Cybersecurity's Real Challenge Is Communication, Not Just Technology

COMMENTARY

In business, the importance of building strong relationships across teams cannot be overstated. This is especially true in cybersecurity, where quick and effective incident response depends on the ability to share information seamlessly throughout the organization.

Despite this, communication remains a sticking point for security teams. In Tines' 2023 "Voice of the SOC" report, 18% of security practitioners admitted that communication was one of the least enjoyable parts of their job. Their frustration stems from the necessity to simplify and convey complex information to less familiar stakeholders, while also managing an overwhelming amount of data from multiple technologies, which consumes too much of their time. In a workplace filled with distractions, practitioners want to cut through the noise.

Automation stands out as a key enabler here, removing the organizational friction that often acts as a blocker to cross-departmental collaboration. By automating routine tasks like communications and reporting, security practitioners have more time to focus on strategically valuable work. This results in happier teams, which in turn strengthens the security posture of the business.

Automation also acts as a bridge for collaboration, breaking down departmental silos and opening up communication channels across the business. When security, IT, and engineering teams work in sync, it allows organizations to quickly identify vulnerabilities and shut down threats before they become wider issues.

Let's take the example of setting up an automated workflow to share threat intelligence between security and fraud teams. Should the fraud team detect, say, a new phishing campaign, this information will immediately be shared with the security team, which can alert other departments accordingly. By using automation to improve visibility into security issues, critical information is quickly circulated and acted on.

Making Security Second Nature

Advanced technological solutions that leverage AI and large language models (LLMs) also pose unique challenges for security teams, which must learn to navigate both human-to-human and human-to-tech interactions. According to an expert at MIT, prompt engineering is now the most important AI skill you need. The better you are at telling AI what you want it to do, the more likely it will deliver what you expect. Clear and detailed instructions enable AI to understand your requirements specifically, leading to more accurate and satisfactory results. And as use of autonomous tools and processes grows, maintaining meaningful communication across the business becomes more especially critical.

While effective communication can often be facilitated by technology — specifically, automation — the reverse isn't always true. If you can't align everyone on the same mission, the true value of new technologies will remain out of reach.

What really pushes cybersecurity from good to great is a shared culture of vigilance. When every department from the ground up aligns on security priorities and best practices, consistent and secure processes become second nature. 

Working with site reliability engineering teams taught me a lot about this. Even when we had a great team and a stable product, things would still go wrong: a code push would fail, or something would break, prompting a swift response to roll back changes. 

While these issues were rarely security-related, involving security personnel for the sake of due diligence became best practice. This calm, controlled, and collected approach to incident management highlighted the value of clear communication. Rather than treating these situations as crises, we embraced them as routine parts of the job, leading to respectful, effective incident handling and appreciation for each other's efforts. In doing so, we were always ready to tackle whatever came our way next. 

Being intentionally transparent also benefited us during and after a security incident, because effective communication often determines a company's ability to maintain its good reputation.

People are generally more forgiving of companies that handle security incidents with honesty and openness. By sharing what is known about an incident promptly, and by being clear about the steps being taken to resolve the issue and stop it from happening again, organizations show they are accountable and care about doing what's right. When you foster a culture of open communication, teams are better prepared to manage crises effectively when they occur.

Bridging Communication Gaps

Bloated tech stacks and outdated systems will always draw the ire of security practitioners and other employees. But when you strip away the technology to reveal the core of the issue, mastering cybersecurity is fundamentally about mastering effective communication.

Establishing strong relationships across teams ensures that security is ingrained into company culture from the outset, reducing the reliance on expensive or redundant security solutions. These relationships make vigilance, readiness, and responsibility a part of the status quo, rather than behaviors companies are forced to adopt when things go wrong.

Likewise, when teams have more time to talk, they have more time to innovate and problem-solve together. Deploying automation strategically can help businesses bridge the communication gaps that prevent this from happening, and allow security practitioners to focus more of their time on the parts of the job they love.

In doing so, and by nurturing a security-centric work culture that involves everybody, organizations can overcome challenges with greater agility and confidence.