How organizational structure, personalities and politics can get in the way of security

0

Cyberattacks and data breaches continue to increase year on year and another so called silver bullet technology is not going to stop this trend. The reality is that the bad guys look at the whole playing field, but we’re not because organizational structure, personalities, and politics get in the way.

Security organizations are traditionally structured as a collection of separate groups, including network, endpoint, and cloud, tasked with protecting their part of the infrastructure and stopping certain types of threats. Each group uses its own set of security technologies from different vendors and brings its own third-party data and intelligence sources for context. These silos make it extremely difficult to actually share data between tools or teams. And while these teams may be made up of the same person, they each have their own budget and are focused on getting their projects done so they can be funded…sometimes at the expense of another project. Personalities and politics begin to seep in due to this unintended (or sometimes perhaps intentional) competition. Ultimately, these divisions make it incredibly difficult to create a unified defense. Instead, we’re just creating an obstacle course for attackers that they’re all too adept at successfully navigating.

When it comes to the future of cybersecurity, we know that any discussion must include automation. But disconnects within an organization prevent us from making meaningful progress. A recent SANS survey (PDF) found that 97% of respondents report difficulty deploying automation initiatives due to technology issues, siled departments, and lack of confidence in results. Additionally, the disconnect between CISOs and their organizations around security automation and organizational maturity makes it harder to overcome the structural and cultural challenges needed to move up the maturity ladder and promote a cross-functional approach to the whole company.

One direction we can go to address these challenges and create a unified defense is to conduct an honest assessment of the state of the organization. The global shortage of cybersecurity talent affects most organizations. When we remove barriers, we can apply automation to better utilize scarce, highly skilled human resources and avoid burnout and boredom. Repetitive, low-risk, and time-consuming tasks are prime candidates for automation, while human analysts take the lead in irregular, high-impact, and time-sensitive investigations, with automation simplifying some of the work.

Organizations also need to make the most of their existing tools. I’ve spoken with teams who are actually considering investing in a second SOAR tool because the other part of the organization that has already deployed a SOAR tool isn’t receptive or doesn’t have the capacity to extend use cases and deliver what they need in a timely manner. Talk about a lack of a unified defense! This is another area where automation can help. Instead of a process-driven SOAR approach, automation can be triggered by data and business logic to execute the right actions and orchestrate the response with minimal impact on team workloads and workflows of security. Additionally, solutions that offer a low-code approach can open up the tool to more users and use cases.

More broadly, an integration-focused platform where disparate systems and sources that speak in different languages ​​and use different formats can communicate, provides an opportunity to change the way of thinking and working together. An open and extensible architecture that enables flexibility and interoperability with existing tools and teams, and integrates with new technologies that teams want to bring, provides benefits for everyone. At the data level, it provides a shared context for better understanding and collaboration across the organization. At the process level, this helps ensure that the right actions are taken at the right time so that different teams can achieve their goals and accelerate detection and response across the organization.

When we recognize how organizational structure, personalities, and politics can stand in the way of security progress, can we overcome the challenges and move toward unified defense. There are many paths to reach this destination, the choice is ours.

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record of growing and building teams for fast-growing security companies, which has resulted in several successful liquidity events. Prior to ThreatQuotient, he served as vice president of security marketing for Cisco following its $2.7 billion acquisition of Sourcefire. At Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc is also an advisor to several technology companies, including Valtix.

Previous columns by Marc Solomon:
Key words:

Share.

About Author

Comments are closed.