The market upheaval caused by the pandemic, supply chain issues, climate change, war and general mistrust in governments means new opportunities for cybercriminals. While most of us have been busy trying to navigate the new world of work, cybercriminals have been busy cooking up new schemes to trick, threaten and defraud corporations around the globe.
Companies have taken notice and continue to increase their cybersecurity spending. According to PwC’s Global Digital Trust Insights Survey 2022, “investments continue to pour into cybersecurity” with 69% of responding organizations predicting a rise in their cyber spending for 2022, yet are these investments being used wisely and efficiently?
The CISO’s job of identifying risk and advocating for stronger protections adds work for IT teams and can instill fear in the boardroom, making the CISO an adversary to some and a necessary evil to others. Meanwhile, CIOs face pressure to deliver on digital transformation, improved customer experience and innovation at record speeds. It’s understandable that the CISO can be viewed as a roadblock to other IT teams (which is made worse when egos are involved).
But it doesn’t need to be this way — here are three ways CIOs and CISOs can work together to maximize investments, increase efficiency, reduce risk and improve time to market.
- Embed security best-practices into all IT processes: By embedding security into all IT delivery processes (ITSM, SDLC, DevOps, etc.), this ensures the delivery of secure products and prevents costly rework later. This also support’s IT’s need for delivering stable and secure products while reducing support costs due to outages.
- Implement a shared monitoring capability: IT monitors systems for uptime and stability while cyber monitors for intrusion and security incidents. There’s plenty of overlap in the data and log files required for both functions. While this may not work in all organizations, many organizations have realized synergies from a combined function that supports both operational stability and cybersecurity. Not only does a combined function save saving money on hardware, software, storage and labor, it enables better visibility, communication and coordination across functions and provides analysts with more context for their work (making the often-mundane job of monitoring more interesting and rewarding).
- Share data, data platforms and AI capabilities and talent: Another area where IT and cyber teams can achieve efficiency is around data platforms. IT teams typically have dedicated data teams and decades of experience building, implementing, and supporting analytical and real-time data and integration platforms that provide the foundation for advanced analytics and artificial or augmented intelligence. These tools and skills are easily transferable to cyber use cases. Moreover, many cyber professionals landed in cyber with a background in infrastructure and networking and lack the experience and know-how required to build and support data, integration and advanced analytics capabilities. CISOs and CIOs would be wise to team up on data platforms and the skilled labor often missing on cyber teams.
By finding common ground, overlapping capabilities and synergies, cyber and other IT teams can work together to enable better, more stable, and secure solutions while creating efficiencies and cost savings for the enterprise.