It’s essential that boards understand the organization’s cyber risks in order to successfully oversee overall company performance. CISOs and CSOs who can clearly convey cybersecurity to the board promotes better navigation of the organization in today’s uncertain cybersecurity world.
Ideally a penetration test should simulate a real world attack; in the real world, the attacker will always have some objective beyond “get into the network.” No matter who the attacker is, they are motivated by something that they are trying to accomplish – and getting into the network is only one step in that process for the attacker.
In the 2015 Anthem data breach, the compromise of an adminstrator’s credentials was the initial entry point that caused the breach and exposure of 13.5 million patient records. High-profile, high-impact breaches like this are spurring healthcare enterprises to institute more cybersecurity defenses and to monitor the insider threat.
The Massachusetts Institute of Technology is starting a new research effort to help CISOs better manage cybersecurity within critical infrastructure companies. Exxon Mobil Corp. and Schneider Electric SE are early members of the consortium, according to MIT.
When looking at the cyber technology market over the past 15 years, it is evident that the catalyst for cyber evolution was Y2K. Prior to the Y2K frenzy, “cybersecurity” was masked in the systems engineering function, and external threats consisted of hackers looking to leverage free computing capabilities with very little focus on information/data access or network destruction.
Who are the thought-leaders pushing the security industry forward, in government, cybersecurity, corporate security and education? Learn about this year’s security champions in our annual Most Influential People in Security report. Also in this issue: Data security concerns for healthcare institutions; ruggedized security technology; covert surveillance installations; how to polish up your resume and references; infinity background screening for workplace violence risk mitigation and more.