close
close

first Drop

Com TW NOw News 2024

The real challenge of cybersecurity is communication, not just technology
news

The real challenge of cybersecurity is communication, not just technology

COMMENTARY

In business, the importance of building strong relationships between teams cannot be overstated. This is especially true in cybersecurity, where rapid and effective incident response depends on the ability to share information seamlessly across the organization.

Despite this, communication remains a sore point for security teams. In Tines’ 2023 “Voice of the SOC” report, 18% of security professionals admitted that communication was one of the least enjoyable parts of their job. Their frustration stems from the need to simplify and convey complex information to lesser-known stakeholders, while also managing an overwhelming amount of data from multiple technologies that takes up too much of their time. In a workplace full of distractions, professionals want to cut through the noise.

Automation stands out as a key facilitator here, removing the organizational friction that often blocks collaboration between departments. By automating routine tasks like communication and reporting, security professionals have more time to focus on strategically valuable work. This results in happier teams, which in turn strengthens the company’s security posture.

Automation also acts as a bridge for collaboration, breaking down departmental silos and opening communication channels across the business. When security, IT, and engineering teams work in sync, organizations can quickly identify vulnerabilities and eliminate threats before they become broader problems.

Let’s take the example of setting up an automated workflow to share threat intelligence between security and fraud teams. For example, if the fraud team detects a new phishing campaign, this information is immediately shared with the security team, who can alert other departments. By using automation to increase visibility into security issues, critical information is quickly disseminated and action is taken.

Making safety second nature

Advanced technology solutions that leverage AI and large language models (LLMs) also pose unique challenges for security teams, who must learn to navigate both human-to-human and human-to-tech interactions. According to an expert at MIT, rapid engineering is now the most important AI skill you need. The better you can tell AI what you want it to do, the more likely it is to deliver what you expect. Clear and detailed instructions allow AI to understand your requirements specifically, leading to more accurate and satisfying results. And as the use of autonomous tools and processes increases, maintaining meaningful communication within the company becomes increasingly important.

While effective communication can often be facilitated by technology — specifically automation — the reverse is not always true. If you can’t get everyone on the same page, the true value of new technologies remains out of reach.

What really takes cybersecurity from good to great is a shared culture of vigilance. When every department focuses on security priorities and best practices from the ground up, consistent and secure processes become second nature.

Working with site reliability engineering teams taught me a lot about this. Even when we had a great team and a stable product, things still went wrong: a code push would fail or something would break, triggering a rapid response to roll back changes.

Although these issues were rarely security-related, involving security personnel for the sake of due diligence became best practice. This calm, controlled and collected approach to incident management emphasized the value of clear communication. Rather than treating these situations as crises, we embraced them as routine parts of the job, which led to respectful, effective incident handling and appreciation for each other’s efforts. This meant we were always ready to tackle whatever came our way.

We have also benefited from being consciously transparent during and after a security incident, as effective communication is often decisive for the extent to which a company can maintain its good reputation.

People tend to be more forgiving of companies that handle security incidents honestly and openly. By quickly sharing what is known about an incident and being clear about the steps being taken to resolve the issue and prevent it from happening again, organizations demonstrate accountability and care about doing the right thing. When you foster a culture of open communication, teams are better prepared to effectively manage crises when they occur.

Bridging communication gaps

Bloated tech stacks and outdated systems will always draw the ire of security professionals and other employees. But when you strip away the technology to reveal the core of the problem, mastering cybersecurity is fundamentally about mastering effective communication.

Building strong relationships between teams ensures that security is embedded in the company culture from the start, reducing reliance on expensive or redundant security solutions. These relationships make vigilance, preparedness, and accountability part of the status quo, rather than behaviors that companies are forced to adopt when things go wrong.

Likewise, teams have more time to talk, and therefore more time to innovate and solve problems together. By strategically deploying automation, companies can bridge the communication gaps that prevent this from happening, and security professionals can focus more on the parts of their jobs they love.

By doing this and creating a safety-focused work culture that engages everyone, organizations can overcome challenges with greater agility and confidence.