Just a decade or two ago, cybersecurity used to be a concern only for the most prominent market players. Today, in the age of digital transformation, everyone is on their toes, even the smallest businesses.
Handling cybersecurity is no longer just about protecting yourself against viruses and spyware and occasional network hacks, like back at the beginning of the century. Now, it’s maintaining compliance, zero trust, avoiding ransomware attacks, not falling for well-focused phishing, not having your web applications full of vulnerabilities, maintaining not just endpoint but also cloud security. The list of cyber threats goes on and on.
This swift development, powered by the explosive growth of criminal organizations that specialize in cyberattacks, is not easy to handle, especially in industries such as healthcare or financial services, often targeted by cybercriminals. As a result, cybersecurity teams often feel like add-on structures, not something fully integrated into an organization’s guts. And in such situations, businesses experience painful consequences of a disconnect between business leaders and security teams.
Cybersecurity and the organization – the best frenemies
The role of security teams is not an easy one – in a way, they are the internal police of the organization that keeps an eye on the work of others. And as with regular police, this causes mixed emotional reception from the observed subjects. Some employees fully appreciate the fact that someone watches over them and makes sure that their actions don’t have dire consequences. But many are just annoyed by the limitations or feel uncomfortable with someone watching their back in real-time.
This relationship, which could be best described as frenemies, is making it even harder for business leaders such as the C-suite to appreciate the need for full cybersecurity coverage. For such leadership teams, a cybersecurity team may be perceived as not just a pain in the budget but also a factor that negatively affects morale in the company.
The pain of working with developers
The biggest disconnect between security teams and the rest of the company is seen in the case of developer teams. A 2021 study commissioned by VMware and conducted by Forrester Research found that 52% of surveyed developers believe that security policies are stifling their innovation. This study shows that there is some progress in this aspect, but there is still a long way to go.
It seems tragic that it’s the developers, who are technically minded and usually aware of security risks, are also the biggest drawback when trying to integrate security teams into the business ecosystem. However, this is a result of the late and quick introduction of security into business environments – as mentioned earlier, more of an add-on than an integral part.
The difficult role of a CISO
Of course, the one that faces all these challenges in larger organizations is the chief information security officer (CISO). On the one hand, security leadership must push for the most efficient security ecosystem, on the other, they must face backlash from other business leaders who may not be happy about the limitations.
As a very simple example of such a problem, let’s say that an organization has a lot of remote workers who are contractors and work on their own machines, not company laptops. This creates a very difficult situation where the CISO must, on the one hand, devise a security strategy that makes it possible for such contractors to work efficiently and on the other hand, keep the information that they access fully secure.
Hats off to CISOs. They must not fall while walking the line between the C-suite and other stakeholders, the cybersecurity risks, the budgets, and the unhappy users.
Drawbacks due to limited awareness
Yet another factor that plays an important role in the disconnect between business leaders and security leaders and their teams is how difficult it is to understand cybersecurity for someone who is not educated in technology. Many business leaders must trust their security counterparts that cybersecurity is not just a single, simple task.
Again, it’s not surprising that a business leader faced with the full scope of potential cybersecurity needs is simply baffled and does not understand why all this effort and money are needed to maintain an efficient security program. They have a hard time understanding why the business would need many security specialists and security solutions. For example, try to explain to the vice president of the board why your organization needs a DLP solution, an XDR product, a web vulnerability scanner, a network security scanner, a WAF, an IDS/IPS as well as security researchers, incident response teams, threat intelligence leaders, risk management units, cybersecurity metrics specialists – why isn’t it just enough anymore to activate Microsoft Defender on all the machines?
Automation and tooling – the best solution
What helps CISOs and their security teams get the best results is automating procedures as much as possible. The one obvious advantage is the efficiency of work in such cases – many elements of the security posture are handled by the tool much faster than if they were done manually. A simple example would be: checking for software vulnerabilities where manual penetration testing through security research could not even begin to compare in efficiency with vulnerability scanning.
However, there is another huge advantage of using as many tools as possible to help maintain the best security posture – people don’t get upset with tools as much as they get upset with other people. If, for example, a security professional messages an employee about a potential security problem that the employee’s actions could cause, the employee is likely to take this message personally and emotionally. On the other hand, if the same employee gets a message from a tool before they even take the risky action, they may curse at technology a little but are unlikely to hold a grudge against software.
Therefore, the best way for a security team to handle cybersecurity, and at the same time, maintain a healthy relationship with the rest of the company, including business leaders, is the right tooling. We can help you with that. Take a look below.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.