Throughout the entire month of January, The Fintech Times will be exploring every dimension of one of the industry’s most pressing topics: cybersecurity.
For our third edition of how cybersecurity is adapting to safeguard remote workforces, we’ll be looking at the silent killer of siloed teams. But what are siloed teams and how do they impact cybersecurity?
Silos are a familiar feature of farm settings due to their ability to hold grain. These tall, windowless, imposing, isolated and inaccessible towers are the perfect fit for agriculture’s tin cans, but the mentality they personify is finding a footing within the teams of fintech; and they’re no good for businesses’ cyber defences.
What are siloed teams?
Siloed teams aren’t just a workforce working from home, although that is something we must consider in these modern times. Siloed teams are when a group of people, and typically a department, begin to work as one autonomous group within a larger group of employees.
The limited transfer of information and valuable data within this setting is what comes as its major setback, and there are a variety of reasons as to why this would be the outcome. Siloed teams can be the result of many different occurrences within fintech teams. Department rivalry, organisational deficiency, fear and power struggles could all contribute to their emergence within a company.
There are two types of silo structures to consider when looking at how cybersecurity is compromised within its limits. Horizontal silos are those that exist when departments or employees at the same level ostracise themselves from the rest of the workforce. Vertical silos can be identified as when the same set-up occurs but its structure is differentiated across varying levels of seniority within the same team of people.
The benefits of such organisational structures aren’t to be considered lightly. Although innovation within the fintech industry does demand an identifiable level of specialism, it isn’t within the best intentions for your company or your customers if the availability of resources becomes fractured in this way.
A recent study by Vanson Bourne, which surveyed 700 CIOs, found that 93 per cent agree that IT’s ability to maximise value for the business is hindered by key challenges, including teams working in silos. Furthermore, 49 per cent stated that their IT teams currently work with silo structures, whilst a further 40 per cent say that limited cross-team collaboration makes it more difficult to identify the severity of an issue and minimise its overall business impact.
Why they’re killing your cybersecurity
With cybersecurity becoming the bedrock of any successful fintech venture, it’s important that teams are able to identify anomalies with speed and rectify the issue before lasting damage is done. But in order for this to be carried out efficiently, all the pieces of the machine must turn together. Unfortunately, siloes do not accommodate such a speedy reaction, and the limitations to information visibility appear to hamper operations significantly.
A recent study by Cyware revealed how the situation is really playing out. In its data, Cyware highlighted how 64 per cent of respondents knew of the gaps currently present in their business models, and how their limitations on sharing cyber threat intelligence were actively restricting their security.
When discussing the main obstacles in the way of true technology unification, 55 per cent cited issues with cross-team collaboration, 47 per cent recognised data silos within security teams whilst 45 per cent reported functional silos within security systems and how that raised issues when discovering and accessing data.
The report also found that 71 per cent of security leaders required access to threat intelligence, security operations data, incident response data, and vulnerability data to prevent attacks, and how, alarmingly, 65 per cent struggle to supply their teams with this kind of comprehensive data.
“With today’s evolving threats, security operations teams cannot succeed without the access to and a centralised view of the data from other cyber and IT applications within their environments,” said Anuj Goel, CEO, Cyware.
“This research paints a picture for CISOs to better understand the technology and data fusion challenges preventing their SOCs from enabling true collective defence. These common hurdles should shine a spotlight on the need for organisations to break the silos by better unifying their security teams, processes and technologies to bolster defences and more proactively defend their assets.”
How to keep siloed teams and remote workforces safe
The difficulty with imposing change around siloed teams in order to cultivate tangible results for security is that more than any other element, siloed teams are the result of a toxic, self-serving attitude and team agenda.
This isn’t to say that siloes are the result of a mutiny within a business, but rather due to festering long-term interests that manage to grip business organisational structures slowly and over time; making them much hard to identify and fight against.
This is what’s called a siloed mentality, and its presence compromises many elements of business integrity. Although cybersecurity struggles appear to be the most prevalent, a lack of communication can also impact a business’s ability to innovate and react to changes beyond the scope of staying secure. It also cultivates a negative and toxic environment within the workplace; often regardless of physical office attendance.
A solution that could be utilised to overcome such an uncomfortable and fruitless position would be to completely readdress how data is gathered, stored and shared within your business. Mike Maciag, CMO of Dynatrace, discusses how siloed teams are leaving companies short: “As the pace of digital transformation accelerates, and modern, dynamic clouds introduce increasing complexity, the pressure on teams to make data-driven business decisions, and automate operations to deliver business value faster, has never been greater.
“However, a lack of cross-team collaboration and access to a single source of truth across the organization is hindering BizDevOps teams’ ability to achieve this. By using disparate data from multiple monitoring and analytics solutions and adhering to a ‘my-part-works-fine’ view, they are wasting hundreds of hours and millions of dollars every year, rather than pursuing shared business goals backed by precise, holistic insights.”
“Without breaking down the silos between IT, development, and the business, organizations simply can’t keep up with the accelerated pace of digital transformation,” added Maciag. “Empowering teams with a single analytics and monitoring platform, rooted in a common data model and delivering precise and real-time insights, drives shared goals and improved business outcomes.”
Lenitha Bishop, Head of DPOs, at The DPO Centre added to these thoughts with: “Accidentally leaving data accessible to others is one of the main causes of data breaches. A strong emphasis on staff’s awareness of data protection through ongoing training is critical.
“Companies need to refresh breach detection and reporting procedures to account for the risk of data moving offsite and line managers/lines of reporting being remote from individual workers. As part of this, companies should ensure all staff understand who the breach response team are and how they can be contacted in such an emergency, including strict regulator reporting times.
“As companies have got to grips with remote working and all the data protection and privacy considerations this entails, it’s unlikely that any transition back to business as usual will be completed quickly or without further upheaval. As such, companies must continue to monitor their level of data protection compliance and associated privacy risks. Companies should maintain a risk register to monitor any ongoing threats, ensuring that these risks are reviewed on a regular basis and updated in light of any data protection incidents or if planning to transfer back to an office-based working environment, wholly or partially.
“Importantly, these measures should form part of an organisation’s wider compliance framework, which still applies regardless of whether employees are remote, hybrid or office-based.”