Sylvain Cazard, VP SDDC EMEA, VMware
IT threats are rapidly building in volume, scale and sophistication and current strategies are clearly not working. Business leaders have to understand the needs of their IT and security teams, just as those teams have to understand the goals and priorities of the wider business for both to be successful.
Our research with Forbes Insights found that there is a gap between business leaders and their IT/security teams in terms of how they perceive progress and collaboration around cyber security. Only 21% of IT teams across EMEA consider their business leaders to be highly collaborative when it comes to cyber security. Meanwhile, 27% of C-suite executives say they are collaborating in a significant way to address cyber security issues, versus only 16% of IT security practitioners.
If enterprises are to protect themselves against a landscape of ever-evolving cyber threats this gap needs to be closed. So, what’s the best way to combat cyber threats?
- A culture of security awareness across the enterprise
IT security has to be an enterprise-wide effort. The importance of collaborative leadership in this area – bolstering employee awareness, facilitating training, encouraging cross-functional ownership of cyber hygiene, and leading cultural changes from the top – should not be downplayed.
Attacks such as ransomware or phishing rely on low employee awareness and poor training on cyber hygiene. Investing in continuous high-quality training and enablement on security best-practices for all employees is a proven and highly cost-effective way of radically reducing the risk of breaches like these.
- Moving from a ‘whack-a-mole’ approach to one of precision targeting
Security must be built into the fabric of how a company operates and not bolted on as an afterthought. When security is no longer seen as an additional process that every internal transaction has to be subject to, then the IT security team will start to be viewed as an enabler (rather than an inhibitor) of business operations.
With a more holistic approach to security, in which all elements of the infrastructure are intrinsically secure in and of themselves, IT teams can shift their focus from a reactive, ‘whack-a-mole’ approach to new cyber threats, and towards becoming experts in business risk, helping the C-suite to best perform in its management role and to identify the most pressing areas to address.
- Simplify security
Our survey with Forbes Insights found that organisations are relying on a huge number and variety of security point-solution vendors, all designed to plug gaps that have emerged in the traditional perimeter firewall-based approach as new modes of IT have been adopted (eg. mobility, cloud, IoT, etc). More than half of all respondents in EMEA (54%) plan to spend even more on the detection of cyber-attacks and threats rather than specifically on their prevention, and alarmingly, close to one-third (29%) report having at least 26 discrete security point solutions installed across their enterprises.
The consolidation of security approaches into a single unified strategy not only reduces complexity and cost but also forces a consistent management approach to the safeguarding of corporate data assets. Reducing the number of vendors and products/solutions allows IT and security teams to focus on more strategic business-value oriented projects, such as using improved cyber hygiene to drive greater collaboration and innovation across all teams and departments.
The traditional siloes of IT, security and the ‘business’ must be broken down in order to fix the security landscape. By collaborating effectively, organisations can ensure that they are implementing a ‘security is everywhere’ mentality that will deliver greater results and usher in a new era of cyber security.
To discover the full EMEA executive summary from the VMware/Forbes Insights survey, download here