Security Leaders, C-Suite Unite to Tackle Cyberthreats
CEOs are becoming more hands-on and prioritizing cyber resilience in 2024 as the traditional silos between IT operations (ITOps) and security teams break down.
These were among the results of a Commvault-commissioned Futurum Group survey of more than 200 C-suite and senior-level IT executives across the Americas, EMEA and Asia-Pacific regions.
The results indicated organizations are also starting to realize the importance of increased collaboration to combat the onslaught of more sophisticated cyberattacks, with 99% of respondents saying they had observed heightened connectivity between ITOps and security over the past 12 months.
Among those reporting a “connected” relationship, 64% stated the adoption of shared goals for maintaining company security, while 70% affirmed the establishment of joint processes and procedures for daily operations.
However, challenges persist, with only 48% having established joint protocols for incident mitigation or recovery.
The report also forecasts a significant role for artificial intelligence (AI) in 2024, with 68% of respondents anticipating its use to enhance security efforts by identifying and responding to threats more efficiently.
Respondents identified key areas where AI could bolster their organization’s security posture, including automating employee training and security awareness (67%), streamlining day-to-day operational processes linked to data protection (66%), enhancing user authentication and access control (57%) and fortifying compliance monitoring and reporting (52%).
Despite these advancements, the study underscores persistent challenges related to fragmented data protection solutions, revealing that over 90% of respondents acknowledge a negative impact on their organization’s cyber resiliency due to the fragmentation of data protection tools.
Moreover, more than half (54%) of respondents indicated fragmentation hinders their organization’s cyber resiliency efforts.
Javier Dominguez, CISO at Commvault, said with cybercrime on the rise, the need for cyber resilience and seamless recoverability will continue to increase in the coming years.
“The data indicates cyber preparedness is a top-line priority for the C-suite and board members heading into 2024,” he said. “As a result, we can expect them to be more involved and set higher expectations for their ITOps and security teams.”
Dominguez explained this top-down approach to cybersecurity will help influence collaboration between ITOps and security teams — streamlining and optimizing cyber-preparedness initiatives across the organization.
He pointed out the role of ITOps is to maintain system and data availability, while security teams focus on protecting the systems and data from bad actors.
“These overlapping responsibilities have often led to challenges when establishing ownership over joint protocols,” he said. “ITOps needs to provide security teams with increased insight into their environments to help them understand the organization’s risk posture.”
Similarly, security teams can provide ITOps with security best practices and guidance on how to improve cyber resilience.
“Through increased collaboration and the development of clear roles and responsibilities, ITOps and security teams can work together more effectively,” Dominguez said.
Patrick Tiquet, vice president, security and architecture, Keeper Security, said the company’s research showed the average U.S. business experiences 42 cyberattacks per year, three of them successful.
“While the impact to business operations and financial losses may be the most tangible examples of the damage these attacks cause, the reputational impacts can be equally devastating,” he said.
CEOs have been taking notice, allocating more funds and asking for a more collaborative and aligned approach between ITOps and security teams to bridge the gap that is being exploited.
He noted that ITOps and security teams are now working together for a more proactive cybersecurity approach that prioritizes both operational efficiency and security measures, recognizing that these aspects are interdependent.
“This means that security considerations are integrated into every stage of the IT life cycle, from the initial design and implementation to ongoing maintenance and updates,” he said. “Simultaneously, security teams gain a deeper understanding of the operational landscape, allowing them to implement more effective protective measures and respond rapidly to incidents.”
Jose Seara, CEO at DeNexus, adds that increased involvement from boards and CEOs contributes significantly to building a culture of cybersecurity and cyber resilience within their organization and even with partners.
“This touches all teams that need to partner with and support cybersecurity, including ITOps and even operational technology in sectors with capital-intensive equipment connected to the internet,” he said.
He suggested that organizations embrace a new generation of AI-powered cybersecurity solutions, which enable faster and more systematic detection of anomalous behavior, among other things.
“On the business side, modeling and quantification of cyber risk to make better decisions on cybersecurity investments is significantly improved with the use of AI,” Seara said.
