Show me Evidence of your Insider Threat Program (ITP). That is a question an aspiring Defence Industry Security Program (DISP) company will be asked. Then a Big 4 consulting firm will more than likely audit this element on your first or second anniversary. Do you know that your Insider Threat Program will need to have […]
Exploring what the right cybersecurity path forward looks like when people are involved. 70,604 cyber security professionals were asked to respond to the question, ‘What Keeps You Awake at Night’, with the option to select one of three possible answers. a. Third Parties b. Insider Threats c. Nation State Actors 55% of cyber professionals are worried about their own staff, their own colleagues. This echoes what Terry Halvorsen, the former CIO of the US Department of Defense, said in recent Sydney conference: “The single threat to your system is people. Some of it is not even malicious. People ask what keeps me up at night? It’s people.” He then recommended business leaders to spend their cyber budget on people – before tech. That is an important statement from a person who controlled a USD 42 Billion annual budget. Background: Low hanging fruit are external people. The typical corporate network topography is wide and that means a lot of potential entry points if left unsecured or vulnerable. The work from home (WFH) trend has exacerbated this. The last thing any senior leader needs is the fallout from a major security breach or attack. We are seeing near daily headlines littered with cyber breach incidents and ransomware of well-known brands. Closer to home they might even be third party supply chain partners. Internal threats can cost many times more than an external attack. Cyber professionals are aware that staff are normally, by default, accessing sensitive networks and information from anywhere, for the foreseeable future. The climate in which potential internal breaches – negligence or intentional – is elevated. Tech solutions try to secure all the hardware that the internal user accesses. This is difficult when trusted employees WFH and use unsecured home computers, home printers, home USB sticks etc. Other tech solutions include user behaviour motioning software to detect and alert when internal people are in the corporate network system and doing the wrong thing. The role of trust cybersecurity […]
The relentless compromising of the private sector, which remains a soft but strategic target, has diluted the conventional boundaries of conflict, forcing the government to enhance its posture. Australia is not immune and there is clear recognition that we need to do more to protect our nation against attacks on our critical infrastructure. The Parliamentary […]
Cyber Security Risk Audits start to look at the HR workforce. A recent study out of Cylab, 69% of respondents had more than 5 malicious, high-concern insider incidents. 44% of businesses had more than 10 incidents. 11% had more than 100 incidents, such as financial fraud, sabotage, data theft, or workplace violence. In 2021 this trend won’t stop. Cyber security is always going to be […]
Emerging standards and technology can be used to mitigate people risk in the retail environment and increase the quality of your candidates by 70%. We know how devastating employee theft can be: 30% of business closures blame this. Then there are data breaches. 1 in 4 data breaches are caused by malicious employees (not accidental […]
Security Awareness briefings for every candidate … for free! It is important for employers to know and understand that candidate’s background is not filled with unmitigated risk. However, new employees to the organisation might not fully understand or comprehend the employer’s security posture and culture. That’s where a security & cyber awareness mini course comes […]
5 Things To Present and Position Your Company As A Trusted Third-Party Partner Most of the B2B companies look for long term relationships with big companies. It is not an easy job to gain their trust to grab long term contract. Assume a big client of yours’ wants appropriate personnel security measures to be in […]
“The scheme should screen”. Why a Cyber Security Accreditation or Certification scheme needs to include personnel suitability assessments.
The Australian Government is developing our nation’s next Cyber Security Strategy as part of its commitment to protecting Australians from cyber threats. The new strategy will be a successor to Australia’s landmark 2016 Cyber Security Strategy, which set out the Government’s 4 year plan to advance and protect our interests online backed by a $230 […]
Are you Naked? Is Cyber Insurance a Must? * 15% of SME’s have cyber insurance. * 1.955 million Australian businesses are not insured. * 70% percent of all businesses are unprepared for a cyber-attack. * 34% of breaches involve malicious internal actors. * 59% of orgs experience at least one malicious insider attack over […]
When it comes to personnel and IT, it’s a high-risk environment right now. 9 in 10 data breaches involve trusted insiders – mainly to due to negligence 1 in 5 data breaches are caused by malicious employees 1 in 5 lie on their job resumes 1 in 5 had misrepresented their qualifications 3 in […]
It turns out that a AUD50 police check does not buy a lot of comfort or trust these days. And the sharing economy companies and governments around the world know it. For example, 1 in 9 applicants were rejected. Ouch. Under a new state background check process in Massachusetts, 8,206 people who applied to drive […]
Security Expert: “In general, the greatest data security risk is posed to organizations by insiders, as they have access to sensitive information on a regular basis, and may know how that information is protected.”
