Why rogue employees may pose bigger threat to corporate data than hackers
Christian Science Monitor
According to the Christian Science Monitor’s security and privacy division, Passcode, companies are worried that “disloyal employees pose a greater threat to companies’ data security than outside hackers.” For example, correspondent Jaikumar Vijayan discusses how Monsanto Co. recently sued former employee Jiunn-Ren Chen for allegedly stealing 52 sensitive company files. The piece highlights why organizations – especially in the banking sector – are so concerned about insider threats and the cultural idea that “’insiders are supposed to be trusted.’” The article also touches upon the challenges involved in discovering which employees are potential threats once they’re already working at an organization and the changing landscape of tools used to monitor insider threats.
Cybersecurity – A Boardroom Blindspot
Despite cybersecurity gaining traction in boardrooms as companies assess and plan for dealing with risks, a recent Cyber Governance Health Check revealed that only 54 percent of boards of directors “hear about cybersecurity twice a year” or when there are cyber incidents. Additionally, cyber threats affect organizations of all sizes, not just big companies, with a 2015 PwC survey showing that 74 percent of small and medium-sized businesses reporting security breaches in the last year. Pro Drive IT Managing Director Bruce Penson discusses the need for cybersecurity planning to have a top-down approach with support from board members and the steps for getting buy-in from the board regarding a “robust cybersecurity policy.”
How The Cybersecurity Industry Is Coping With A Skills Shortage
Despite data breaches and cybersecurity threats constantly grabbing headlines in the media, experts note a shortage of professionals to fight cyber threats (an estimated million-plus security jobs around the world are unfilled, and 86 percent of survey respondents in an ISACA report said cybersecurity was “an understaffed industry”). White Ops President and CEO Eddie Schwartz discusses the origins of the scarcity of properly trained cybersecurity professionals, the need for more widespread training in advanced techniques rather than just cybersecurity basics, the shortage of white-hat hacking experts, the barriers to entering the cybersecurity field right after college and what industry groups are doing to address this talent gap.
The Most Critical Skills Gap: Cybersecurity
A recent Intel Security-Center for Strategic and International Studies study examines the cybersecurity workforce shortage in eight countries around the world. Eighty-two percent of participants reported that their organizations did not have sufficient cybersecurity skills, with a quarter of respondents confirming that their organizations had experienced “cyber thefts of proprietary data due to this lack of qualified workers.” Fast Company reporter Lydia Dishman discusses the survey results, including an emphasis on the need for technical skills like intrusion detection, secure software development and attack mitigation and better efforts by universities and schools to prepare students for cybersecurity jobs. She highlights the importance of investing in cybersecurity professionals’ salaries and training.
How to attract a board-level cybersecurity expert
As cybersecurity becomes a greater priority at many companies, the demand for board members with cybersecurity expertise is growing. This increase in demand means “’board candidates are getting quite picky,’” says Spencer Stuart consultant Mike Dickstein. CSO reporter Stacy Collett outlines some key considerations for attracting a cybersecurity expert to a board of directors, like including them in all board activities and allowing them to add value across the organization, sharing the risk across the whole board, facilitating conversation between the security team and potential board member, the importance of curiosity and lifelong learning and looking beyond the “obvious candidates.”
IoT hidden security risks: How businesses and telecommuters can protect themselves
As the Internet of Things (IoT) grows, workplaces are turning in to “digital hives of connected objects,” with IoT devices that may seem harmless but that could potentially be exploited and leveraged by cybercriminals for harmful purposes. TechRepublic recently held a roundtable discussion in which security experts discussed the risks and threats associated with connected devices and how employees and companies can protect themselves. Topics included the need for “proactive protection and place and prescriptive education for employees who use mobile devices at work” in order to have a strong security posture; the need for consumers to think about how their personal IoT devices connect to other objects; a “lack of awareness of the attack surface that the IoT systems present and a lack of due care in consumer deployments”; the need for organizations to build security testing into the development process for connected devices and services; and the importance of educating employees on the risks of bringing their own devices to work and/or using their personal devices to access company information. TechRepublic reporter Teena Maddox addressed these and other takeaways from the event.