APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    AI Healthcare

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    Remote Work

    Smart City

    Startup

    Unified Communication

    Wireless

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • Dell

    IBM

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Full Stack Development

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    Proptech

    RegTech

Menu
    • IBM
    • Compliance
    • Big Data
    • Unified Communication
    • Digital Infrastructure
    • Data Center
    • Salesforce
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • IBM
    Editor's Pick (1 - 4 of 8)
    left
    Fusing Business and Technology to Create Value

    Bob Hennessy, Group CIO, Lendlease [ASX: LLC]

    Data Security across the Enterprise

    Kas Nader, CIO & SVP of Global Technology, Atlanticus Holding

    Evolving Data Security Involves Database Architecture

    Tom Basiliere, CIO, Provant

    Hybrid Intelligence

    Sharam Hekmat, CIO, IOOF Holdings, Australia

    New Technologies bringing Revolution to Remote Access Solutions

    Vijender Yadav, Director & CTO, Propalms Network

    Digital Acclerating Duke Energy's Transformation

    Brian Savoy, Senior Vice President, Chief Transformation and Administrative Officer, Duke Energy Corporation

    Fear the cloud, or not, better yet don't fear...

    Timothy Masey, VP, IT Infrastructure & Security Carhartt

    Beautifully Autistic - Enabled To Make A Difference What Did My Children Teach Me About Life, Business, And Innovation?

    Ahmed Abukhater, CIO - Chief Innovation Office Boeing

    right

    Data Breach Threats Lurk Within

    Steve Doston, CISO & VP, First Advantage

    Tweet
    content-image

    Steve Doston, CISO & VP, First Advantage

    Almost every day, the media has a report of a cyber security breach. Target, Home Depot, Sony Pictures, Internal Revenue Service, the U.S. Government, big banks, hotels, and supermarkets have all been victims of cyber attacks. Recently a major league baseball team was accused of hacking a rival team’s data in a case of corporate espionage.

    "First Advantage conducted a survey of 337 professionals including human resources, risk management, and C-suite executives about their attitudes toward internal and external security threats"

    Billions of dollars are lost, reputations are damaged, and business is left disrupted in the wake of data breaches. And while the big names make the news, small businesses are proving to be equally vulnerable. A survey of 675 small businesses by the National Small Business Association found that half of them have been victims of information theft in 2014.

    The war against electronic data theft is being fought on two fronts, although one front makes more headlines than the other. External threats generate a lot of attention and rightly so. Online hacking rings and foreign governments are constantly scouring targets, sometimes making off with millions of records–credit card information, health records, employee data, and other personal information. However, the ongoing battle which is overlooked deals with intrusion from within the inside of organizations.

    A 2014 report from the Ponemon Institute, a research center dedicated to privacy and data protection, claims that 15 percent of the time, a trusted insider with malicious intent was the root cause of a data breach.

    A 2012 report from the Software Engineering Institute on Mitigating Insider Threats puts that figure even higher, stating that 21 percent of cybercrimes were committed by insiders.

    Workforce Screening for Better Data Protection

    The Computer Emergency Response Team (CERT) Program from Carnegie Mellon University’s Software Engineering Institute recommends using the hiring process as a starting point for mitigating insider threats. Measures such as background screening can help employers make trust-based hiring decisions. In fact, First Advantage conducted a survey of 337 professionals including human resources, risk management, and C-suite executives about their attitudes toward internal and external security threats. Sixty percent of respondents said background screening of new employees is the most important security control that can be put in place to protect organizations from data breaches. Anti-malware ranked second (53 percent), followed by physical security and physical access controls (39 percent).

    Human Resources and Security

    Organizations need to determine where their information assets are, what value they have and who has access to them. Human resources and information security professionals within the organization should develop a policy framework about what factors are appropriate for background screening for specific positions. If an employee has access to credit card information or other personal identifiable information, a background check might include a national and county level criminal history in all areas a candidate has lived or worked. It may also include a check on financial information such as credit history or bankruptcy filing. Screening may even involve a check of terrorist watch lists.

    Many employers think that background screening ends when the new hire comes onboard. Unfortunately that can be a shortsighted and risky approach. Life happens and circumstances change. Young people are less likelyto have a criminal record or bad credit initially, but could incur debt over time that needs to be serviced, potentially increasing their risk to the organization. People also change positions and have access to different levels and types of data. Companies should have a solid standards-based policy framework that includes continuous monitoring and updating of background information through a periodic rescreening process. Fortunately, technology now allows for groups of employees to be rescreened all at once for a fraction of the cost of the original background check.

    Preventing Breaches through Vendors

    Company supply chains and third-party business partners are other vulnerable points for attack. The massive Target data breach was traced to a third-party heating, ventilating and air conditioning partner that was hacked. It is wise to make inquiries about whether contractors, suppliers, and staffing firms have robust policies in place regarding background screening in addition to technology-based solutions to protect against deliberate or inadvertent data breaches.

    The information age has changed the way we do business, but it has also created new risks that can lead to catastrophic losses. To ensure the greatest possible protection of valuable company information, organizations would be well advised to think about both internal and external threats, maintaining a thorough employee screening program along with tight IT security measures.

    tag

    Financial

    Physical Security

    Information Security

    Weekly Brief

    loading
    Top 10 IBM Solution Companies - 2019

    Featured Vendors

    Retarus

    Oliver Prevrhal, Managing Director

    eBlueprint

    Richard Lynders,, CEO

    ON THE DECK

    IBM 2019

    Top Vendors

    IBM 2018

    Top Vendors

    IBM 2017

    Top Vendors

    IBM 2016

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Future-Proofing Data Center Designs with a Dash of Innovation

    Future-Proofing Data Center Designs with a Dash of Innovation

    Kevin Miller, Principal, Digital Management, Aurecon
    How Agile Adapted In A Covid-19 World

    How Agile Adapted In A Covid-19 World

    Beth Schmidt, Director, It Delivery And Agile Operations, Markel
    Agile Mindset in a Nutshell

    Agile Mindset in a Nutshell

    An Interview With Samuel Calan, Head Web Frontend, Raiffeisen Switzerland
    Agile Delivery of Semiconductor Facilities

    Agile Delivery of Semiconductor Facilities

    Manuel Magg, Project Director, Exyte
    For a Smarter City: Trust the Data, Ignore the Hype

    For a Smarter City: Trust the Data, Ignore the Hype

    BRAD DUNKLE, DEPUTY CIO, CITY OF CHARLOTTE
    How to Create and Implement Scalable Digital Solutions for Smart Factory

    How to Create and Implement Scalable Digital Solutions for Smart Factory

    MARKO YLI-PIETILÄ, HEAD OF SMART OPERATIONS, STORA ENSO (HEL: STERV)
    What it Takes to be a 21st Century Public Safety Provider!

    What it Takes to be a 21st Century Public Safety Provider!

    Ned Pettus, Jr., Ph.D. Public Safety Director, The city of Columbus, Ohio
    Introducing Smart City Solutions into Highly Regulated Municipal Environments

    Introducing Smart City Solutions into Highly Regulated Municipal Environments

    Nelson Gonzalez, Assistant It Director/Ciso, City Of Coral Gables
    Loading...

    Copyright © 2022 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://ibm.apacciooutlook.com/cxoinsights/data-breach-threats-lurk-within-nwid-702.html