Cybersecurity and Organisational Silos

Organisational silos are more and more often pointed out within enterprises. Those happen to be obstacles to communication and collaboration between the teams, as they ruin efficiency and prevent a fluid circulation of information and data. With such a system, departments see each other on very few occasions, and they don’t communicate. They’re acting as independent entities and they’re no longer sharing vision, goals, priorities, or even IT tools.

With those organisational silos, cybersecurity only comes at the end of the production line, which makes it restrictive and inefficient towards risks and threats like cyberattacks.

Therefore, which barriers exist within organisations between cybersecurity and its implementation? How could we remove them?

That’s what we’ll discover in this new post with the help from our cybersecurity experts.

1. Working in Silos: Huge Risks for the Enterprise

What is a silo in an enterprise?

When the term silo is used in a work-related context, it refers in a figurative way to silos used in agriculture. In a farm, a silo is a tall structure with no window, whose purpose is to contain grain. We can’t access it easily and openings are very limited.

In an enterprise, a silo doesn’t contain grain, but information and knowledge, with a restrictive access for the rest of the organisation.

When an enterprise works in silos, entities – such as departments – will work like if they were entirely independent from each other. Each department will therefore work on its own specialties without taking other departments in consideration.

Those many silos become more and more information-proof and struggle to sync up with others or to simply work together.

What are the risks created by working in silos?

Working in silos no longer meets requirements towards clients and employees, nor towards security needs. It seems even truer within our current digital age.

When employees of a department can’t interact efficiently with their counterparts from other departments, it’s the entire organisation that happens to suffer from this, which could lead to revenue losses or land disputes between departments.

Those organisational silos can become huge barriers within an organisation and those could appear very hard to break when they have been established for a long time.

They bring a strong resistance to change, administrative slowness, productivity decline, a clear demotivation among employees, and most often a very bad client experience, …among others.

What are the risks created by working in silos?

2. What Are the Risks for Cybersecurity when Working in Silos?

Working in silos is often pointed out, but it’s still the reality of many cybersecurity teams. Silos tend to break within organisations, but cybersecurity remains separated, as if it were apart form the rest. Over half of DSIs claim their IT teams and other departments of the organisation work currently in silos.

Here are a few examples of consequences created by a silo organisation, in regard to cybersecurity teams:

The launch of a new product or service

In product development, it can become a real problem if cybersecurity teams come only at the end of the line for their audits and controls.

They don’t follow the whole development line, and if they detect a flaw or report the product out of compliance, this will only happen right before its release and will therefore delay it. This will come as a real time loss for the teams, while also having a huge financial impact.

Because of that, cybersecurity teams are seen in a negative way, leading other departments to get around such controls.

Without those controls, the impact of a security flaw on the product will be even bigger, and do great harm to the enterprise’s reputation and their clients’ trust (e.g. if a data leak happens).

Training

More often, to be certified as compliant, every collaborator of the enterprise will need a cybersecurity training. This training is however given in a very cold way. Employees get a set of documents, and they must learn them and test their new knowledge right after. Such type of training comes however as a very inefficient way to do so.

Sharing information

Cybersecurity teams don’t adapt their message to the other teams. Many documents are very technical and generic, but are still imposed to every collaborator. Here again, cybersecurity doesn’t adapt to the other departments’ realities.

In summary, cybersecurity teams develop in parallel to all other departments when working in silos, and key messages don’t go from or to them. It’s often due to a lack of time or money, but the entire culture and vision of the enterprise is also involved. The reasons behind such an isolation of cybersecurity teams can vary, but every organisation suffers from its side effects and negatives consequences.

Also to be read: Cybersecurity: The Key Element of a Successful Digital Transformation!

What Are the Risks for Cybersecurity when Working in Silos?

3. What Are the Solutions to Break Silos and Enhance Overall Dynamics of the Enterprise?

Breaking silos by using culture to include every collaborator

A first leverage to put cybersecurity out of its silo is to raise awareness among the other collaborators.

For everyone to be trained properly in cybersecurity, you’ll have to let go of those cold trainings and generic information.

Every collaborator has to feel concerned about cybersecurity and its issues. Training must therefore be crafted to consider the history of every department, to adapt key numbers to each department, and to be the enterprise’s own training.

The entire organisation must adopt a culture of collaboration and trust and understand that cybersecurity has to be included from the start.

Everyone must understand that cybersecurity is the condition for innovation and transformation, and not an obstacle to those.

Indeed, if the user is sometimes seen as part of the problem, he’s actually a big part of the solution. The first line of defense is and always will be human.

Working together

A second leverage to put cybersecurity out of its silo is to promote collective work.

Cybersecurity teams must not come to others with key procedures or golden rules to apply – quite the contrary. They must talk with every team of an issue every one is concerned about: Security.

In order to achieve this, a good tip is to name some collaborators as ‘’security champions’’.

Those are members from different departments who will raise awareness within the entire organisation on cybersecurity issues. They work together on good practices to implement, on their vision of cybersecurity, on security requirements, risk analysis or even the choice of IT tools – no matter what their initial occupation is.

Those transversal teams, which include every security-related occupation within the organisation, will implement solutions for and to everyone thanks to collective knowledge.

The point is however not to only create a community of experts, but also animate it in order to keep new talents.

DevSecOps: Including cybersecurity from the start

In order to understand DevSecOps, we must first explain DevOps.

What we call DevOps is a method to get production and exploitation teams closer with the goal to get products with a better quality, a more efficient delivery, and real collaboration and improvement. In such a system, the enterprise comes as more innovative due to developing new products more quickly and more often.

Despite this, a primordial issue is still missing in this management method: Security!

If a product is quickly developed, but gets a flaw detected during the controls at the end of the production cycle, the entire DevOps system falls apart.

Security must be included at the earliest stage of development to be able to detect potential security flaws quickly and correct them more easily.

DevSecOps adds the fact that enterprises must take security issues in consideration from the start. Moreover, security becomes a shared responsibility and doesn’t rely only on the security team.

Break the cybersecurity silo? Work on every aspect!

For cybersecurity issues, it’s essential to be active on all fronts. That’s why we at Wemanity tackle every component of cybersecurity in our solution: