Communication among people is key to the success of any team. As organizations mature in cyber resiliency, it becomes clear that communication is also vital to the success of every cybersecurity team. Humans can be communication champions, and humans can also be communication and resilience roadblocks. Therefore it is crucial to ensure that every member is united on the same team, and to leverage cybersecurity communication for the best possible cyber resilience. It's time to break the cybersecurity silos.
Cyber resilience, or cyber resiliency, is the ability of an organization to protect its network safety and continue operations in the face of cyber attacks. A cyber-resilient organization can adapt to known and unknown crises, threats, adversities, and challenges.
Why Cyber Resilience Doesn’t Improve
In a recent study by the Poneman Institute in collaboration with IBM, survey respondents were asked why cyber resiliency has NOT improved in their organization. Does this top answer break your heart a little bit? It seems painful to us:
Inability to reduce silo and turf issues.
As you can see in the chart above, a full 69% of organizations cited "Inability to reduce silo and turf issues" as one of the reasons (not necessarily the only reason) their cyber resilience cannot grow. Cybersecurity silos are causing a myriad of problems.
This is embarrassing for all of us in the security field.
The top reason is not external pressures, budget constraints, lack of staff, or even lack of an incident response plan – it’s a failure of people to communicate in cybersecurity and function as a team.
A silo is an isolated point in a system where data is kept and segregated from other parts of the architecture. Silos occur between teams and employees too, when one does not share information with the others.
A turf issue occurs when teams or employees compete for resources or power over an area of the network or organization. This can happen between departments or individuals, and it can lead to deepening insecurities and mistrust, with increasing refusals to cooperate or share vital information.
Neither of these is a good thing, nor are these situations helpful for achieving organizational goals, including the company’s security needs.
Defense Depends on a Shared Mission
The stats above are cause for concern because the best teams share a united goal and a united defensive strategy. If we cannot communicate and find common ground, how will our teams accomplish their missions? If we spend our time disagreeing over roles and turf, how can we complete the actual work?
In addition, these stats return us to a long-debated topic. How do we create security cultures of trust and cooperation? WHY are there silos and turf issues? Shouldn’t we all be on the same team?
Cybersecurity communication should be deeply embedded into a company security culture.
Healthy team dynamics are vital to the success of any team, and security professionals are no exception. Read more tips for leaders in our blog on security culture.
Leaders Must Break the Cybersecurity Silos
If your department is struggling with silos and turf wars, it’s time for some leadership – and we don’t just mean from those employees with fancy titles. Leading comes from each individual person who influences others – that’s all of us.
We can each play a part in perpetuating systems of mistrust, turf battles, and silos. We can easily get stuck in our own departments and work teams, refusing to look at the needs of other groups and teams. But we are ALL suffering when this happens.
In fact, the world is suffering. If your organization is not cyber resilient, it’s likely that impact falls on others because we are all interconnected.
Here is what we suggest, in three bite-sized steps.
Shift the mindset. Acknowledge that humans are key to any security structure. Appreciate the humans you work with, in word and deed.
Create new policies around sharing information between departments, and revisit every job description to clarify roles. Give authority to those who need it to protect the company. Managers, ensure that every team member has a clear set of expectations regarding tasks AND communication. Employees, if you don't know your manager's expectations, start asking questions.
Resolve “turf issues.” No one team member is the owner of one area of responsibility. Every member needs to seek the good of the team.
There are no guarantees that this will fix all turf wars and cybersecurity silo problems, but we certainly must start somewhere. Clearly what we’re doing isn’t working in 69% of organizations.
Are you ready to break the silos and communicate? We must work together better and communicate more in order to achieve stronger cyber resilience. The safety of our organizations, and of the world, depends on it.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills. Occasionally we communicate with cybersecurity memes.
We set the standard for cybersecurity excellence.