Are information security silos tying the hands of business?

A collaborative approach is key to organisational resilience, says James Blake at Cohesity  

 

A cyber-attack hits. The IT team bursts into action to get systems back online and maintain business systems. At the same time, the security team fights to find the source and prevent the spread. 

 

The organisation gets back up and running fast. Everyone is happy. 

 

But should they be? Whilst clear roles across IT and security enable a speedy response in the face of a cyber-incident, it also creates silos with teams often failing to collaborate in the face of a crisis. And this leaves organisations exposed: whilst the incident is fixed, there is little insight or resolution of the underlying problem, making them a prime target for a repeat attack.

 

Our own research found that 31% of IT and security professionals consider collaboration between their IT and security teams “weak,” while 42% say poor coordination increases their exposure to attacks. Worse still, more than a third (40%) report that, despite rising cyber-threats, teamwork between IT and security continues to stagnate, or even decline. 

 

Whilst it’s important to create distinction between the teams, greater alignment is crucial.

 

So, how can businesses foster stronger alignment between IT and security teams, ensuring that when a cyber-attack hits, both teams work together seamlessly to minimise disruption and accelerate recovery?

 

 

Constructing a solid foundation

When building your incident response strategy, you should start by defining key responsibilities. For IT, this means a focus on remediation and ensuring business continuity. This includes managing the response to system outages, restoring critical infrastructure (when appropriate), re-setting authentication tokens and passwords, deleting malicious accounts, and installing software patches.

 

Security teams, meanwhile, should focus on detecting the breach, containing its spread, and identifying the entry point.

 

Most importantly, teams must agree on policies for governance and incident escalation—and ensure they’re put into practice from the outset. For example, communication is one of the first things to break down in a crisis.

 

That’s why it’s critical to establish communication protocols and capabilities as the latter may have been impacted too. How will you talk? How often? What happens when a major decision needs to be made? Do you have a joint workflow for an attack?

 

Here, documentation is your friend. Start with a living, shared document outlining responsibilities, key contacts, escalation paths, and recovery strategies. This will be the vital foundations needed to move quickly and act methodically, even when emotions are running high.

 

 

Creating a culture of collaboration

Let’s go back to the hypothetical crisis for a moment. Ideally, both teams would have already created a ‘shared responsibility model’. This is a framework that establishes clear, step-by-step procedures for responding to cyberattacks.

 

As part of this, businesses should consider setting up a Clean Room—an isolated, secure environment where IT and security can jointly on investigation and remediation without the risk of reinfection. This controlled space would allow teams to analyse the attack, build a timeline, and develop a recovery plan that removes the threat and prevents reinfection.

 

Once systems are confirmed as clean and data recovered, it can be moved to a staging area for testing before being reintroduced into live systems. This may take longer than stakeholders would like, but the cost of improper recovery could ultimately result in systems being hit again and taken down for longer.

 

 

Cultivating collective understanding 

One reason IT and security teams end up siloed is the healthy competitiveness that often exists between them. IT wants to innovate, while security wants to lock things down. These teams are made up of brilliant minds.

 

However, faced with the pressure of a crisis, they might hesitate to admit they feel out of control, simmering issues may come to a head, or they may become so fixated on solving the issue that they fail to update others.

 

To build an effective incident response strategy, identifying a shared vision is essential. Here, leadership should host joint workshops where teams learn more about each other and share ideas about embedding security into system architecture.

 

These sessions should also simulate real-world crises, so that each team is familiar with how their roles intersect during a high-pressure situation and feel comfortable when an actual crisis arises. 

 

 

Consolidated, not repeated, recoveries

Above all, an effective incident response strategy isn’t just about reducing friction. It’s about building resilience. But how do you assess readiness?

 

The quick answer is to measure the effectiveness of your shared responsibility model. The are classic measures, such as Mean Time to Detect, Mean Time to Respond, and Mean Time to Remediate, to ensure teams are working towards something, but for me, it’s about assessing readiness through structured activities.

 

By simulating realistic scenarios, whether it’s ransomware incidents or malware attacks, those in leadership positions can directly test and measure the incident response plan so that is becomes an ingrained process. Throw in curveballs when needed, and use these exercises to identify gaps in processes, tools, or communication.

 

Effective response comes down to creating clear roles, clear communications, and a clear and shared purpose. When you break down occupational silos and encourage collaboration between security and IT, most problems will resolve themselves. Remember, a problem shared is a problem halved. 

 

---

 

James Blake is Vice President of Cyber Resiliency Strategy at Cohesity

 

Main image courtesy of iStockPhoto.com and Albina Gavrilovic