Security Collaboration: Breaking Down Silos for a Stronger Cybersecurity Defense

While business and security teams may share the same high-level goals, they do not share the same path to achieving them. This understandable separation of tasks can lead to obstructive silos, as business objectives such as time-to-market and efficiency compete with security goals like supply chain vetting and pre-release vulnerability scans. Silos also contribute to communication breakdowns between the now-competing teams, which exacerbates problems even further.

To adapt to an ever-adapting threat landscape, there is an increasing need for companies to adopt a proactive rather than reactive security posture. This begins with proactively breaking down silos between an organization’s IT and security data, tech, and teams.

The Benefits of Security Collaboration

When diverse cybersecurity and IT teams incorporate each other into their workflows, they gain increased business benefits:

1. Improved efficiency in threat detection and response: A threat intelligence team can promptly send vital information to a SOC that will monitor for new developments and notify a dedicated response team should something arise.
2. Faster decision-making and incident resolution: With all the pieces laid out, the chain of command from “first initial sighting” to “ultimate resolution” can be well-defined and run like a well-oiled machine. This gives those in command better access to relevant data so they can make well-informed decisions faster and confidently move toward resolution.
3. Reduced risks through better risk assessments and mitigation planning: It’s not all about speed in an emergency; much of the benefit of security collaboration comes from not having so many emergencies in the first place because teams are sharing threat knowledge, risk data, and other valuable assets and mitigating actions are being put in place sooner because of it.

Strategies to Break Down Silos

How do organizations get to where they enjoy the fruits of their security collaboration labors? Here are three practical ways teams can break down silos and increase workflow optimization:

1. Build a shared understanding of objectives and risk tolerance: Both bottom-line business objectives and future-leaning cybersecurity goals must be understood by all stakeholders, non-technical C-suite executives and security top brass alike. Once goals are aligned, all parties need a realistic view of the risks the organization can handle based on current implementations. Risk assessment can be determined using commercially available tools and typically focuses on statistically identifying “what could go wrong” and how wide the impact could spread in each case. Once everyone has a “same page” understanding of those facts, it will be much easier to align priorities and avoid competing demands.
2. Establish clear communication channels and regular joint meetings: The USC Annenberg Relevance Report notes that “silo-busting” has become an organizational imperative in cybersecurity and that “internal communication can be improved by creating forums or working groups where departments can share information about potential threats.” It also states it’s "important to motivate employees to speak up if they see something that doesn’t seem right.” This means having a space for employees to report phishing attempts, Business Email Compromise (BEC) emails, and other signs of malicious intent as they organically encounter them in their workday.
3. Create cross-functional teams for specific security projects: Once risks have been identified and prioritized and clear communication channels have been implemented, the rubber must hit the road. Teams that did not collaborate (or possibly even communicate) in the past need to establish cross-functional working relationships that defy silos and bring together all necessary parts. This could mean the threat intelligence team now communicates directly with the SOC instead of simply putting all information into a database. SIEM operators can reach out to Incident Response as soon as a potential threat is identified. In turn, Incident Response can communicate more directly with DevSecOps so the same weakness won’t be recreated to be exploited again.

The Role of Technology

If “silo-busting” were only a “people problem,” this blog could stop here. However, the right technology is needed to bring together so many traditionally disparate security functions. Collaborative security tools facilitate seamless information sharing and coordinated threat response. Cyware’s Cyber Fusion Centers are centralized hubs within which traditionally siloed security functions are integrated, combining high-fidelity threat intelligence with threat operations for rapid threat response.

Cyware’s arsenal of security automation software includes:

• Threat Intelligence Platforms (TIP): Automate the entire threat intelligence management lifecycle to unlock technical and tactical responses in real time.
• Security Orchestration and Automation Platform (SOAR): Optimize security operations and accelerate threat response with automated cross-functional workflows.
• Collaborate Platform: A bidirectional intelligence, alert, and advisory sharing platform that allows employees to report security threats when and where they see them.

Additionally, user-friendly platforms do a lot to promote adoption across teams. The more friction in processes and the higher the learning curve, the less likely new initiatives are to get taken up, no matter how useful or groundbreaking.

Leadership's Responsibility

Lastly, the most well-integrated technology in the market doesn’t matter if the ball drops in employees’ hands. The importance of security awareness training for all employees cannot be overstated, and creating a security-conscious culture starts at the top.

For security silos to break apart, top-down support and understanding is required. Executives need to align on how security objectives support business objectives, and once they do, implementing mandatory security awareness training will be as ubiquitous in digital businesses as loss prevention training is in retail. However, if leadership does not understand the intrinsic connection between the two core functionalities – business aims and security goals – then creating the type of disruptive organizational change that will generate cross-functional collaboration will be an uphill battle from the beginning.

It’s one thing to commit to change, but another to operationalize it. Cyware’s Collaborate platform empowers employees to respond to top-down security initiatives by giving them the means to immediately report any threats they come across to security teams directly. This increases inter-departmental collaboration, improves detection (with more vigilant eyes on the ground), and strengthens what is often the weakest link in the security chain – communicating the problem to the right people at the right time.

Taking the First Step

The journey may seem long, but leaders can start with one small collaborative initiative (such as joint risk assessment) and build from there. Once teams look in the same direction, subsequent changes can grow. Security decision-makers should evaluate their current security collaboration practices and tools and look for areas in which more comprehensive, powerful, and streamlined technology solutions can un-silo their processes and get them to the next level.

For more information on achieving better security outcomes with Cyware’s Cyber Fusion Center (CFC), click here.