The Security team compiled this year’s top web exclusive articles — all of which were contributed by security and risk experts, offering unique views on the security profession, the future of security management as well as how security leaders can prepare for threats on the horizon.
A special thank you to all our contributors, and our readers, for your support and for being the inspiration behind each story.
1. 8 tips for improving physical security in your organization.
Today, organizations must consider physical security as a primary pillar of its cybersecurity strategy. Bryon Miller, Co-Founder and Chief Information Security Officer (CISO) at ASCENT Portal, offers eight tips for enterprise security leaders to improve organizational physical security — from establishing physical security perimeters, to implementing external and environmental threat protection, and more.
2. 5 questions CISOs should ask when evaluating cyber resiliency.
Putting a plan in place that details how to handle a cyber-triggered business disaster is essential, but it isn’t always easy to get started. Heather Gantt-Evans, SailPoint’s CISO, offers insights into the five questions CISOs should be asking when it comes time to evaluate — and improve — cyber resiliency.
3. Mitigating domestic terrorism and insider threat risks.
To appropriately respond to the threat of domestic extremism, it is critical first to understand the root causes and cultural landscape that have allowed extremist ideas and groups to gain a foothold in American society. Authors David Prina and Andrée Rose at the DoD’s Defense Personnel and Security Research Center (PERSEREC) discuss how to identify domestic violent extremists to mitigate insider threats.
4. 7 steps to combat cybersecurity threats in times of instability.
In this new world order, the only means by which governments and organizations can achieve cyber resilience is by preparing themselves for any disruption, conflict, or instability. Author Steve Durbin, CEO of the Information Security Forum (ISF), offers seven steps organizations and security teams can follow to understand potential threats in times of instability.
5. Addressing crisis management team burnout.
The mental health and well-being of crisis management teams are factors that, if not properly managed, can lead to burnout, which can significantly exacerbate the onset of crisis management fatigue in leaders. Author Julian Moro, Senior Vice President & Regional Security Director at International SOS, outlines seven tips and practical approaches to keep crisis management response on track and prioritize the mental health of security teams.
6. Boards: Supporting cybersecurity risk management & mitigation.
A shields-up cybersecurity approach requires enterprise involvement from the top down, and corporate boards play a critical role in setting the tone for enterprises. Patrick Niemann, Leader of the EY Audit Committee Forum, discusses what can be done now to engage boards in cybersecurity governance — until the U.S. Securities and Exchange Commission (SEC) proposed rule changes take effect in 2023 to “enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance and incident reporting by public companies.”
7. 11 steps to build the foundation of a school security and safety program.
More than ever, we need engaged leadership, a clear vision, community engagement, dedicated funding, resources, and energy to reset our mindset around school security and safety. While there is no single solution that fits all schools, Bill Edwards, President of Federal and Public Safety at Building Intelligence, Inc., and security expert Stephan Masson offer 11 best practices that use the concept of comprehensive security program development as the foundation for school security and safety.
8. Could Russia launch a cyberattack on the U.S. power grid?
A highly disturbing and realistic possibility — one, in fact, that has been a headache for years — has moved up a notch amid the Russia-sparked war in Ukraine: Russia could launch a devastating attack on the U.S. power grid. Robert R. Ackerman Jr., founder and managing director of AllegisCyber Capital, discusses the history of power grid attacks and how to harden critical infrastructure attack vectors.
9. June 2022 saw 5 violent attacks in U.S. hospitals.
Five violent incidents occurred in U.S. hospitals throughout the month of June 2022. In most events, staff quickly identified escalating or unsafe conditions and responded quickly by removing themselves and others from harm, resulting in numerous saved lives. Katarina Kemper, Founder, Principal Consultant, and CEO of Healthcare Public Safety and Security Consultants, LLC., offers a number of administrative, behavioral and physical controls that healthcare facilities can implement to dramatically reduce risk.
10. Risk assessments in focus amid security challenges.
Common safety risks — from security gaps to employee injuries — haven’t gone away, and may be even more detrimental to your operations if time and resources are already stretched thin. If it’s been a while since you conducted a thorough risk assessment, now is the time to get back on top of your safety planning. Mike Zblewski, Director of Safety Services with Sentry Insurance, recommends following a process with five specific steps to conduct a risk assessment.
11. The weaponization of social media.
The breadcrumbs that individuals and organizations leave on social media inform the insidious psychological manipulation at the root of social engineering and reverse-social engineering attacks. Author Claire Moravec, VP of Digital and Human Intelligence at Red Vector, Inc., delves into how social engineering provides a pathway to gaining insider access into an organization’s network and data and how organizations can mitigate these risks.
12. 8 steps to achieving cybersecurity compliance.
Organizations that are non-compliant face increased regulatory scrutiny and can risk damaging their hard-earned market reputations. Security compliance should not be only viewed as an obligation but an opportunity. In this article, Perry Carpenter, Chief Evangelist/ Strategy Officer for KnowBe4, proposes eight steps to help organizations achieve cybersecurity compliance.
Bonus Security Leadership Stories
1. What we learned from transforming a security program
Heather Ceylan and Ariel Chavan, security leaders at Zoom, walk us through four lessons they learned while transforming a security framework in a thoughtful yet future-proofed way to align with a growing organization.
2. The security screening paradox: Providing transparency without arming potential attackers
Mike Ellenbogen, Co-Founder and Head of Advanced Technology at Evolv Technology, discusses how security risks happen every day because of publicly available information. On the one hand, security leaders in the industry want the public to feel confident that they are safe by demonstrating the efficacy of technologies, protocols and processes. On the other, if too much is revealed, people may look to cause harm and can use that information to look and test for vulnerabilities.
3. From video game developer to CISO: How to successfully make career pivots
Adam Marrè, CISO at Arctic Wolf, who spent almost 12 years with the FBI as a Special Agent and SWAT Senior Team Leader, argues it doesn’t take a computer genius, or even a background in computer science, to embark on a successful career in the industry. As a former humanities major and video game developer, Marrè offers readers a look at how to successfully make career pivots — and what he specifically looks for when hiring “effective cybersecurity talent.”
