware, etc. Now, it’s maintaining compliance, and zero trust, basically maintaining not just endpoint but also cloud security and much more.
This swift development, powered by the explosive growth of criminal organizations, is not easy to handle, especially in industries such as healthcare or financial services, which are often targeted by cybercriminals. As a result, cybersecurity teams often feel like add-on structures, not something fully integrated into an organization’s guts. And in such situations, businesses experience the painful consequences of a disconnect between business leaders and security teams.
Cybersecurity and the organization – the best frenemies
The role of security teams is not easy – in a way, they are the internal police of the organization that keeps an eye on the work of others. Some employees fully appreciate that someone watches over them and ensures that their actions don’t have dire consequences. But many are just annoyed by the limitations or feel uncomfortable.
This relationship could be best described as frenemies. For such leadership teams, a cybersecurity team may be perceived as not just a pain in the budget but also a factor that negatively affects morale in the company.
The pain of working with developers
The biggest disconnect between security teams and the rest of the company is seen in the case of developer teams. However, this is a result of the late and quick introduction of security into business environments, more of an add-on than an integral part. It seems tragic that the developers, who are technically minded and usually aware of security risks, are also the biggest drawback when trying to integrate security teams into the business ecosystem.
The difficult role of a CISO
On the one hand, security leadership must push for the most efficient security ecosystem; on the other, they must face backlash from other business leaders who may not be happy about the limitations.
As a very simple example of such a problem, let’s say that an organization has a lot of remote workers on personal machines. This creates a very difficult situation where the CISO must, on the one hand, devise a security strategy that makes it possible for such contractors to work efficiently and, on the other hand, keep the information that they access fully secure. They must not fall while walking the line between the C-suite and other stakeholders, the cybersecurity risks, the budgets, and the unhappy users.
Drawbacks due to limited awareness
Yet another factor that plays an important role in the disconnect between business leaders and security leaders and their teams is how difficult it is to understand cybersecurity for someone who is not educated in technology.
Again, it’s not surprising that a business leader faced with the full scope of potential cybersecurity needs is simply baffled and does not understand why all this effort and money are needed to maintain an efficient security program. They have difficulty understanding why the business needs many security specialists and security solutions. For example, try to explain to the board's vice president why your organization needs a Data Loss Prevention (DLP) solution, a web vulnerability scanner, or more – why isn’t it just enough anymore to activate Microsoft Defender on all the machines?
Automation and tooling – the best solution
Automating procedures as much as possible helps CISOs and their security teams get the best results. The one obvious advantage is the efficiency of work in such cases – many elements of the security posture are handled by the tool much faster than if they were done manually. A simple example would be: checking for software vulnerabilities where manual penetration testing through security research could not even begin to compare efficiency with vulnerability scanning.
However, there is another massive advantage of using as many tools as possible to help maintain the best security posture – people don’t get upset with tools as much as they get upset with other people.
Filip Cotfas
Filip Cotfas is Channel Manager at CoSoSys.