Widespread data silos slow down security response times

Although the goals and challenges of IT and security professionals intersect, 72% report security data and IT data are siloed in their organization, which contributes to corporate misalignment and elevated security risk, according to Ivanti.

Leadership plays a crucial role in resolving data silos

Due to insufficient data, IT and security professionals report the following:

• 63% report that siloed data decreases security response times.
• 54% report that siloed data weakens their organization’s security posture.
• 41% struggle to collaboratively manage cybersecurity.
• Struggle to make informed security decisions regarding software employees use (including shadow IT) (47%), devices accessing the network and/or corporate resources (42%), and determining what vulnerabilities are exposing their systems (41%).

“While data silos can be a technology issue, resolving them and gaining a comprehensive understanding of an organization’s risk landscape requires leadership. However, CIOs and CISOs are at odds. They face a tug-of-war challenge between enabling employee productivity while ensuring data security, which can lead to an increase in cyberattacks. To foster a more secure workplace, collaboration is essential,” said Jeff Abbott, CEO, Ivanti.

“When there is CIO and CISO alignment, it helps both parties build consensus on organizational risk tolerance while promoting cross-functional security and IT data collaboration. This eliminates costly ripple effects and increases data accessibility for investments in AI,” added Abbott.

Data silos are a universal problem for CISOs and CIOs — and a particularly thorny one given the speed of investments in AI, which will require data integration and accessibility. To ultimately strengthen an organization’s security posture and drive transformation, there needs to be CIO and CISO alignment and executive buy-in on security.

According to Ivanti’s research, cybersecurity is widely viewed as a top priority, even at the board level. Fully 80% of those surveyed say their boards include someone with security expertise, and 86% report it’s a topic of discussion at the board level. This is promising to hear in light of the various cybersecurity concerns raised by the study.

Unauthorised BYOD remains an unresolved problem

For instance, when it comes to a practice called BYOD (bring your own device), IT and security teams use tools that were designed for just in-office usage and have no effective way to track and manage employees’ personal devices at work.

Just 63% can track BYOD alongside corporate-owned IT assets, yet 78% say employees use their personal devices at work even when it’s forbidden. 81% of office workers admit they are using some type of personal device for work.

Of the 81%, half are logging in to networks and work-affiliated software on their personal devices. And 40% say their employers don’t know about their activities.

Another cause for concern – 54% of office workers were not aware that advanced AI could impersonate anyone’s voice. Research finds that 95% of IT and security professionals believe that security threats will be more dangerous due to AI. However, despite the elevated risk posed by AI, nearly one in three security and IT professionals have no documented strategy in place to address generative AI risks.

Taking these various concerns into account, the report emphasizes the critical need for alignment between the CIO and CISO in their approach to security mandates. This alignment can help organizations identify areas of friction and make operational improvements, eliminate data silos that hinder response times and conceal crucial insights, and gain a thorough understanding of the software supply chain. Ultimately, this collaborative effort fosters mutual accountability and enhances overall security posture.