A survey of more than 2,000 IT decision-makers and security operations (SecOps) professionals in the U.S., United Kingdom and Australia found lots of room for improvement when it comes to the way cybersecurity and IT operations teams collaborate.
The survey, conducted by Cohesity, a provider of a data protection platform, found nearly a third of SecOps respondents (31%) believe the collaboration with IT is not strong, with 9% of those respondents going as far as to call it weak. Only 13% of IT professionals said collaboration with SecOps is not strong. Overall, nearly a quarter (22%) of IT and SecOps respondents said collaboration between the two groups is not strong. Among respondents who believe collaboration is weak between IT and security, 42% said they believe their organization is more exposed to cybersecurity threats as a result.
Brian Spanswick, chief information security officer (CISO) for Cohesity, said this issue is more critical than ever. As the volume of attacks increases, many organizations are relying on IT teams to remediate the vulnerabilities discovered by typically understaffed SecOps teams. There simply isn’t enough security expertise available to perform all the required remediation tasks, Spanswick noted. More than three-quarters of respondents (78%) said talent shortages are having an impact on cybersecurity.
The survey also found 81% of respondents somewhat or strongly agreed that IT and SecOps should share the responsibility for their organization’s data security strategy. However, 41% report the level of collaboration between IT and SecOps has remained stagnant or has declined. A total of 40% also noted collaboration between the two groups has remained the same even in light of increased cyberattacks, while another 12% said it has declined.
A full 83% said if security and IT teams would collaborate more closely, their organization would be better prepared to recover from cybersecurity threats including ransomware attacks. A total of 44% said greater communication and collaboration between IT and security is key to faster recoveries from attacks.
The survey also found nearly three-quarters (74%) of respondents believed the threat of ransomware in their industry has increased over the last year, with nearly half of respondents (47%) saying their organization has been the victim of a ransomware attack in the last six months. However, while more than half of IT respondents (54%) said backup and recovery is a top priority and a crucial capability, only 38% of SecOps respondents agreed.
The biggest concerns about the lack of collaboration are loss of data (42%), business disruption (42%), that customers would take their business elsewhere (40%), that their team would be blamed should any mistakes occur (35%), paying ransomware (32%) and fear that people from both teams (IT and SecOps) would be fired (30%).
Spanswick said the most important thing any organization can do is to focus on the cybersecurity and data protection fundamentals. That effort alone will either thwart most attacks or, at the very least, reduce the leverage cybercriminal might have in the wake of a successful ransomware attack, Spanswick said. Making sure there is a pristine copy of critical data that is isolated from any attack vector is crucial, he added.
As is often the case, however, achieving that goal is often easier said than done.