The Cost of Blame: Three Ways to Foster a More Positive and Productive Security Culture

News Desk -

Share

Garth Braithwaite, Senior Director, Gigamon

The cybersecurity industry has faced a plethora of challenges in recent years. From grappling with a severe talent shortage to combatting increasingly sophisticated threat actors, while also managing reduced infosec budgets, cyber professionals have been under tremendous pressure. 

Maintaining organizational health requires that network operations (NetOps) and security operations (SecOps) teams perform at their full potential, both in terms of technical proficiency and human capabilities. Yet despite IT leaders’ intensified efforts to bolster technical defenses against persistent threat actors, the human element of cybersecurity defense is often overlooked, which can contribute to organizational vulnerability.

Breaking the Blame Game in cybersecurity

The global cybersecurity industry faces a daunting challenge – an increasingly dangerous threat landscape coupled with a significant personnel shortage. According to a Microsoft Gulf official, the industry has a massive 2.5-million jobs gap to fill globally to keep up with an evolving digital underworld. This shortage means that cyber professionals must be firing on all cylinders to handle adversity, yet a pervasive blame culture often undermines their efforts.

Blame culture is characterized by finger-pointing in the case of a cyberattack, leading to a reluctance to report and respond to incidents promptly. Instead of taking ownership of the problem, leaders and team members are more likely to shift blame, causing delays in critical changes and exacerbating the problem.

Recent survey findings reveal that 88% of security teams across the world acknowledge the existence of a blame culture within the industry. This has led to a widespread belief that such a culture slows down incident response times, ultimately making SecOps teams counterproductive.

As ransomware attacks continue to rise and threaten organizations, it’s crucial that security teams operate efficiently and effectively. However, blame culture can hinder their ability to respond quickly and collaborate effectively. To combat this, organizations can take the following steps to move away from blame culture and strengthen their security posture:

• Foster a culture of transparency and communication within the security team

In the world of cybersecurity, mistakes can happen, and blame culture can be a real threat to the effectiveness of security teams. That’s why it’s crucial for leaders to prioritize building a strong sense of unity among team members. By promoting communication and transparency, teams can work together to learn from mistakes and improve their processes. To achieve this, leaders can consider implementing training sessions and workshops for their security teams. These sessions can focus on improving communication skills, conflict resolution, and cultivating a culture of continuous learning and improvement. By investing in their team’s professional development, leaders can demonstrate a commitment to their employees’ growth and success, which can foster a sense of loyalty and motivation among team members.

• Implement deep observability tools

Apart from building a solid team culture, organizations need to adopt technical tools to bolster their security posture. One way to reduce the occurrence of blame culture is by deploying deep observability tools that will enable holistic visibility across all data in motion. This will help to prevent ransomware attacks and other threats from occurring in the first place, therefore reducing tension and conflict between NetOps and SecOps teams. Fortunately, a quarter of CISOs/CIOs consider deep observability tools as an effective way to combat blame culture, as stated in Gigamon’s recent ‘State of Ransomware for 2022 and Beyond’ report. This enables employees to detect and respond to threats with more confidence and less stress.

• Adopt a security-first mindset across the organization

It is clear that corporate cybersecurity is not solely the responsibility of NetOps and SecOps teams. Yet one in three employees do not understand the importance of cybersecurity, which inevitably creates a number of stresses and threats for security teams. It’s crucial therefore that education for the entire workforce, with regular training initiatives and check-ins, is a priority. 

As the cybersecurity industry faces a massive personnel shortage and unprecedented levels of malicious attacks, companies must support their security teams. Organizations should acknowledge the existence of blame culture and its impact on their operations, and take steps to mitigate it. By adopting a security-first mindset, companies can better protect against emerging threats.

In today’s increasingly complex threat landscape, blame culture can prove to be a major hindrance for security teams. To effectively combat this issue, leaders must prioritize transparency and communication, leverage technical solutions such as deep observability, and foster a security-first mindset across their organizations. By doing so, companies can better equip their security teams to proactively mitigate threats, rather than reactively assigning blame. Ultimately, this will lead to more effective incident response and a stronger security posture overall.