TRENDING
in their industry has increased over the last year , with nearly half of respondents ( 47 %) saying their organisation has been the victim of a ransomware attack in the last six months .
The survey uncovered the following results globally :
• Security should be a shared responsibility : More than four in five ( 81 %) of respondents overall ( 86 % of IT decision-makers and 76 % of SecOps ) somewhat or strongly agree that IT and SecOps should share the responsibility for their organisation ’ s data security strategy .
• But effective collaboration between IT and security teams is frequently not happening : Almost a third of SecOps respondents ( 31 %) believe the collaboration is not strong with IT , with 9 % of those respondents going so far as to call it ‘ weak .’ Among IT decision-makers , more than a tenth of respondents ( 13 %), believe collaboration with SecOps is not strong . In total , nearly a quarter ( 22 %) of IT and SecOps respondents overall believe the collaboration between the two groups is not strong .
• In many cases , even though the threat of cyberattacks has increased , the level of collaboration between IT and SecOps has remained stagnant or has declined : 40 % of respondents , overall , said collaboration between the two groups has remained the same even in light of increased cyberattacks . And , 12 % of all respondents said collaboration has actually decreased . While only 5 % of IT decision makers said collaboration has decreased , nearly one in five ( 18 %) of SecOps respondents believe that is the case , highlighting disparity between the two functions .
• The on-going tech talent shortage is making matters worse : When asked if the talent shortage is impacting the collaboration between IT and security teams , 78 % of respondents ( 77 % of IT decision-makers and 78 % of SecOps ) said : ‘ Yes , it is having an impact .’
• As a result of this lack of collaboration between IT and SecOps , many respondents believe their organisation is more exposed : Among the IT and SecOps respondents who believe the collaboration is weak between the two groups , 42 % believe their organisation is either more exposed ( 28 %), or much more exposed ( 14 %) to cyberthreats .
• The consequences of that exposure could be devastating for businesses and for careers : When asked what would be their worst fear about
A complete data security strategy must bring these two worlds together . a lack of collaboration between security and IT if an attack takes place , 42 % of all respondents are concerned about a loss of data , 42 % fear business disruption , 40 % are worried customers will take their business elsewhere , 35 % fear finger-pointing will take place and their team will be blamed should any mistakes occur , 32 % are worried about paying ransomware , and 30 % fear people from both teams ( IT and SecOps ) will be fired .
“ This research pinpoints there is often a lack of collaboration between IT and security teams that we ’ re seeing across many organisations today ,” said Brian Spanswick , Chief Information Security Officer , Cohesity .
“ For too long , many security teams focused primarily on preventing cyberattacks , while IT teams have focused on data protection , including backup and recovery .
“ A complete data security strategy must bring these two worlds together – but in many cases , they remain separate , and this lack of collaboration creates significant business risks and can put companies at the mercy of bad actors .”
To further drive this point home , when respondents were asked how their company prioritised data backup and protection as part of their organisation ’ s security posture or response to a cyberattack , 54 % of IT decision-makers said it was a top priority and a crucial capability , while only 38 % of SecOps respondents said the same .
“ If SecOps teams are not thinking about backup and recovery and lack next-gen data management capabilities as part of an overall security strategy , that ’ s a problem ,” said Spanswick .
“ IT and SecOps teams need to collaborate before an attack takes place – looking holistically across the NIST Cybersecurity Framework which includes five core capabilities : identify , protect , detect , respond , and recover . If they wait to collaborate until their data is hijacked , that ’ s too late and the results could be catastrophic for businesses .”
Eighty-three percent of all respondents ( 84 % of IT decision-makers and 81 % of SecOps respondents ) somewhat or strongly agree that if security and IT collaborated more closely , their organisation would be better prepared to recover from cyberthreats including ransomware attacks . And , when respondents were asked what would give their organisation greater confidence that they could recover business systems quickly in the event of a ransomware attack , 44 % of all respondents ( 49 % of IT decision-makers and 39 % of SecOps respondents ) said greater communication and collaboration between IT and security is key . p
20 INTELLIGENTCIO AFRICA www . intelligentcio . com