Ever heard about “The Listening Chain” game in corporates?
Many corporate houses practice this game as a part of their enhancement of listening and execution skills. A human chain is formed where everyone whispers a word or a phrase in the other’s ears just once and he/she needs to repeat the same word/ phrase to another. The process continues one by one after listening carefully till the last person. Very often it has been noticed that a single word or a phrase gets completely changed by the time it reaches the last person.
The game teaches the importance of correct communication.
Today, communication has been proved to be crucial in the IT security industry as well. There have been instances where organizations have paid hefty prices due to a single inter-departmental miscommunication.
Recently, a Forrester analytics survey said that organizations spend an average of 37 days and $2.4 million from detection to recovery of any cyber incident. Among 100% respondents, 80% agreed to the fact that they faced cyber incidents due to miscommunication either between security team and tech team or between security team and other departments.
Hence, clarity of communication has also been a criterion to maintain cyber resilience in organizations.
How does Miscommunication affect IT Security?
Organizations face the hurdles of miscommunication due to distinct reasons. Disengaged employees, lack of clarity of objectives, poor interpersonal skills, no practice of feedback etc. results in poor communication and if it happens with the IT security team, then cyber threats galore.
The overuse or irrelevant use of technical jargon and sometimes specialized language can create a barrier to effective communication between teams or individuals within an organization. Eventually, this leads to unprecedented incidents such as cyber-attacks or data breaches. Moreover, such ambiguous communication affects the emotional state of the team and in the long run impacts their work performance. Eventually it results in wrong/ incomplete execution and creates a half-baked solution. As a result, there are new doors for malicious actors to exploit the vulnerabilities created by miscommunication. Eventually data security is compromised.
Broadly, there are five types of miscommunications that are dominant behind security risks:
- Unintentional typing errors
- Ambiguous language
- Improper Technical description
- Wrong content due to incomplete understanding
- Wrong/ unclear presentation of functionalities
There is a saying, “Good Communication is the Bridge between Confusion and Clarity!” It is applicable to every industry and IT security is no exception.
While communicating with the IT security teams and the IT risk assessment teams, there are several prerequisites that need to be taken care of. Earlier, these were “unsaid rules,” but now organizations are paying heed to these to maintain secure practices.
- There must be clear and frequent communication between IT security and IT functional teams to ensure that the product, software, or any security mechanism is well explained before going for promotion/ marketing. Not a single user should ignore any kind of ambiguity so that the right messaging/ description goes to the right person/ client.
- Once the product/ solution is ready for promotion/ launch, the features and functionalities need to be verified and re-verified with the development team so that the communication goes perfectly. Because if there is any gap in understanding/ description, that could be miscommunicated by the pre-sales/ sales team to the clients or partners. This will simply widen the chances of IT security threats.
- Lastly, the IT risk assessment team also needs to be proactive in evaluating and analyzing the enterprise IT environment along with what the IT security team is communicating about security policies and practices.
Communication through the right language, right description and with complete clarity between any organization’s IT security team and other departments is one of the prerequisites to keep cyber threats at bay.