How Can Companies Protect Themselves?
Cullison: Training is as important as having the right security software in place. However, there should be a collective responsibility in protecting company information. This is where we bring in process improvement. Our strength is in process improvement projects where we look at what has been missed. By uniting processes and merging functions, you can address issues more effectively. For example, with IT and HR working together, you can have a policy in place to monitor an employee who might have been flagged as having grievances or performance issues.
Organizations should get all the right stakeholders in one room to really understand what they are trying to achieve in terms of security and from there create a robust insider threat program that is part of the business process.
Tackle Insider Threat by Creating a Culture of Security Awareness
Tackle Insider Threat by Creating a Culture of Security Awareness
October is National Cyber Security Awareness Month (NCSAM), and this year's theme is 'Our Shared Responsibility,' reflecting the notion that cyber space cannot be secured without the help of all users. Unfortunately, the weakest link in most organizations is the employees. In fact, many, if not most, security breaches involve internal users, a risk often referred to as insider threat.
We've spoken to two experts in the area of insider threat to provide some insight into what it is and how it can be defended against. The first is François Amigorena, president and CEO at IS Decisions, a solutions provider specializing in securing internal user network access. The second is Greg Cullison, senior executive of Security, Suitability and Insider Threat Programs at Big Sky Associates, specialists in helping federal and commercial organizations mitigate threats. In this slideshow, Amigorena and Cullison discuss how understanding the role of insider threats is an important part in creating a culture of cybersecurity.
