Lack of trust between cyber security, network teams, survey suggests

Few organizational charts can have clear functional lines, so it’s no surprise efforts of some departments overlap those of others.

But if numbers pulled from a survey sponsored by DNS solutions vendor BlueCat Networks are accurate, there’s a lot of tension between cyber security and network teams over who controls what.

And that tension could be increasing the risk of breaches.

When asked if their organization has seen any consequences resulting from lack of close collaboration between their teams from a suggested list

–34 per cent of respondents said they’d seen a slow response to security events;

–33 per cent has seen “finger pointing” and/or a “blame game;”

–32 per cent had seen an increase in security breaches/data loss;

–28 per cent had seen a loss of productivity;

–27 per cent had seen service down time;

–26 per cent had seen an inability to determine the root cause of security events.

(Participants were allowed to make multiple responses.)

Fourteen per cent said they hadn’t seen any of the consequences suggested on the list due to a lack of teamwork.

But 55 per cent of survey respondents don’t believe there is a high level of trust between cyber security and network teams. In addition, 43 per cent of network and 58 per cent of cybersecurity professionals think their counterparts lack a fundamental understanding of their role.

The survey of 200 network or cyber security team members from North American companies with at least 5,000 employees was conducted between May 16 and June 1.

To Jim Williams, BlueCat’s vice-president of marketing, the “shocking” numbers back up what the company hears from customers. “We had a meeting with our customer advisory board, and one member [in describing the problem] said, ‘The network team is responsible for ensuring every packet is delivered, and the cyber security team is responsible more making sure not every packet is delivered. And they’re still learning to live with one another.’

“He kind of said it in jest, but it summed up the problem.”

“It seems organizations are in a tug of war over responsibility for security and ownership of some of the tools that ensure security. But even more important than that, the teams both acknowledge they feel the other team doesn’t understand what they’re responsible for – and there’s some resentment over that.”

There are a wide range of security-related issues that get divided – or shared — between security and network teams: Network security policy definitions, policy enforcement, prevention of attacks, detection, analysis and mitigation. For example, among the survey respondents 46 per cent of said their security team defines network security policies, 30 per cent said the network team defines policies and 23 per said said their teams share the work.

When asked, respondents agreed there would be many benefits to integrating cyber security and network teams.

The solution is not necessarily folding the network team into security, Williams said, although some organizations are doing that. But at the very least better communications is vital. “Maybe there’s shared responsibility and better definitions, maybe there’s service level agreements, maybe the teams have to be forced to come together regularly to talk about the challenges.”

In some cases, Williams agreed, the board, the CEO or CISO may have to knock heads. “Yeah, it’s a top-down thing … I don’t think miraculously network and cyber security teams are going to walk off the floor and start shaking hands and become BFFs [best friends forever]. It’s something that’s going to have to be imposed.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now