A lot of people focus on the external threat, mitigation and management, whereas most of the attacks are actually from the inside. What is your take on internal and external threat management?
Senior Security and Compliance Auditor in Software, 1,001 - 5,000 employees
With insider threats you can mitigate risk with solid HR vetting policies/requirements, SIEM tool to correlate suspicious activity, proper segregation of duties throughout the organization (not just IT), and DLP that blocks/alerts the movement of data/files between email/folders/environments/USB.Chief Security Officer in Software, 10,001+ employees
I disagree most of the attacks are from the inside. I think for most CISOs, insider threat is a small risk compared to external attackers. IT-chef / Director IT in Energy and Utilities, 201 - 500 employees
To me there are two distinctive differences 1) unknown external and 2) known internal, b/c people are people.As threats and hack innovations are exponential vs the money that is put on innovation on information security we all are struggling. External threats are categorized from manageable unknown to complete unknown, the later being a threats from another state. You wont know if they are there… I think companies are doing what they can regarding external threats.
The second known and internal threat is a complicated one, as it has to do with people employed within the company. The human factor is a common threats due to the fact of ignorance. Different countries have different laws regarding that regulates how hard u can be on employees. I dont think there is a thing called its "just to... put a vetting/screening or what have you in place". Its about education and awareness on ALL LEVELS in an organisation. A company should put various processes in place to deal we awareness of behaviors regarding assets = information. All new emplyess should go through information security education, current employees should be taking nano web seminars on the subject, its should be mandatory for managers to have a security follow up at the yearly review. Assign a system portfolio owner for each operational unit. Launch a compliance and audit on communication and infrastructure, matching that with processes, review accesses to Ad and applications 2 times a year.
People are people so given that our employees are known and a threat we should be able to minimize this but that is hard to do. Needs commitment and a ongoing systematic approach on awarness.
Group Chief Information Officer in Construction, 5,001 - 10,000 employees
Proper GovernancePolicy and procedures
Comprehensive Security Awareness program
and proper security measures and tools in Place
Content you might like
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.Less than or equal to 5%33%
Between 6% and 10%56%
Between 11% and 15%6%
Greater than 16%3%
638 PARTICIPANTS
ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read more
If I'm a non-malicious actor, I click on a link, I open an attachment and something bad happens, that's a failure in technology, not the individual. You could also argue the insider risk is the decision maker who thinks that something is an acceptable risk, when in reality, it's not. When you widen it out to that, you end up with a lot of insider risk. But the malicious side, I think, is quite small.
On the external side of it, we usually talk about threat actors and threat agents. When you look at all of the breaches that are public or non-public for that matter, it's primarily because somebody executed malicious code on the system, was able to take it down to ransomware, weaponize it, or steal data or intellectual property. That's the vast majority of the risk cycle that we're seeing. But the core of almost everything I've ever experienced is execution of malicious code.