This has been a watershed year for security. Hundreds of mass shootings across the United States, brutal attacks on public officials, and an increasingly complex threat landscape are compelling companies to sharpen their focus when it comes to security procedures and policies.
Enterprise security teams are on the frontlines of these efforts and face many challenges—among the most daunting obstacles is siloing within their organization. This is a detrimental breakdown in process that has the potential to limit security teams in terms of data intelligence, resources, and taking action, among others.
Effective Communication Minimizes Corporate Risk
Silos can prevent companies from keeping their people and assets safe and diminish the effectiveness of a risk mitigation and management strategy. Different departments within a company are often tracking the same risks. But because they are operating in silos and don’t communicate across functions, they are typically not aware of these redundant efforts resulting in resources and intelligence that could make a big impact when it comes to proactively identifying and mitigating threats not being shared.
For instance, workplace violence perpetrated by a former employee that is addressed by the physical security team may be directly tied to an insider threat previously identified by the cybersecurity team or an incident with that employee identified by the HR team. Legal and compliance may have had information concerning policy-breaking actions taken by the employee that could have been a pre-incident indicator and context to the physical security team managing the event.
Without a streamlined and operationalized method of communication and the resources to share insights, the ability of all of these different departments to make connections and link events are limited, time-consuming, and ineffective for mitigating risks.A Shared Understanding of Risk Results in Better Outcomes
How can a cross-functional process be successfully implemented when departments are used to “staying in their lanes” and following their own guidelines and processes to address conflict?
It can start with a conversation. By fostering inclusive discussions among all departments and adopting a centralized platform or technology to share information, companies can gain a complete operating picture of their unique security concerns and threat landscape. In doing so, a common operating language and process can more easily be established that everyone can follow, and fewer threats will slip by unnoticed.
It is also crucial that leaders recognize that security is everyone’s responsibility. A recent survey of physical security, cybersecurity and IT, legal and compliance, and human resources (HR) executives revealed that when asked, each indicated their own department was responsible for threat assessment and management: 76% of physical security said they are responsible, 62% of HR said they are responsible; 49% of cybersecurity and IT said they are responsible; and 47% of legal and compliance said they are responsible.
This disagreement — or confusion —among respondents with different specializations is vital to try and resolve, as it could likely translate into unclear, muddled threat investigations, further proving the dangers of siloed communication. Tools and datasets used throughout an organization should be woven together rather than kept in separate swim lanes. Everyone needs to be on the same page in order to know what they’re looking for, what the plan of action is if they identify something out of the ordinary, who will address it and how to communicate that plan to the larger team.
Breaking Down Silos for Long-Term Success
It is more apparent now than ever before that security risk management processes and collaboration are not a luxury, but a necessity as companies continue to navigate the heightened threat landscape moving into 2023.
In the year ahead, companies will face increasing pressure to break down information silos for a clearer operating picture of their security landscape. Undoubtedly, this will demand attention from leadership, which must prioritize structural changes and invest in technology that helps eliminate these barriers, including cross-team communication and data collection and analysis, to work toward a comprehensive risk mitigation strategy.
Together, these efforts will enhance the visibility and capabilities of security teams across businesses of all sizes and be a step in the right direction for a safer 2023.