Skip to main content

Featured

How 2020 Presidential Candidates Can Guard Against Cyberattacks

The 2016 presidential election witnessed unprecedented Russian cyberattacks and disinformation campaigns designed to disrupt the U.S. electoral system by influencing public opinion. The Russian goal is intended to destabilize the U.S.  through ideological activism, advancing their interest and further their political agenda. Their methods compromised computer systems of candidates and political parties using the exfiltrated data to spread disinformation and influence presidential elections.

On January 6, 2017, the U.S. Director of National Intelligence released a declassified report “Assessing Russian Activities and Intentions in Recent U.S. Elections.” According to the report, Vladimir Putin ordered a massive campaign orchestrating attacks from multiple fronts that involved spreading pro-Trump propaganda on social media to hacking the Democratic National Committee (DNC). Their methods resulted in massive data breaches within the DNC that included access to John Podesta's email f…

Don’t Let Organizational Politics Derail Security Initiatives


Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly.

Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not align with the organization’s political culture. Such an environment makes it extremely difficult to manage these initiatives. Security teams must recognize the obstacles they face and work to gain buy-in from key stakeholders.

The Problem With Organizational Politics

Denial can impede IT efforts — especially when C-suite executives are insulated from the realities of the security landscape. In many cases, when executives say that security is not in the budget, they simply mean that it is not on their radar and, therefore, doesn’t matter.

Other obstacles include hidden agendas and power struggles that prevent employees from sharing information with others. For example, some employees might withhold information as a tactic to ensure job security, while another staffer might use it as an organizational currency to buy influence. Chief information security officers (CISOs) may encounter this behavior during red on blue exercises when red team members refuse to divulge vulnerability test results to the security operations center (SOC) team, or at the very least aren’t totally forthcoming about their exploits.

Pushing the Right Buttons

No department is immune to the effects of organizational politics. Security professionals must thoroughly understand the political landscape and devise more effective ways to communicate risks to C-level executives. This communication must occur in business terms with a focus on the end business goals.

To successfully navigate organizational politics, IT professionals must gain their colleagues’ trust, which takes time. Start by forming personal connections with fellow employees or subordinates. People have their own individual interests and concerns, and leveraging them can go a long way toward building positive rapport.

The bottom line is that if IT professionals have the organization’s best interest in mind, executives and other stakeholders are less likely to question their motives. This trust enables them to foster alliances and more effectively advocate for security. The CISO can take it a step further by acting as a mediator to help employees in other departments find common ground when disagreements arise.
Organizational politics require security professionals to be adaptable. As executives and employees come and go, the political landscape shifts accordingly. The key is to understand what you’re up against and use your experience to keep security top of mind throughout the enterprise.