Determining the definition of insider risk to your organization is half the battle in mitigating the threat. The other half is more complicated, involving security culture, defined procedures and responses, and a little bit of technology.
Anyone with access to your organization — employee, contractor, former employee, etc. — poses a potential risk to the enterprise. So, what is insider threat; who should own an insider risk mitigation program within the enterprise; and most importantly, how can security leaders assess and mitigate the risk?
Security professionals seeking to advance their careers often ask me whether certifications are worth it, and, if so, which ones they should pursue. The answer, of course, depends on the person and his or her goals. Plenty of people excel without a credential.
As the light at the end of the tunnel becomes brighter, rethinking the hiring and onboarding process for security talent can be the difference between recovering out-of-work employees, getting them up to speed, and enduring unnecessary difficulties.
In the aftermath of the Colonial Pipeline attack, global IT association and learning community ISACA polled more than 1,200 members in the United States and found that 84% of respondents believe ransomware attacks will become more prevalent in the second half of 2021. The Colonial Pipeline attack caused massive disruptions to gasoline distribution in parts of the US this month, resurfacing preparedness for ransomware attacks as a front-burner topic for enterprises around the world. Colonial reportedly authorized a ransom payment of US $4.4 million. In the ISACA survey, four out of five survey respondents say they do not think their organization would pay the ransom if a ransomware attack hit their organization. Only 22% say a critical infrastructure organization should pay the ransom if attacked.
As employees return back to the office, challenges continue to unfold and the best way to approach many of the computers and systems that have been off company premises for so long is to regard them as potentially infected.
As employees return back to the office, challenges continue to unfold and the best way to approach many of the computers and systems that have been off company premises for so long is to regard them as potentially infected.
Like the game of Texas Hold ‘Em, the practice of security is ultimately an exercise in decision-making. Specifically, how do you make the best decision possible with limited and incomplete information?
While many people around the country were under stay-at-home orders, many security professionals, classified by the federal government as essential personnel, have continued to report to work during the pandemic. The heart and soul of the physical security business are the nation’s contract security professionals who assume leadership roles – sometimes with lifesaving ramifications – at facilities across country. Security professionals act as the first line of defense against civil unrest, violence, terrorist attacks and the pandemic.
Colonial Pipeline, which operates the biggest gasoline conduit to the East Coast, said it has no estimate on when it could restart the 5,500-mile pipeline that it shut Friday after a cyberattack. The company took systems offline to contain the threat, temporarily halting all pipeline operations and affecting some IT system. In a statement, the company said the Colonial Pipeline operations team is developing a system restart plan, and while their mainlines remain offline, some smaller lateral lines between terminals and delivery points are now operational.
Taking a project management approach to its comprehensive COVID-19 pandemic response, Boeing’s Security & Fire Protection and Health Services business units placed collaboration, communication and actionable data at the forefront to make unified, informed decisions across the enterprise.
Boeing took a project management approach to its comprehensive, unified COVID-19 pandemic response co-led by the organization’s Security & Fire Protection and Health Services business units. Putting communication and actionable data at the forefront, the organization made informed decisions to minimize operational disruption and ensure the safety of its employees including site suspensions, COVID-19 specific protocols, PPE distribution and more.