New research commissioned by Cohesity shows that while most IT and security decision-makers believe they should share responsibility for their organization’s data security strategy, many of these teams are not working together as effectively as possible to address growing cyber threats. To grab.
The survey also finds that of respondents who believe that IT/security collaboration is weak, nearly half of the respondents believe that this increases their organization’s exposure to cyber threats, the implications of which could be catastrophic for companies.
The research is based on an April 2022 survey conducted by Censuswide of more than 500 IT decision makers and Security Operations (SecOps) professionals (almost 50/50 split between the two groups) from companies in Australia and New Zealand – all of which have a role in the IT or security decision-making process.
The survey was conducted because more than 2 in 3 respondents (69%) believe that the threat of ransomware in their industry has increased in the past year, with nearly half of the respondents (46%) saying their organization is the victim has become a ransomware attack in the past six months.
Security should be a shared responsibility: Almost three-quarters (74%) of respondents (80% of IT decision-makers and 68% of SecOps) somewhat or strongly agree that IT and SecOps should share responsibility for their organization’s data security strategy.
However, effective collaboration between IT and security teams often does not happen: more than a third of SecOps respondents (36%) believe that their partnership with IT is not strong, and 11% of those respondents go so far as to say it is weak to name. Nearly one-sixth of respondents (15%) of IT decision-makers believe that collaboration is not strong. More than 1 in 4 (26%) respondents generally think the partnership between the two groups is not strong.
While the threat of cyber-attacks has increased, in many cases, the level of collaboration between IT and SecOps has stagnated or declined. Nearly 2 in 5 (39%) respondents said cooperation between the two groups had remained the same, even in light of increased cyber-attacks. 1 in 6 (17%) respondents said that collaboration has declined. While only 6% of IT decision-makers said the cooperation has reduced, over a quarter (28%) of SecOps respondents believe it has, indicating a significant difference between the two groups.
The ongoing shortage of technical talent makes matters worse: When asked whether the talent shortage affects collaboration between IT/security teams, nearly 3 in 4 (74%) of respondents (76% of IT decision-makers) answered, and 72% of SecOps) ) said yes, it has an impact.
As a result of this lack of collaboration between IT and SecOps, many respondents believe their organization is more vulnerable: of the IT and SecOps respondents who believe that cooperation between the two groups is weak, more than half believe (52 %) that their organization is either more exposed (35%), or much more exposed (16%) to cyber threats.
The consequences of that exposure could be devastating for businesses and careers: When asked what their biggest fear would be about a lack of collaboration between security and IT if an attack occurs, 44% of respondents fear business disruption, 43 % are concerned about data loss, 39% are concerned that customers will move their business elsewhere, 30% are worried about paying for ransomware, 29% are worried that they will be fingered and blamed if errors occur, and 29% fear that people from both teams (IT and SecOps) will be fired.
Cohesity Chief Information Security Officer Brian Spanswick said: “This research shows that there is often a lack of collaboration between IT and security teams that we see in many organizations today.
“For too long, many security teams have focused primarily on preventing cyber-attacks, while IT teams have focused on data protection, including backup and recovery. A complete data security strategy should bring these two worlds together. Still, in many cases, they remain separate, and this lack of collaboration creates significant business risks and can leave companies at the mercy of bad actors.”
To further raise this point, 53% of IT decision-makers said it was a top priority and a critical opportunity when respondents were asked how their company prioritized data backup and protection as part of their organization’s security posture or in response to a cyber attack. Only 39% of SecOps respondents said the same.
Spanswick says, “If SecOps teams don’t think about backup and recovery and lack next-gen data management capabilities as part of an overall security strategy, that’s a problem.
“IT and SecOps teams need to work together before an attack occurs and take a holistic view of the NIST Cyber Security Framework, which encompasses five core capabilities: identify, protect, detect, respond, and remediate. It is too late as they wait to collaborate until their data is hijacked, and the consequences could be catastrophic for companies.”
Overall, 78% of all respondents (80% of IT decision-makers and 76% of SecOps respondents) somewhat or strongly agree that if security and IT collaborated more closely, their organization would be better prepared to recover from cyber threats, including ransomware attacks.
In addition, when respondents were asked what would give their organization more confidence that they can quickly recover business systems in the event of a ransomware attack, 43% of all respondents (50% of IT decision-makers and 37% of SecOps respondents said ) more communication and collaboration between IT and security is essential.
