- Security TWENTY
- Women in Security Awards
Collaboration between IT professionals and senior leaders could drive the future of risk mitigation, says Sascha Giese, Head Geek, at the IT management software company SolarWinds.
The threat landscape has shifted dramatically in recent years, both due to the pandemic creating a need to accommodate remote workforces and the growing sophistication of attacks deployed by cyber hackers. What was once seen as a suitable level of risk for IT pros and their organisations has subsequently changed.
Pre-pandemic, businesses could be more generous when assessing risk levels, behaving less aggressively towards anything deemed as anything other than “high.” Now, however, it’s vital potential threats of any size are addressed with the utmost seriousness. If businesses fail to evaluate and act upon these threats, the consequences could be severe. To tackle these issues, clear, quick, and effective collaboration between IT professionals and senior leaders is essential.
This isn’t news to most IT professionals. A SolarWinds IT Trends Report revealed almost half (49 per cent) of respondents believe their organisation’s senior decision-makers have a heightened awareness of risk exposure—it’s not “if”, but “when” they’ll be impacted by a risk factor.
So, how can better collaboration between IT pros and senior leaders improve risk mitigation, what are the challenges in creating this level of cooperation, and how can these issues be overcome to ensure a more secure future?
It’s clear senior leadership teams need to change the way they perceive risk. The same SolarWinds research shows over a third (39pc) of tech pro respondents believe their businesses have had medium exposure to enterprise IT risks over the last 12 months. Almost half (46pc) of respondents cite external security threats—such as cyberattacks—as the most significant macro trend influencing their organisations’ risk exposure.
Considering how many UK businesses have seen medium exposure, it’s concerning to learn less than a third (31pc) believe their organisation is prepared to mitigate and manage risk. Meanwhile, 27pc said their senior leaders struggle to convince other leaders of this reality, ultimately limiting resources to address risk.
By shifting the threshold for interpreting risk exposure, businesses can align it with how threats are amplified by external factors. Put simply, if businesses are to witness a more secure future, any risk should be deemed as unacceptable and needs to be addressed urgently. So, how can IT pros work with senior leadership to ensure this happens?
There’s a significant opportunity for leadership teams to align with IT professionals on priorities and policies to guarantee their businesses, and wider industries, are equipped to mitigate, manage, and minimise risk.
While collaboration is key to realising this opportunity, so too is coming to terms with the fact that security compromises will likely happen, regardless of how tight a ship is run. More complex threats will emerge, other external factors will play their parts, and enterprises will face threats they may not have anticipated.
IT pros should therefore implement detection, monitoring, alerts, and responses along the kill chain. Simultaneously, these professionals should engage in tabletop exercises to measure effectiveness and guarantee they have the tools in place to both address these threats and defend against any level of risk exposure.
But how should these two teams best collaborate? The SolarWinds study shows one-third of respondents felt their organisation is improving alignment between IT business goals and corporate leadership in response to other tech adoption barriers, such as decreased staff size and a lack of available IT management tools. While this is a good start, more businesses need to ensure this alignment is in place if they are to reap the rewards.
Ongoing, strategic discussions between these two departments are vital. IT pros must be prepared to fight for their cause, validating the need for investment of time and money. While showing understanding that budgets are stretched, any case they make for new deployments must be accompanied by irrefutable proposals backed by figures.
IT pros should feel similarly empowered to make an equally well-argued case when discussing training needs for personnel, finding time for skills development, and lack of resources to facilitate upskilling.
The key to these conversations is IT teams learning the “language of business.” By framing discussions about this topic in business language, these professionals can make their case more strongly. For example, an organisation with an IT team ill-equipped to tackle threats could see serious losses should an attack occur. Investment in training can nullify this risk and help to safeguard the company against such losses. By positioning this conversation in the right way, IT professionals can secure the investment needed to deliver better risk mitigation.
As businesses continue to look forward after a period of unprecedented disruption, now is the time to both reassess how risk is viewed and for senior leaders to work more closely with IT professionals to help ensure a secure future for everyone.