Implementing a security awareness program seems rather straightforward, until you actually start to implement one - factoring in things like resources and the people (users) to be trained. At that point, it can seem complicated, costly, and unnecessary. However, the process doesn't have to be a logistical and expensive nightmare, and it's certainly worth it in the long run.
With a number of high-profile security breaches making headlines of late, organizations are increasingly realizing they must beef up their security teams or risk catastrophe. Matt Comyns, global co-head of the Cybersecurity practice at Russell Reynolds Associates, an executive leadership and search firm, sat down with CIO.com to discuss the changing role of the Chief Information Security Officer (CISO), the global cybersecurity landscape and why finding and retaining elite security talent is critical.
The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, according to the Association of Certified Fraud Examiners (ACFE). This type of malicious behavior by "privileged users" who have been given broad access to the company's computer assets has captured the attention of CIOs across the country.
Canadian airline company WestJet is one of the earliest customers of VMware's NSX network virtualization tools, which initially reached for the tech to address a security issue. Network World Editor in Chief John Dix recently sat down with WestJet technologist Richard Sillito to learn what the company is learning about network virtualization and its broader NSX plans.
The problem with Security Awareness programs is that it is hard to prove their successes. As with all security countermeasures, success is usually that nothing happens. Ideally, success also means that there is a report of the attempted attack, however that is rarely the case. With technical countermeasures however, logs are usually maintained that allow people to point to all of the prevented attacks.
Thanks to high-profile computer security scares such as the Heartbleed vulnerability and the Target data breach , and to the allegations leveled at the government and cloud providers by Edward Snowden, more of us Internet users are wising up about the security of our information. One of the smarter moves we can make to protect ourselves is to use a password manager. It's one of the easiest too.
Talk to any information security professional over the past decade about a number of their greatest perceived challenges when it comes to doing their job. More often than not you'll hear about how their organization's business leadership didn't provide them the support and space they need to secure their organizations properly. One way you'll hear this is when it comes to the lack of budget. Another way you'll often hear this expressed, is as security "doesn't get a seat at the table."
By and large, the major websites hit by Heartbleed have recovered. So have the bad guys, who are undoubtedly plotting their next move. Here, security experts offer their take on five large-scale, Heartbleed-level vulnerabilities for which CIOs should prepare.
If we're lucky, We'll all have a chance once in our careers to take a risk and use our skills and experience to do something we truly love. Sometimes the career risk is low, but sometimes it's truly a leap of faith--one that offers potentially big rewards as well as the risk of major setbacks.
The hacker group dedicated to supporting Syria's dictator wasted an attack vector on trying to embarrass the writer. Will the SEA's handlers in the Syrian intelligence services approve of such immaturity?
Last week, a report from New York-based global investment news site BrightWire.com suggested that Apple's upcoming smartphone, the iPhone 6, will (finally) support near-field communications (NFC) technology. BrightWire.com cited "a source close to the matter."
The good news is that security budgets are rising broadly. The bad news? So are successful attacks. Perhaps that's why security budgets averaging $4.3 million this year represent a gain of 51% over the previous year a and that figure is nearly double the $2.2 million spent in 2010 a all according to our most recent Global Information Security Survey, conducted by PricewaterhouseCoopers.