Sunday, October 17, 2021

Is a Culture Clash Risking Your Security?

A clash of cultures between different security factions within the same

company is putting security efforts at risk, according to a new study.

A trio of corporate security groups — or silos — is responsible for

safeguarding a company’s information, financial resources and people.

Getting those groups to work together is a problem that, if overlooked,

could put all three in jeopardy, says Tom Cavanagh, a senior research

associate with The Conference Board, a non-profit research group with

2,000 corporate members.

The three groups — physical security forces, IT security and financial

risk management executives — are at the heart of the problem.

”Increasingly, the security field is seeing a lot of convergence of

different disciplines, but it’s been tough to pull everything

together,” says Cavanagh. ”The people in the various silos have a

tough time communicating with each other… And the failure to share

information can have devastating consequences.”

Cavanagh says the problem is one of culture. Think back to high school

and how the different ‘clicks’ looked down on one another and wouldn’t

be caught actually speaking to the other. The corporate scenario isn’t

all that different.

The people in charge of keeping corporate buildings and employees safe

are thought of as the cop wanna-bes. The IT workers are considered to be

the geeks. And the risk management executives are the bean counters in

the suits. None are very flattering images, and they’re detrimental to

building a sense of team work.

”To effectively manage their total security needs, companies must

bridge this clash of cultures and create a common frame of reference for

this function,” says Cavanagh. Walling off assets produces silos on the

organization chart, and it also produces a culture in which vital

information may be hoarded rather than shared.”

If the physical security people aren’t communicating with the network

security workers, they might, for instance, miss clues that someone is

approaching employees outside the building and tricking them into

divulging information that would help them to hack into the network.

This kind of social engineering is best fought by a multi-tiered

approach.

And for that, companies need their security people communicating with

each other.

To make that happen, Cavanagh says there is no magic bullet. Just drag

them all into the same room.

”It’s about bringing them to the table,” he adds. ”It’s getting them

to share information, but it’s pretty darn challenging… You can sit

them down together but that doesn’t mean they’ll understand each

other.”

To that end, Cavanagh says someone needs to oversee the meeting to make

sure that no one is talking in jargon — especially the IT folks. Speak

using words that everyone at the table — cop, geek and bean counter

alike — will understand. Look for common problems and tackle them

together.

But don’t expect this culture clash to clear up overnight, warns Gordon

Haff, an analyst with Illuminata, an industry research firm based in

Nashua, N.H.

”This has been a long-standing issue,” says Haff. ”It’s no surprise

to anyone that physical security isn’t particularly integrated with IT

security… It’s sort of motherhood and apple pie to say that everyone

should just communicate.”

But Haff adds that starting the conversation is the only way to begin

the process mixing these cultures, breaking down the stereotypes and

ultimately making companies more secure.

Similar articles

Latest Articles