You’ve undoubtedly heard Michael Jordon’s famous quote, “Talent wins games, but teamwork and intelligence win championships.” Jordan’s words encapsulate the fruition of team spirit and strategic thinking through tactical implementation. Similarly, in the cybersecurity world, we often say that security is a team game, but have you ever considered who’s on the team and who isn’t but should be?
Cybersecurity is the collective responsibility of every employee, partner, contractor and vendor to fortify all the walls and stop bad actors from gaining access to your kingdom. We can divide this collective responsibility into three layers that touch all aspects of the business. Internal collaboration is a starting point for this collective responsibility across all business functions. Then, there’s collaboration with the third-party vendor community. And then, we collaborate to share and learn from our peers’ experiences.
A three-fold approach to cybersecurity collaboration will bring constant scrutiny and attention to security issues while enabling faster communication. In essence, you’ll have more eyes across the organization’s IT environment that identifies impending risks, security incidents and potential breaches with shorter response time.
Let’s take a detailed look at the three-fold approach and how the effort can help you benefit from driving collaboration on collective cybersecurity responsibility.
The Three-Fold Approach to Cybersecurity Collaboration
Here’s what an optimal three-pronged cybersecurity collaboration effort looks like:
1. Internal Collaboration
While cybersecurity teams are responsible for securing the network, data, endpoints, workloads, user access, automation, orchestration and continuous threat detection and prevention, other business functions have an equal hand in ensuring continued education and responsible behavior that protects your organization’s digital assets. Think of your cybersecurity team as your Tier 1 stakeholder, with the authority to make decisions and implement security controls for the entire organization.
Your Tier 2 stakeholders include leaders of various business functions, such as HR or finance. For instance, HR ensures all new hires receive an optimal onboarding process intertwined with IT services and security controls deployment. These functional Tier 2 stakeholders can collaborate with Tier 1 stakeholders to implement best-in-class security controls and cybersecurity awareness training for all Tier 3 stakeholders, including employees, contractors and third-party partners.
We should consider all three tiers of stakeholders equally significant because if the average user – a Tier 3 stakeholder – can’t follow the recommended security hygiene by the other stakeholders, the entire organization winds up at risk of a security incident or a breach.
2. External Collaboration
Now that we’ve spotlighted internal stakeholders let’s consider that our external stakeholders are third-party vendors in the increasingly complex technology ecosystem. A vulnerable software stack is a gateway for bad actors to unleash the chaos of malware and identity-related attacks. It’s, therefore, essential to build trust with each third-party vendor providing your organization with any product or service. These third-party vendors must address critical CVEs promptly and allow your organization’s Tier 1 stakeholders to review their offerings for quality and the vendor’s security posture.
Particularly now in the burgeoning era of AI-powered products and services, it’s more critical than ever that your organization’s Tier 1 stakeholders have a cadenced opportunity to evaluate the AI implementation in the products or services you use.
3. Peer Collaboration
Technology leaders and practitioners must learn from one another. As such, peer collaboration is the most important part of comparing and contrasting cybersecurity strategies that support unique business requirements.
There are a couple of different ways to participate in peer collaboration. For example, meet-up groups on relevant topics such as AI seek to bring together like-minded leaders to discuss their unique experiences and learn from shared experiences. Alternatively, industry-focused peer groups that focus on specific topics, such as the intersection of FinOps and security, can bring a wealth of knowledge to CIOs and CISOs of organizations operating in regulated industries. To this end, I will hold a CISO roundtable at CyberArk’s marquee identity security event, IMPACT ‘24, in Nashville next month. I hope to create a trusted circle of cybersecurity leaders who can leverage shared experiences to optimize cybersecurity collaboration on all three fronts mentioned above and deliver better defenses against back actors.
How Can Cybersecurity Collaboration Work Effectively?
For any initiative to succeed, it needs a detailed process plan. To design an effective collaborative approach, we must:
- Communicate. Clear, concise and cadenced communication is the foundation of any successful collaborative initiative. I often recommend that more communication is better than none. This way, we can ensure that internal and external stakeholders know their roles and responsibilities.
- Commit. I recommend a dedicated individual or team responsible for committing to cybersecurity collaboration initiatives within each stakeholder group. This way, we ensure accountability on key initiatives with assurances that they do not fall through the cracks.
- Empower. Part of any team sport is to ensure your team members are empowered to make effective decisions quickly. If you are the bottleneck, make sure you have a plan to get out of the way. Remember, agility is essential because, in cybersecurity, no one day is the same as yesterday.
- Educate. Continuously educate all stakeholders on standard cybersecurity hygiene. The basics of common security practices are often the key to thwarting bad actors.
- Motivate. Remember that every sports competition ultimately crowns a winner, and every winner receives a prize. Think of how you can motivate and incentivize your stakeholders to remain committed to continued cybersecurity collaboration. It may be as simple as a quarterly award or recognition to help ensure collaboration practices run deep within your organization’s DNA.
I would love to hear about how you initiate collaboration in your organization. I also hope you attend (and participate in) my CIO and CISO roundtable at CyberArk IMPACT in Nashville. Here’s to fostering collaboration because … we’re all playing for the same team.
Omer Grossman is the global chief information officer at CyberArk. You can check out more content from Omer on CyberArk’s Security Matters | CIO Connections page.