Joseph Steinberg is a cybersecurity expert and entrepreneur who founded the information security companies, Green Armor Solutions and SecureMySocial. He invented several popular cybersecurity technologies in use today, writes a column on cybersecurity for Inc., and is the author of several books on information security. Q. “In general, the greatest data security risk is posed […]
A Hypothetical one Sided Phone call between friends, goes something like this: Caller A: So, what’s your security strategy? Caller A: What do I mean? Well, IBM says 44.5% of breaches are caused by malicious trusted insiders. Not fat fingers, not clicking on a wrong hyper-link, not accidents, not Russian hackers. Intentional. Caller A: So let me […]
The #1 mistake companies make in hiring temporary workers is … not vetting them as if they will be there permanently. Solution? A Pre-employment screening service especially designed for Temps. We are delighted to have the opportunity to outline a recruitment solution for your temporary workforce that will dramatically reduce reputation loss and hiring risks, […]
Q. Does your internal security program integrate with your contract management process to ensure that third party risks are identified and managed? All organisations should consider supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a supply chain) are involved in products or services used by an organisation, there […]
In an Ohio-based Employers Resource Association* survey… 91 percent are using background checks. That seems high. But what s.p.e.c.i.f.i.c.a.l.l.y. does that mean? A Google search? Police check? Facebook search? LinkedIn page view? A 2 minute call to the a previous boss? But more importantly, what do you do when you receive an adverse result? To […]
1 in 4 potential employees admit to behaviours that most employers consider high-risk. HR Managers and Risk Managers need to get onto the same page.
1 in 4 potential employees admit to behaviours that most employers consider high-risk. HR Managers and Risk Managers need to get onto the same page. Independent university studies have demonstrated the value of integrity tests that screen for hostility, drug and alcohol abuse, theft and lying in the pre-employment phase. But these tests have yet […]
Security Expert: An insider with malicious intent who works for your organisation has already bypassed the majority of your security features without having to do anything other than log on to their desktop.
Marc Weaver Databasable is an IT consultancy firm that provides database administration support and specializes in moving your databases and applications into the cloud. Founded by Marc Weaver in 2015, databasable uses his vast employment experience from large financial institutions in London, Sydney, and New York. “Obviously a data security breach from an outsider will result […]
Security Expert. Insiders can also face external circumstances which make them feel desperate. Inside threat monitoring is usually shared with HR.
GREG MANCUSI-UNGARO @BrandProtect Greg Mancusi-Ungaro is responsible for developing and executing the BrandProtect market, marketing, and go-to-market strategy. A passionate evangelist for emerging technologies, business practices, and customer-centricity, Greg has been leading and advising world-class marketing initiatives, teams, and organizations for more than twenty-five years. Prior to joining BrandProtect, Greg served in marketing leadership roles at […]
Security Expert: The malevolent insider is the greatest threat to any company as these individuals are operating from a position of trust.
CHRISTOPHER BURGESS @burgessct Christopher Burgess is the CEO, President and co-founder of Prevendra. He is an author, speaker, advisor, consultant, and advocate for effective security strategies, be they for your company, home, or family. “The most serious threat to a company’s data security is the…” Insider threat, which comes in two forms: The malevolent insider is […]
Security Expert: Efforts to mitigate the insider threat, such as additional security controls and improved vetting of new employees.
STEVE DURBIN @stevedurbin Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of focus include the emerging security threat landscape, cyber security, BYOD, the cloud, and social media across both the corporate and personal environments. Previously, he was Senior Vice President at Gartner. “As data breaches increase, many will be the […]
Security Expert: well-executed inside job will always wreak the most havoc and inflict the most pain: ‘trust but verify’ your insiders’ backgrounds.
JAMES GOODNOW @JamesGoodnow James Goodnow is a brilliant, creative, compassionate attorney and a technology aficionado in Phoenix, Arizona who’s been named one of America’s Techiest Lawyers by the ABA Journal, the official publication of the American Bar Association. Apple actually selected him as the first lawyer to be featured in one of its commercials, and also […]
Among 874 incidents, as reported by companies to the Ponemon Institute for its recent Cost of Data Breach Study, 568 (65%) were caused by employee or contractor negligence; 85 (10%) by outsiders using stolen credentials; and 191 (22%) by malicious employees and criminals. Data breach cost per breach $2.5 million. The report goes on to […]
Trusted Insiders turn Malicious. Can your business afford a $1.8 million fine for a Notifiable Data Breach?
There are serious consequences of non-compliance. Where an organisation breaches a mandatory notification requirement, the contravention is deemed to be an ‘interference with the privacy of an individual.’ As a result, it may amount to a breach of a civil penalty provision of the Privacy Act. This could result in the organisation being liable for […]