We are at an inflection point in the technology industry where the responsibility and oversight of cybersecurity to protect businesses has extended beyond security teams. As the cyber-threat landscape continues to evolve and attackers dream up more creative ways to infiltrate company ecosystems, business leaders are working to restructure their leadership teams to ensure cybersecurity is a top priority. Today, 36% of CISOs report to the CIO (PDF) — and with data breaches rising in cost and more proprietary information being stored in the cloud, IT and security departments have seen their security responsibilities blend.
With many organizations undergoing initiatives like digital transformation and cloud migration, it’s important for IT and security leaders to work in tandem to prevent cyber threats from harming their IT infrastructure while still maintaining high productivity. Both IT and security teams can balance each other out by combining their perspectives, and this extends to other teams as well. Key players like the CISO, CIO, and CTO should lead these discussions, but it’s also important that leaders from different areas of the business are included to close security gaps while ensuring employee productivity and user experience remain high.
The steps to secure an organization cannot happen in a vacuum. Business leaders need to learn from one another and increase their understanding of each department’s varying IT security goals and challenges. By blending these perspectives and experiences, organizations can develop a comprehensive IT security strategy that is prepared to tackle emerging and existing threats.
Enable Seamless Communication Across Security and IT Teams
IT and security teams need to be in lockstep when proactively and reactively defending against threats. With teams being spread out across different regions and time zones due to hybrid work, however, enabling seamless communication cross-functionally is easier said than done. It’s important that IT and security leaders are intentional about setting up these lines of communication as one misalignment can leave room for vulnerabilities.
Beyond shared chat channels, setting up a weekly task force call with key stakeholders from each team or holding a monthly security all-hands can keep everyone apprised on the priorities of each department and informed on how they need to work together to achieve their goals. Regular communication and information sharing across these departments encourages a culture of transparency while also allowing teams to focus on their given responsibilities. Just as importantly, this ensures that when a security incident does occur, information can be shared quickly to contain the incident and improve response times.
Collaborate on IT Security Strategies and Crisis Planning
IT security planning conversations should be diverse and involve a wide range of participants, especially considering the rapidly changing IT environment. Teams across the business need to work together to ensure cybersecurity strategies remain adaptive and agile. In many organizations, departments will work individually on their strategies and then merge these plans into one comprehensive approach. However, when it comes to cybersecurity, it’s critical that IT and security teams collaborate on these plans to ensure each department’s goals are prioritized.
To avoid the risk of maintaining an outdated security strategy, IT and security leaders should implement a feedback loop across their teams to collect information from incidents and threat analysis. Feedback loops ensure that each team has the necessary data to create metrics that provide insights on the effectiveness of their strategies. By sharing these insights cross-functionally, both teams can proactively respond to threats and vulnerabilities, and adjust strategies as needed. Engaging in these conversations leads to concrete action, like collaborating on new security measures, to strengthen an organization’s IT defense.
Work Together to Secure Remote Work Environments
The shift toward a shared responsibility mindset in cybersecurity acknowledges that human factors are central to both vulnerabilities and defenses. For example, MGM’s recent cyberattack was an employee-targeted vishing attack, which led to the casino’s data being stolen and held for ransom. With threat actors doubling down on phishing attacks and network hacks, securing all employee endpoints has become a top priority for both departments.
Securing a remote organization requires input from both departments. IT teams have traditionally been the first line of defense for many employees experiencing issues with their work environments, including educating and training remote workers on security best practices. However, while IT is well-versed in these tasks, the implications could be lasting if proper security oversight isn’t provided. Rather than being solely viewed as a support function, IT is an indispensable resource for security teams as it can enable them to proactively secure employee functions and critical IT infrastructure. By establishing cybersecurity as a shared responsibility between IT and security teams, organizations can secure business operations from end to end while also remaining nimble in the evolving threat landscape.