If you were to ask executives what’s their biggest worry going into 2022, you’d find that at least half of them would cite cyber risks. That’s what comes from PwC’s 25th Annual Global CEO Survey, which surveyed 4,446 CEOs from 89 countries.
The reasons for that are quite obvious to anyone that’s been following the news. The rise of ransomware and the increasing sophistication of attacks gets combined with the potential negative impact these threats could have on companies across industries. It’s no surprise, then, that cybersecurity became the top priority for most businesses.
Their response to the new threatening landscape is increasing investments in new cybersecurity technologies and embracing new mindsets and methodologies. Only sporadically do companies invest in ongoing training programs for their employees, a key to battle against cyber threats. But even when businesses do develop a continuous security program for their workforces, they often forget about the power of team collaboration in cybersecurity.
Team Collaboration and the Fight for Security
It’s often said that people are the weakest link in any cybersecurity strategy, something that has been unfortunately proven true way too many times. That’s the main reason why a purely technical response to the increase in cyber threats won’t provide the level of security modern businesses need. While important, digital security solutions are simply not enough.
That’s why some experts in the security field are advocating for a mindset change in how we all see cyber security. Rather than solely relying on technology and occasional training, they say it’s time to embrace a human-centric approach to cybersecurity where team collaboration is key.
The underlying idea is fairly straightforward: when a threat compromises a business, it negatively impacts it on an organizational level. A disruption in one department can (and likely will) have repercussions company-wide, so each and every team should be vigilant for cybersecurity to avoid those disruptions.
This idea invites companies to think of cybersecurity as a shared responsibility rather than a worry for the IT team alone. While the concept is fairly easy to understand, it’s trickier to put it into practice. That’s because a lot of teams see security practices and protocols as obstacles for their daily operations (Don’t believe me? Ask around to check how many people like having to go through any form of multi-factor authentication to access a service).
Oftentimes, there’s a clash between security interests and operational comfort that unluckily resolves in favor of the latter. That’s when team collaboration comes into play. When employees establish bonds with people from other teams (especially the one from the IT or security department), they can understand why they do what they do. They can develop a sense of empathy that leads them to a clear understanding of the reasons why those cybersecurity measures exist in the first place.
Getting there can be tricky. The security team might feel like they have the ultimate say on all operations, as cybersecurity is paramount to the organization. The rest of the teams may argue that they’re as important and that their work is what makes the products and services possible. To prevent that from happening, you have to foster collaboration, set shared goals, and create proper incentives for each team.
Complexity: The Big Enemy
Perhaps the biggest challenge when it comes to achieving this level of collaboration and shared mentality is complexity. Think about it. When you have multiple systems with different methodologies and approaches ruling the operations, securing the corporate environment can be extremely difficult. This often leads to multiple barriers (both technical and operational) the IT team institutes to try to stay on top of things.
In other words, complexity and a lack of cohesion across the company leads to different routines and to a myriad of different tools and methodologies. Thus, the security team needs to develop diverse ways to serve all the varied processes and operations, which brings extra complexity, because those protocols don’t necessarily adjust to each individual need. That’s friction brewing right there.
The best way to overcome this obstacle is to reduce the complexity. That can mean a number of things, including modernizing the digital systems and streamlining processes but, at its core, is all about getting the teams to collaborate. Each team needs to understand where the security team is coming from and vice versa, so they can work together to embrace new systems and methodologies that better serve them and the company as a whole.
Toward a Human-centric Approach to Cybersecurity
Everything I’ve said so far aligns with that human-centric approach to cybersecurity many are calling for. Team collaboration, after all, is a human thing, which means you’ll have to work with all your team members to get there. That circles back to the need for ongoing training sessions about cybersecurity. I need to emphasize, though, that these sessions should go beyond the technical staff and into the softer skills territory, not just on an individual level but on a group level as well.
What’s more, training should be continuous, as that’s the only way you can detect potential friction in your team and work towards reducing it. In fact, those training sessions should serve you to work on your employees’ motivation, which should drive them to collaborate with one another in order to keep their digital environments secure for everyone’s sake.
As you can see, there are certain steps towards the human-centric approach that can help you deal with cybersecurity issues. First, there’s the need to identify the friction points across your organization. Then, you need to devise a strategy to reduce them, something that often comes from reducing the technical and operational complexity. In the meantime, you should also be working with your team to foster bond creation and define shared goals that bring everyone closer together.
I know, all of that sounds like a lot of work—but that’s because it is a lot of work. However, there’s no other way to truly elevate your cybersecurity strategy, something you should obviously be aiming for in this age of increased threats and sophisticated attacks.
