You’re probably familiar with the phrase, “When all you have is a hammer, every problem looks like a nail.” That phrase—or variations on it—are frequently used to describe how teams or individuals often have a myopic approach to addressing challenges based on their unique perspectives and skill sets. The problem is illustrated in a recent report that highlights issues organizations face when it comes to cybersecurity and compliance.
Get started on your cybersecurity degree at American Military University.
Cybersecurity and compliance are crucial for organizations—but they are also challenging. The threat landscape is constantly growing and shifting, making it difficult to stay one step ahead of attackers and adequately defend networks and data. A survey of cybersecurity professionals at Black Hat USA 2019 in August of last year found that 65% believe their organization will have to respond to at least one major cybersecurity breach in the next year. Addressing cyber threats and compliance mandates is even harder if the effort is not coordinated.
The report from Real Time Research Reports, sponsored by Authentic8, examines survey results from 163 senior level compliance, legal, and IT managers from financial services companies or law firms with clients in the financial industry. Among the organizations that took part in the survey, it seems that these three teams each view both the issues of cybersecurity and compliance and how to address them through their own skewed lens. In other words, every problem is a “nail” that only their particular “hammer” can solve.
“What’s perplexing to me, with data breaches and privacy violations at an all-time high, is how deep the divide still runs between IT, compliance and legal professionals in many firms, according to these findings,” commented Scott Petry, co-founder and CEO of Authentic8, in a press release about the report.
Hammers and Nails
The report quotes Michele DeStefano, a law professor and co-founder and co-editor of the Compliance Elliance Journal, is quoted in the report, “These three groups are working on the same problem, but they have different views of what the main problem is. When you have three different groups solving for different problems, that’s when you find gaps.”
Here is a look at the unique perspective each team brings to the challenges of cybersecurity and compliance:
According to the report, compliance teams are focused primarily on reducing exposure to risk through malware or social media platforms. The concerns of the Compliance team are supported by data from the 2019 Verizon Data Breach Investigations Report (DBIR), which found that 33% of external attacks use social media as an attack vector, and nearly a third involve malware.
Among the three teams, compliance had the highest percentage that agreed their organization needs to significantly reduce malware incidents (67%) and that their organization needs to close cybersecurity and compliance gaps caused by employee access to social media and/or clicking on unauthorized URLs (62%).
The focus of Legal teams that took part in the survey revolves primarily around IT security and data protection policies. Survey respondents from the Legal team seem more attuned to the value and importance of policies. They are also concerned with reducing the risk of web browsing and providing secure access to web-based resources and data for mobile users.
Cybersecurity and compliance are seen by most as predominantly IT issues. The report found that IT teams are more intimately aware of how cyber attacks happen. The IT team is also more likely to experience backlash or pushback from users when it comes to security policies and controls, so they are more sensitive about what gets implemented and how.
Align Efforts for the Common Good
Hammers are great if all you have are nails. However, it’s important to use the right tool for the right job. The world is comprised of more than just nails, and building something great often requires an array of tools—saws, drills, screwdrivers, etc.
The difference in perspective and strategy from each of these teams is understandable, but it also highlights the way each might be putting too narrow of a focus on complex challenges. Organizations need to ensure that these three teams collaborate and develop core strategies that enable them to work together to achieve common goals.
You can download the full report, “Surprising Disconnect Over Compliance and Secure Web Use at Financial Firms,” to check out for yourself here. See if any of the issues described in the report apply to your organization and take steps to address them for more effective cybersecurity and compliance.