One might expect people on different teams of a company’s IT department to be on the same page and have a certain amount of work-related trust for each other. It seems that neither “being on the same page” nor “interdepartmental trust” are always the case.
That conclusion was part of the data culled from a BlueCat Networks sponsored International Data Group (IDG) survey. Here are some additional results:
- Over 65% of those responding to the survey indicated their company has experienced two or more cybersecurity events; and
- Only 38% of the survey participants believe their organization is capable of defending against a cybersecurity event.
The survey’s report does not mince words as to why. “Business investments in network operations and cybersecurity may be shortchanged if the teams responsible for those areas aren’t collaborating,” mentions the report A House Divided: The Cost of Dysfunction between Network and Cybersecurity Teams. “The study shows eighty-six percent of organizations surveyed have suffered repercussions, including increased security breaches and data loss, due to lack of collaboration between these teams.”
SEE: Network security policy (Tech Pro Research)
As to the lack of collaboration, BlueCat Network’s Mathew Chase adds:
“Network and cybersecurity teams are often battling the wrong adversary: each other. Their strained relationship results in additional challenges and angst when they should be defending the organization as a cohesive team.”
The report’s authors suggest that lack of collaboration was responsible for the following:
- Slow response to security events (34%)
- Finger-pointing (33%)
- Increase in security breaches/data loss (32%)
- Loss of productivity (28%)
- Service downtime (27%)
- Inability to determine the root cause of security events (26%)
- Increased costs (26%)
The IDG/BlueCat report next dives into what’s working and what’s dysfunctional. The report’s authors surmise that network policy and threat analysis are typically the cybersecurity team’s responsibility, while ownership of other aspects, such as threat detection, are less concrete.
“Fifty percent of those surveyed by IDG indicated that conflicting objectives are the greatest obstacle to making that trust between teams happen,” explains the report. “Only a small percentage of survey respondents say the two teams share primary responsibility in the areas of policy enforcement, event prevention, threat detection, and event mitigation.”
The report indicates that not understanding who is responsible for what leads to the following:
- 55% of the survey respondents believe there is a high level of mistrust between cybersecurity and network teams; and
- 43% of network and 58% of cybersecurity professionals feel their counterparts do not understand their role.
The answer appears to be allowing the cybersecurity team complete access to the network. “The percentage of survey participants reporting a high level of trust between teams more than doubles at organizations providing complete visibility to cybersecurity staff,” the report mentions. “Similarly, when the cybersecurity team has complete visibility, organizations have a higher level of confidence that they are well equipped to protect the network from future cybersecurity attacks.”
Besides resolving trust issues and promoting collaboration, there are the following additional benefits:
- Both teams have greater confidence that team members understand what’s happening on the network;
- Each team’s activity will complement, not overlap or interfere, with the other team’s efforts; and
- Respondents (55%) believe integrating the teams will allow a faster, more-efficient response to security events.
“There is a lot of eye-opening on both sides of the fence,” says Michael Harris, CEO of BlueCat. “Organizations need both visibility into critical network infrastructure and a controlled, real-time view for cybersecurity.”
DNS is also common ground
The research team from IDG and BlueCat stressed the importance of DNS as a way to improve collaboration. “When set up in a unified way, DNS represents a data source that provides shared visibility; it is also pervasive across the network, which allows it to exact control over activity,” explains the report’s authors.
Survey respondents felt improving their organization’s DNS infrastructure will help:
- Improve network management and controls;
- Allow DNS data-mining for threats; and
- Increase agility as well as automation.
“DNS has always been in the hacker’s toolbox for mapping and disrupting organizations,” notes BlueCat Network’s Mathew Chase. “Organizations need to make the shift towards using DNS as skillfully as their adversaries in order to protect against and respond to threats across the enterprise.”
Note: A total of 200 qualified North-American respondents participated in the survey. Respondents were required to be employed in a network (data wired, wireless, voice, etc.) or a cybersecurity (IT/network security/cybersecurity) role at a company with 5,000 or more employees. Senior management, mid-management, and analyst level roles are equally represented. All qualified respondents are involved in the purchase and integration of cybersecurity technology.