Apac
  • Home
  • CXO Insights
  • CIO Speaks
  • Whitepapers
  • Partner Conferences
  • News
  • Subscribe
  • About us
Apac

  • Agile

    Artificial Intelligence

    Augmented Reality

    Big Data

    Blockchain

    Business Intelligence

    Business Process Management

    CEM

    Cloud

    Collaboration

    CRM

    Cyber Security

    Data Center

    Digital Technology

    Disaster Recovery

    Document Management Systems

    Enterprise Architecture

    Enterprise Asset Management

    Enterprise Performance Management

    Enterprise Security

    ERP

    Gamification

    Geographical Information System

    HPC

    HR Technology

    Internet of Things

    IT Services

    Mobility

    Networking

    Open Source

    PLM

    POS

    Project Management

    QA and Testing

    Risk Management

    SaaS Solutions

    Security

    Simulation

    Smart City

    Startup

    Storage

    Unified Communication

    Virtualization

    Web Development

    Workflow

  • Automotive

    Aviation and Aerospace

    Banking

    Compliance

    Construction

    Contact Center

    E-Commerce

    Education

    Energy

    Engineering

    Field Service

    FinTech

    Fleet Management

    Gov and Public

    Healthcare

    Insurance

    Legal

    Logistics

    Managed Services

    Manufacturing

    Media and Entertainment

    Metals and Mining

    Payments

    Pharma and Life Science

    Procurement

    Retail

    Sales and Marketing

    Sports

    Telecom

    Travel and Hospitality

    Utilities

  • Amazon

    CISCO

    Corporate Finance

    Google

    HP

    IBM

    Intel

    IT Service Management

    Microsoft

    Oracle

    Red Hat

    Salesforce

    SAP

    VMware

Menu
    • IBM
    • Amazon
    • ERP
    • Project Management
    • Big Data
    • Data Center
    • FinTech
    • Travel and Hospitality
    • IBM
    • Unified Communication
    • Simulation
    • SAP
    • Utilities
    • Education
    • Sports
    • Salesforce
    • HPC
    ×

    Subscribe to our Newsletter

    news
    news

    Join our mailing list for the latest articles, news, and exclusive insights from prominent technology leaders

    loading
    SUBSCRIBE

    Thank You for subscribing with us. We sent you an email regarding this.

    news

    • Home
    • IBM
    Editor's Pick (1 - 4 of 8)
    left
    CIOs Need To Know Their Business, Not Just Tech

    John Sadowski, EVP & CIO, Sandy Spring Bank

    Your Next Law Firm Website Project

    Vic Peterson, CIO, Stinson Leonard Street LLP

    Essentials for a Compliant Environment

    Seevali Fernando, Group CIO, Hoya Corporation

    The Digital Agency

    Ralph Chivers, CIO, Ministry of Business Innovation and Employment, New Zealand

    E-commerce and the Data behind it

    Klemen Drole, CIO, Lazada Group

    Need and Importance of IT in the Shipping Industry

    Anjan Deb, GM-IT (CIO), The Great Eastern Shipping

    At the Crossroads of Sports and Technology

    Jerry Mcglynn, CIO, Specialized Bicycle Components

    Proliferative Innovation via Platform+Agile

    Dr. Steve Hodgkinson, CIO, Department of Health & Human Services in Melbourne, Australia

    right

    Data Breach Threats Lurk Within

    By Steve Doston, CISO & VP, First Advantage

    content-image

    Steve Doston, CISO & VP, First Advantage

    Almost every day, the media has a report of a cyber security breach. Target, Home Depot, Sony Pictures, Internal Revenue Service, the U.S. Government, big banks, hotels, and supermarkets have all been victims of cyber attacks. Recently a major league baseball team was accused of hacking a rival team’s data in a case of corporate espionage.

    "First Advantage conducted a survey of 337 professionals including human resources, risk management, and C-suite executives about their attitudes toward internal and external security threats"

    Billions of dollars are lost, reputations are damaged, and business is left disrupted in the wake of data breaches. And while the big names make the news, small businesses are proving to be equally vulnerable. A survey of 675 small businesses by the National Small Business Association found that half of them have been victims of information theft in 2014.

    The war against electronic data theft is being fought on two fronts, although one front makes more headlines than the other. External threats generate a lot of attention and rightly so. Online hacking rings and foreign governments are constantly scouring targets, sometimes making off with millions of records–credit card information, health records, employee data, and other personal information. However, the ongoing battle which is overlooked deals with intrusion from within the inside of organizations.

    A 2014 report from the Ponemon Institute, a research center dedicated to privacy and data protection, claims that 15 percent of the time, a trusted insider with malicious intent was the root cause of a data breach.

    A 2012 report from the Software Engineering Institute on Mitigating Insider Threats puts that figure even higher, stating that 21 percent of cybercrimes were committed by insiders.

    Workforce Screening for Better Data Protection

    The Computer Emergency Response Team (CERT) Program from Carnegie Mellon University’s Software Engineering Institute recommends using the hiring process as a starting point for mitigating insider threats. Measures such as background screening can help employers make trust-based hiring decisions. In fact, First Advantage conducted a survey of 337 professionals including human resources, risk management, and C-suite executives about their attitudes toward internal and external security threats. Sixty percent of respondents said background screening of new employees is the most important security control that can be put in place to protect organizations from data breaches. Anti-malware ranked second (53 percent), followed by physical security and physical access controls (39 percent).

    Human Resources and Security

    Organizations need to determine where their information assets are, what value they have and who has access to them. Human resources and information security professionals within the organization should develop a policy framework about what factors are appropriate for background screening for specific positions. If an employee has access to credit card information or other personal identifiable information, a background check might include a national and county level criminal history in all areas a candidate has lived or worked. It may also include a check on financial information such as credit history or bankruptcy filing. Screening may even involve a check of terrorist watch lists.

    Many employers think that background screening ends when the new hire comes onboard. Unfortunately that can be a shortsighted and risky approach. Life happens and circumstances change. Young people are less likelyto have a criminal record or bad credit initially, but could incur debt over time that needs to be serviced, potentially increasing their risk to the organization. People also change positions and have access to different levels and types of data. Companies should have a solid standards-based policy framework that includes continuous monitoring and updating of background information through a periodic rescreening process. Fortunately, technology now allows for groups of employees to be rescreened all at once for a fraction of the cost of the original background check.

    Preventing Breaches through Vendors

    Company supply chains and third-party business partners are other vulnerable points for attack. The massive Target data breach was traced to a third-party heating, ventilating and air conditioning partner that was hacked. It is wise to make inquiries about whether contractors, suppliers, and staffing firms have robust policies in place regarding background screening in addition to technology-based solutions to protect against deliberate or inadvertent data breaches.

    The information age has changed the way we do business, but it has also created new risks that can lead to catastrophic losses. To ensure the greatest possible protection of valuable company information, organizations would be well advised to think about both internal and external threats, maintaining a thorough employee screening program along with tight IT security measures.

    Top 25 IBM Solution Providers - 2017

    Top 25 IBM Solution Providers - 2017

     25 Most Promising IBM Solution Providers

    25 Most Promising IBM Solution Providers

    Featured Vendors

    Retarus

    Oliver Prevrhal, Managing Director

    eBlueprint

    Richard Lynders,, CEO

    IBM Special

    Copyright © 2018 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy Policy.

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://ibm.apacciooutlook.com/cxoinsights/data-breach-threats-lurk-within-nwid-702.html