Your senior leaders within your company- CIO, Chief Risk Officer, Chief Privacy Officer, Human Resources Chief, General Counsel, Communications Head, and Chief Security Officer are not organized and trained, in advance, to effectively and promptly react to a data breach, whether from theft, an external breach, or something in between.
Many companies have ambiguous, outdated and unenforced policies regarding the protection of sensitive information, both at rest and ‘in transit’. Further, too often ownership of this information is unclear, making decisions about it even more problematic.
Uneven hiring and firing practices will negatively impact the ability of the organization to reach its vision of a ‘trusted and engaged’ workforce. When one of your colleagues leaves under acrimonious circumstances, generally sensitive and proprietary data leaves as well.
A trained, enthusiastic and committed workforce is your best ‘first line of defense against both well-intentioned but dangerous activity and concerning behaviors by their colleagues.
Had the privilege of seeing Tom influentially interact with a variety of clients from security professionals to executives. Tom’s leadership skills and subject matter expertise spans the security spectrum, beyond traditional and technical. Whether your goal is to protect classified national security information or intellectual property, Tom’s your guy.
I worked with Tom on a couple of projects and was impressed with his ability to tackle tough problems, see through political positioning, and overcome difficult challenges to completing his task. He was professional and outcome oriented.
Our team has unrivaled experience countering today’s most critical threats: defeating terrorists before they have a chance to act; responding to unprecedented natural disasters; preventing cyber criminals from breaking into the myriad networks that are the lifeblood of our government and private sector; and protecting international borders from transnational criminal organizations. We leverage our experience in government and the private sector as well as our deep subject-matter expertise to provide our clients with comprehensive, customized risk management solutions.
Employees are still the biggest cybersecurity worry for companies, but nearly 1/3 of executives and managers consider a state-sponsored attack likely.
Percentage who listed the following among the most likely sources of an attack.
Source: Ernst & Young Global Information Security Survey of 1,735 C-suite leaders and information-security and IT executives and managers in 72 countries, conducted between June and August 2016.
What causes Companies to be vulnerable to a breach by a trusted insider?
- Failure of the workforce to discern concerning behavior on the part of a co-worker
- Lackluster workforce training, e.g.no specific training in current threats, nor an appreciation of the consequences of a data loss
- Uneven enforcement of existing in existing security and IA policies
- Shortfalls in on-site personnel and physical security
- Broad access privileges for all employees regardless of duties or requirement
- Lack of a timely, coordinated and pre-planned response in the event of an incident