Why Security Teams Fail

16 ways to drive success in your security team

November 14, 2023

👋 Good morning!

Each week I provide an in-depth response to your questions about careers, roadmaps, building security teams, AI security, cloud security, and much more.

Send me your questions and I’ll do my best to provide actionable advice.

Let’s dive in!

Security teams protect value. They exist to ensure an organisation is able to achieve its strategic goals and defend it against threats lurking in the dark. Without effective security teams, organisations risk devastating consequences - data compromise, service disruption, and financial damages, to name a few.

Despite the significance of such a capability, security teams face tremendous adversity in trying to realise their full potential. This happens for a myriad of reasons, both in and out of their control. I believe there are eight critical reasons behind the failure of security teams. But what use is a root-cause without a solution? Alongside every reason I’ve included potential solutions.

1/ Turnover: The Ever-Changing Lineup

High personnel turnover is a pervasive issue in cyber security teams. Each time a team member departs, they take invaluable knowledge with them. This knowledge loss disrupts the continuity of security initiatives and impacts the team's morale. Frequent departures can also erode the institutional memory of an organisation, making it challenging to learn from past incidents.

Solutions:

  1. Reduce the damage with Knowledge Transfer: Implement formal processes to transfer knowledge when team members leave. Create comprehensive documentation and encourage the sharing of knowledge among team members. Build a culture of documentation keeping and decision making logs.

  2. Avoid the damage with Professional Development: Invest in the professional development of team members by providing training opportunities and certifications to enhance their skills and job satisfaction. Promoting a culture of continuous learning and professional development can help retain and attract talent.

2/ Budget: The Double-Edged Sword

Budget constraints can cripple security efforts or lead to inefficient spending. Limited budgets may result in security teams being unable to cover all necessary bases, leaving critical vulnerabilities unaddressed. Conversely, excessive budget allocation can result in careless spending on unnecessary tools, leading to a complex and unmanageable security infrastructure. To succeed, security teams need to strike a balance by aligning their budget with strategic priorities and regularly reviewing expenses to ensure they match the organisation's evolving needs.

Solutions:

  1. Strategic Budgeting: Align the security budget with organisational goals and priorities. Regularly review expenses to ensure they meet evolving needs.

  2. Efficiency Measures: Identify and eliminate redundant or unnecessary tools and services to optimise budget allocation.

3/ Strategic Direction and Priorities

A lack of a clear strategic vision can lead to cybersecurity teams floundering. When security strategies are not threat-led, they may fail to adapt to emerging risks. It's essential to stay up-to-date with the evolving threat landscape and prioritise security measures accordingly. Regular risk assessments, threat intelligence, and a well-defined security strategy can help keep the team on the right track.

Solutions:

  1. Threat Intelligence: Stay up-to-date with the latest threat intelligence and adapt security strategies accordingly.

  2. Security Testing & Risk Assessments: Focused threat-led security testing. Also, conduct regular risk assessments to identify potential vulnerabilities and prioritise security measures effectively.

4/ Tech Over People and Processes

Overemphasis on technology at the expense of people and processes is a common pitfall. While advanced security tools are crucial, they are only effective when complemented by well-trained and informed personnel. Neglecting training and process development can result in human errors and oversight, leaving an organisation vulnerable. Prioritising training and creating robust security protocols is vital to mitigating this risk.

Solutions:

  1. Balanced Approach: Emphasise the importance of training and development alongside technology investments.

  2. Process design and communication before Go-live: Develop and test procedures to ensure that both technology and human processes are well-coordinated. Otherwise you’re leaving value on the table.

5/ Organisational Culture: The Silent Underminer

A fragmented security culture across different departments can undermine the collective security efforts. When individuals and departments perceive security differently, it creates inconsistencies that malicious actors can exploit. Building a cohesive security culture requires active awareness campaigns, regular training, and a unified approach to security awareness.

Solutions:

  1. Security Awareness Training: Regularly train and educate employees across all departments on security best practices to create a unified security culture.

  2. Clear Policies: Implement clear security policies and guidelines that apply uniformly to all employees.

6/ Legacy Tech and Contracts

Legacy technology and outdated contracts often tie the hands of security teams. These legacy systems are riddled with dependencies, making it challenging to upgrade or replace them. As a result, the security team may be stuck with outdated and vulnerable technology. Transitioning away from legacy systems can be a complex and costly process, but it's essential to modernise and maintain security effectiveness.

Solutions:

  1. Modernisation Initiatives: Develop a roadmap for replacing or upgrading legacy technology over time. Consolidation reduces the attack surface.

  2. Contract Review: Regularly review and renegotiate contracts to ensure they align with current security needs and technologies.

7/ Leadership: Guiding the Way

Effective leadership is vital for maintaining a robust security posture. Leadership provides direction, motivation, and inspiration for the team. A lack of leadership can lead to a lack of strategic direction, a fragmented culture, and high turnover. Leaders in the cybersecurity field should be visionaries who set a clear path for their teams and foster a culture of security consciousness.

Solutions:

  1. Visionary Leadership: Appoint leaders who provide a clear vision for the security team and inspire and motivate team members.

  2. Effective Communication: Foster open and effective communication channels between leadership and the team.

8/ Team Building: Unity in Diversity

Successful security teams are not merely collections of individuals with technical skills. Building a cohesive and effective team requires individuals with shared values and diverse skill sets. A well-rounded team can tackle a variety of security challenges effectively. Team building should prioritise not only technical competencies but also interpersonal skills, collaboration, and adaptability.

Solutions:

  1. Diverse Recruitment: Seek out individuals with varying skill sets and backgrounds when building the team.

  2. Shared Values: Establish a shared set of values and goals for the team to promote unity and collaboration.

Addressing these eight key challenges is essential for building resilient and effective cybersecurity teams.

Implementing any of the 16 solutions will help security teams better navigate the challenges they face. It's important to maintain a flexible and adaptive approach, as the threat landscape is constantly evolving.