IT security is often in danger of being one of those things that only the IT department cares about — often seen by the C-suite as simply a cost to the business that doesn't add to revenue streams. With regard to internal security, for example, more than half of IT professionals believe that their senior management does not take enough responsibility for employee training, security policies or technology implementations to mitigate the insider threat.
The threat that employees pose is one of the most potentially dangerous to a business. It doesn't matter how good your network perimeter defenses, firewalls, antivirus software and threat-detection software are; if your employees fall for phishing scams, share passwords or still have access to company files once they've left, you're wide open to attack.
Which isn't to say that insider threat is not addressable, or that protecting company data is the only reason internal security is important. In this slideshow, IS Decisions CEO François Amigorena explains why C-level executives should care more about IT security and, in particular, the insider threat.
Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly-valuable information. ... More >>
Five common failures companies make when preparing for, and responding to, a data breach, as well as guidance for companies on how they can tackle these issues. ... More >>
Incorporating security capabilities such as encryption, better control and management and a data security framework will help alleviate the burden breaches place on the organization and people's lives. ... More >>