Silos are a common theme in many businesses. It can occur in any industry, department, or team. The reasons this is all too prevalent are many, from cultural issues to not sharing data to a lack of communication. Silos undermine an organization’s ability to be proactive and agile, weakening its cybersecurity posture.
So, how did cybersecurity become so siloed? And what can you do to break silos down?
Why Silos Exist in Cybersecurity
Cybersecurity often sits in a walled garden, with little interaction with the business side of an organization. There have been some shifts to bring it into the fold, with CISOs (chief information security officers) now having a seat at the table with the C-suite.
This demonstrates the process, but the silos have stood for a long time, so they are very much a current problem. There are several reasons why they exist, including:
- Businesses believing cybersecurity impedes innovation and growth and intentionally wanting to keep it separate
- The increased number of attacks and threats cybersecurity teams must defend against, which keeps them in a reactive mode instead of a proactive one
- Failures in communication that leave cybersecurity and other parts of the company unaware of the landscape and its evolution
- No shared accountability for cybersecurity throughout the organization, which leaves cybersecurity on an island when it comes to security and resilience
- Company leadership not treating cybersecurity as a business enabler, which can impact budgets, staff numbers, and resource allocation
- No initiatives to build partnerships across the organization between cybersecurity and other teams
All these reasons have a foundation in disconnection. When cybersecurity isn’t a critical part of an organization, it’s easy for silos to stay in place.
Those silos can exist within teams as well.
Cybersecurity Silos Are Present Within Technical Teams
It’s not just the enterprise-wide silos you have to worry about. Chances are they are also creating walls within your people. These may be even harder to conquer because of the nature of the job and the characteristics of individuals.
Silos within cybersecurity occur primarily because cyber professionals never want to be wrong. They concentrate on always being the smartest person in the room. When others question their stance, internally or externally, they find solace in silos where they have all the control.
If this sounds familiar, you’re not alone. It’s all too common in the cybersecurity workforce to have people operating independently without much awareness of what others are doing. Furthermore, many don’t care. They have surety in their capabilities and don’t want to share or collaborate because it could lead to them being wrong.
The silo mentality leads to the things that are threatening the cybersecurity workforce — unhealthy cultures, burnout, and an uneven work-life balance. These were all reasons that cyber professionals left jobs, according to the (ISC)2 Cybersecurity Workforce Study.
Dissatisfaction in a cyber job has more to do with organizational issues than the work. Silos are a threat to your team and cybersecurity posture. They breed resentment and disengagement. It’s bad for everyone, but it’s difficult to transform mindsets and perspectives from a silo perspective to a collaborative one. For this shift to occur, you have to focus more on soft skills than technical ones.
Silos Keep People From Adapting and Changing
As noted, silos can seem like safe places for cyber professionals who cling to certainty and believe they don’t need others to do their job well. What it actually does is keep people in a state of stagnation. They won’t grow or change because doing so would mean they have to accept that they don’t know everything. That’s too big of a pill to swallow for many without intervention.
Those who crave the safety of a silo aren’t bad people (usually). It is possible for them to get to a point where they’ll embrace the gray that cybersecurity lives in, moving away from black-and-white thinking.
Cybersecurity is a dynamic industry, indicating that evolving practices and protocols are necessary. Even if you consistently improve your strategies and ways to manage and eliminate threats, that doesn’t mean that silos aren’t still present. They show themselves in many different ways, from how your employees work with other groups, how they handle user interactions, and what happens when a threat becomes a reality.
How Silos Put Your Cybersecurity Posture At Risk
On the threat landscape, there are a million things that increase risk. As networks grow, workers remain remote, and implementations of new technology rise, there’s risk everywhere. You have to defend against phishing, malware, and ransomware, which requires a united front and effort. Silos make this harder.
When silos exist within the department or in the company, the ability of a cyber team to be proactive against these threats becomes very difficult. Being proactive requires everyone to work together from a defined strategy. It involves a lot of communication and movement across the organization to establish and maintain your “protective shield” against attacks.
Attempting to reduce or eliminate risk is a journey that never ends or stays the same. Doing this well really means working as a team. Even if you have lots of protocols and tools in place, a silo doesn’t crack so easily. And often, people can do just enough to collaborate but true transparency is still missing.
As a result, errors and mistakes occur. Assumptions about who’s doing what and when are usually wrong, and gaps in your cybersecurity posture widen. It gives hackers an opportunity to exploit these weaknesses, so having silos is a helping hand to cybercriminals. If you want to prepare your organization to be cyber-resilient, you have to focus on growing your team’s people skills.
Development of People Skills Is a Silo Breaker
When individuals improve their people skills, they see the value in working together. They understand that silos are holding them back and want to work in a culture that thrives in teamwork.
It would be great if people could come to this realization on their own. Some never will, but many are willing to commit to developing their soft skills, especially when they realize it can decrease risk. Ultimately, most cyber professionals got into this field because they are passionate about security. If they know that their behaviors and actions have impacted their cybersecurity posture, they may be even more eager to change and adapt.
So, how does this happen in the real world? It won’t occur without a framework and strategy. You can’t start this journey without a map, and you’ll find one in the Secure Methodology™.
The Secure Methodology Transforms Silos
The Secure Methodology is a seven-step guide to transforming technical people into excellent communicators and collaborators. Each step seeks to resolve the major problems that exist in the cybersecurity workforce, supporting people as they pursue a new mindset and perspective. Here’s how each step can knock down those silos for good:
The Secure Methodology starts with awareness of self and others. When awareness is lacking, silos flourish because there’s no connection. Technical folks will remain on their own island, causing friction and antipathy.
You can use coaching methods within this step to drive people to open their eyes and realize the detriment of silos. You can also learn about their motivations, which will be vital in changing behavior.
Next is mindset, and it’s a key contributor to silos. When people have a fixed mindset, they have tunnel vision and no desire to change. This step is about helping them open it, which can occur with reflection, asking questions, and working as a team in decision-making.
Acknowledgment is the third step, and the lack of it is another cause of silos. Acknowledgment means recognizing people for their efforts regularly. They want and need praise to feel part of something, which is critical to breaking down silos. Part of this is also acknowledging that no one can know everything about cybersecurity but that collectively, we all have a better shot at defending against threats.
Communication is the fourth step but crucial in all the others too. Communication is the single biggest tool you have to remove silos. Consistent, transparent, and clear communication within your team and outside of it ensures that silos don’t form or stay.
Working on communication isn’t easy. It takes a lot of practice and learning new ways to share information and listen.
Next is monotasking, which means workers focus only on one task. It’s the opposite of multitasking, which often leads to sloppy work. Yet, people receive praise for multitasking, but it’s a problem in cybersecurity.
In terms of silos, if you encourage people to block time to work on specific things without distraction, they can use critical thinking skills and balance their workload. Gaining these things supports a collaborative workforce where there’s even distribution of work and team support.
Empathy is an essential soft skill that we have to learn and develop. Silos can’t function in an empathetic culture because people can see the perspective of others. When they do, there’s no longer a “me vs. them” mentality. This step includes exercises to help people foster this skill.
The last step is kaizen, which is a Japanese term meaning “continuous improvement.” It’s a stage that never ends with an emphasis on root cause analysis. If your team can embody this, silos won’t have fertile ground.