Few organizational charts can have clear functional lines, so it’s no surprise efforts of some departments overlap those of others.
But if numbers pulled from a survey sponsored by DNS solutions vendor BlueCat Networks are accurate, there’s a lot of tension between cyber security and network teams over who controls what.
And that tension could be increasing the risk of breaches.
When asked if their organization has seen any consequences resulting from lack of close collaboration between their teams from a suggested list
–34 per cent of respondents said they’d seen a slow response to security events;
–33 per cent has seen “finger pointing” and/or a “blame game;”
–32 per cent had seen an increase in security breaches/data loss;
–28 per cent had seen a loss of productivity;
–27 per cent had seen service down time;
–26 per cent had seen an inability to determine the root cause of security events.
(Participants were allowed to make multiple responses.)
Fourteen per cent said they hadn’t seen any of the consequences suggested on the list due to a lack of teamwork.
But 55 per cent of survey respondents don’t believe there is a high level of trust between cyber security and network teams. In addition, 43 per cent of network and 58 per cent of cybersecurity professionals think their counterparts lack a fundamental understanding of their role.
The survey of 200 network or cyber security team members from North American companies with at least 5,000 employees was conducted between May 16 and June 1.
To Jim Williams, BlueCat’s vice-president of marketing, the “shocking” numbers back up what the company hears from customers. “We had a meeting with our customer advisory board, and one member [in describing the problem] said, ‘The network team is responsible for ensuring every packet is delivered, and the cyber security team is responsible more making sure not every packet is delivered. And they’re still learning to live with one another.’
“He kind of said it in jest, but it summed up the problem.”
“It seems organizations are in a tug of war over responsibility for security and ownership of some of the tools that ensure security. But even more important than that, the teams both acknowledge they feel the other team doesn’t understand what they’re responsible for – and there’s some resentment over that.”
There are a wide range of security-related issues that get divided – or shared — between security and network teams: Network security policy definitions, policy enforcement, prevention of attacks, detection, analysis and mitigation. For example, among the survey respondents 46 per cent of said their security team defines network security policies, 30 per cent said the network team defines policies and 23 per said said their teams share the work.
When asked, respondents agreed there would be many benefits to integrating cyber security and network teams.
The solution is not necessarily folding the network team into security, Williams said, although some organizations are doing that. But at the very least better communications is vital. “Maybe there’s shared responsibility and better definitions, maybe there’s service level agreements, maybe the teams have to be forced to come together regularly to talk about the challenges.”
In some cases, Williams agreed, the board, the CEO or CISO may have to knock heads. “Yeah, it’s a top-down thing … I don’t think miraculously network and cyber security teams are going to walk off the floor and start shaking hands and become BFFs [best friends forever]. It’s something that’s going to have to be imposed.”