Lack of collaboration between IT and security operations (SecOps) decision-makers is increasing the exposure of organisations to the growing cyber threats, according to a recent survey by Cohesity.
This was despite most IT and security decision makers believing they should share the responsibility for their organisations’ data security strategies.
The research is based on an April 2022 survey conducted by Censuswide, of more than 2,000 IT decision-makers and SecOps professionals.
The survey showed that of those respondents that believe collaboration is weak between IT and security, nearly half believe that their organisation is more exposed to cyber threats as a result — and the implications of that could have significant consequences for businesses.
The study also revealed that 74 percent of respondents believe the threat of ransomware in their industry has increased over the last year, with nearly half of respondents (47 percent) saying their organisation has been the victim of a ransomware attack in the last six months.
Almost a third of SecOps respondents (31 percent) believe the collaboration is not strong with IT, with nine percent of those respondents going so far as to call it “weak.”
Among IT decision-makers, more than a tenth of respondents (13 percent), believe collaboration with SecOps is not strong. In total, nearly a quarter (22 percent) of IT and SecOps respondents overall believe the collaboration between the two groups is not strong.
Alarmingly, the study also pointed out that in many cases, even though the threat of cyber-attacks has increased, the level of collaboration between IT and SecOps has remained stagnant or has declined. In addition, the ongoing tech talent shortage is also impacting the collaboration between IT and security teams.
According to the study, the consequences of that exposure could be devastating for businesses and for careers. When asked what would be their worst fear about a lack of collaboration between security and IT if an attack takes place, 42 percent of all respondents are concerned about a loss of data, 42 percent fear business disruption, 40 percent are worried customers will take their business elsewhere, 35 percent fear finger-pointing will take place and their team will be blamed should any mistakes occur, 32 percent are worried about paying ransomware, and 30 percent fear people from both teams (IT and SecOps) will be fired.
“This research pinpoints there is often a lack of collaboration between IT and security teams that we’re seeing across many organisations today,” said Brian Spanswick, chief information security officer, Cohesity. “For too long, many security teams focused primarily on preventing cyber-attacks, while IT teams have focused on data protection, including backup and recovery. A complete data security strategy must bring these two worlds together — but in many cases, they remain separate and this lack of collaboration creates significant business risks and can put companies at the mercy of bad actors.”
To further drive this point home, when respondents were asked how their company prioritised data backup and protection as part of their organisation’s security posture or response to a cyber-attack, 54 percent of IT decision-makers said it was a top priority and a crucial capability, while only 38 percent of SecOps respondents said the same.
“If SecOps teams are not thinking about backup and recovery, and lack next-gen data management capabilities as part of an overall security strategy, that’s a problem,” said Spanswick.
“IT and SecOps teams need to collaborate before an attack takes place — looking holistically across the NIST Cyber Security Framework which includes five core capabilities: identify, protect, detect, respond, and recover. If they wait to collaborate until their data is hijacked, that’s too late and the results could be catastrophic for businesses.”
