Why IT and Security Operations Teams Need to Collaborate More

by Redazione LineaEDP10/06/2022 Facebook Twitter LinkedIn

According to Cohesity, the biggest gap that criminals can exploit is the lack of collaboration between IT teams and Security Operation.

New research commissioned by Cohesity, a specialist in innovative data management, reveals that while most IT and Security Operations (SecOps) teams believe they need to jointly share responsibility for their organization's data security strategy, many of these teams are not working together as effectively as possible to address growing cyber threats. The survey also shows that, among respondents who believe that collaboration between IT and security is poor, almost half are convinced that their organization is inevitably more exposed to cyber threats, with consequences that could prove catastrophic for companies. The research is based on a survey conducted in April 2022, conducted by Censuswide, of more than 2,000 IT decision makers and Security Operation professionals (SecOps) – divided almost 50% between the two groups – belonging to companies in the United States, United Kingdom and Australia, all with a role in it or security decision-making. Nearly three-quarters of respondents (74%) believe that the threat of ransomware attacks in their industry has increased in the last year, and nearly half of respondents (47%) say their organization has been the victim of a ransomware attack in the past six months. The survey highlighted the following findings globally: Security should be a shared responsibility: More than four out of five respondents (81% of all respondents, 86% of IT leaders, and 76% of SecOps) partially or strongly agree that IT and SecOps should share responsibility for their organization's data security strategy.

• However, effective collaboration between IT and security teams is not usually achieved: Nearly one-third of SecOps respondents (31%) believe that collaboration with IT is not effective, with 9% calling it "weak". Among IT decision makers, more than one in 10 (13%) believe that collaboration is not strong. In total, nearly a quarter (22%) of IT and SecOps respondents believe that collaboration between the two groups is not effective*.

• In many cases, although the threat of cyber attacks has increased, the level of collaboration between IT and SecOps has remained constant or decreased: 40% of all respondents said that the collaboration between the two groups remained unchanged also in light of the increase in cyber attacks. 12% of all respondents said that collaboration has actually decreased. While only 5% of IT leaders said collaboration has shrunk, nearly one in five (18%) of SecOps respondents believe this is the case, underscoring the difference of views between the two groups.

• The current shortage of technology talent is making the situation worse: When asked about the possible impact of the talent shortage on collaboration between IT and security teams, 78% of respondents (77% of IT leaders and 78% of SecOps) answered in the affirmative, confirming that the lack of specialized profiles is having an impact.

• As a result of this lack of collaboration between IT and SecOps, many respondents believe their organization is more exposed to cyber threats: Among respondents who believe that collaboration between IT and SecOps is poor, 42% believe their organization is more exposed (28%) or much more exposed (14%) to cyber threats.

• The consequences of this exposure could be devastating for companies and career prospects: When asked what is the biggest fear related to the lack of collaboration between security and IT in the event of an attack, 42% of all IT and SecOps respondents fear data loss, 42% a business interruption, 40% are concerned that customers will turn elsewhere, 35% fear their team will be blamed for errors, 32% fear paying for ransomware, and 30% believe that people on both teams (IT and SecOps) will be fired. Albert Zammar, Regional Director SEMEA Cohesity Albert Zammar, Regional Director Southern Europe at Cohesity, said: "The research highlights the lack of collaboration between IT and Security Operations teams in many organizations today, a communication gap that needs to be filled if cyber threats and ransomware are to be effectively countered. For too long, many security teams have focused primarily on preventing cyber attacks, while IT teams have focused on protecting data, including backup and recovery. A comprehensive data security strategy must bring together these two worlds, which in many cases remain separate today. The lack of collaboration often gives cybercriminals the space they need to launch attacks that hit the mark and put companies at their mercy." To further emphasize this point, when asked how their company prioritizes backing up and protecting data as part of the organization's security posture or response to a cyberattack, 54% of IT leaders said it is a top priority and a decisive capability. while only 38% of SecOps respondents responded the same. If SecOps teams don't think about backup and recovery and don't have innovative data management capabilities as part of a global security strategy, there's a problem. IT and SecOps teams must collaborate before an attack occurs, looking holistically at the situation and taking as a reference the NIST Cyber Security Framework, which includes five core capabilities: identify, protect, detect, respond, and recover. If they wait for the moment when a data breach occurs to collaborate, it's too late and the results could prove catastrophic for companies." 83% of all respondents (84% of IT leaders and 81% of SecOps respondents) partially or strongly agree that their organization would be better prepared to recover from cyber threats, including ransomware attacks, if security and IT worked together more closely. In addition, when asked what would provide their organization with greater security in the ability to quickly restore business systems in the event of a ransomware attack, 44% of all respondents (49% of IT managers and 39% of SecOps respondents) said greater communication and collaboration between IT and security would be critical.

* 'Not strong' refers to the reverse percentage of respondents who selected 'strong' or 'very strong' when asked: "How much do you think your organization's security and IT teams are working together to address growing cybersecurity threats, including ransomware attacks?"