News

Twitter chat: Top information security threats revealed

May #GRCchat participants share top information security threats and how to prevent data breaches caused by the biggest culprits: employees.

Emily McLaughlin, Content Development Strategist

Published: 06 Jun 2014

Before the 2013 ISSA International Conference, SearchCompliance Site Editor Ben Cole asked speaker and Providence Health & Services CISO Eric Cowperthwaite to explain the primary sources of top information security threats for modern organizations: "The reality today is the vast majority of employees have some way to be mobile, whether it's on laptops the company provides, or their smartphone, or logging in via VPN and computing from anywhere," Cowperthwaite said. "That's a huge area of concern."

During May's SearchCompliance #GRCchat, participants took to the Twitter-sphere to discuss the best methods for minimizing business ramifications of security breaches -- especially as employees are increasingly mobile. Tweet jam expert and former Federal Communications Commission CIO Robert Naylor chimed in throughout the Twitter discussion to share his perspective and offer advice:

Q3 Employees play the most important role! They are usually the easiest point of entry for malware, APT’s, and Botnets. #GRCchat
— Robert Naylor (@rbnaylor) May 15, 2014

Ben Cole agreed:

A3 Workers play a HUGE role in data protection- employees are the first line of defense when it comes to #databreach protection #GRCChat
— Ben Cole (@BenjaminCole11) May 15, 2014

A3 (cont) they must understand the vulnerabilities of the data they are responsible for, and what they can do to protect it #GRCChat
— Ben Cole (@BenjaminCole11) May 15, 2014

As big data, mobility, the cloud and innovative consumer technologies work their way into business processes, they cause a breadth of new security issues for IT professionals. Cole and #GRCchat participant Brian Fanzo sounded off:

A4 More data/more places= more security headaches. Plus biz need to figure out how to separate corporate and personal mobile data #GRCChat
— Ben Cole (@BenjaminCole11) May 15, 2014

A3 as @rbnaylor said earlier, email phishing is a huge security vulnerability so employees need to avoid doing something stupid #GRCChat
— Ben Cole (@BenjaminCole11) May 15, 2014

Insider threats are the number one problem. Unfortunately #mobile & #byod increase that risk. #GRCchat
— Brian Fanzo (@iSocial_Fanz) May 15, 2014

Employees and internal customers play a chief role in data breach prevention, but simple, one-time training sessions won't remedy the issue.

SearchCompliance asked tweet jam participants to speak to this in the past. During our February #GRCchat, we asked, "What information management practices must be included in a mobile device policy to assure proper data security and to prevent breaches?" Tweet jammers suggested companies consider remote wipe control, info management policies for new tech, and frequent data confidentiality reminders for employees.

Robert Naylor's secret sauce? Creative -- and frequent -- training to prevent information security breaches:

Q3 I would deploy as many different and interesting types of training possible to ALL employees! #GRCchat
— Robert Naylor (@rbnaylor) May 15, 2014

Q3 I liked a system pop-up quiz on cyber security each time someone logs into their computer and upon return from a locked screen. #GRCchat
— Robert Naylor (@rbnaylor) May 15, 2014

I like your style! RT @rbnaylor: Q3 Cartoons make these types of things more interesting for end user. Keep it meaningful and fun. #GRCchat
— RachelTT (@RachelatTT) May 15, 2014

@rbnaylor Absolutely! Not only to be entertaining, but because it makes training stick. #GRCchat
— RachelTT (@RachelatTT) May 15, 2014

Aside from educating employees on how to prevent security breaches, it is important that organizations -- especially those of enterprise capacity -- have leadership in place to enforce security programs and lead by example.

@LTucci Not so sure that a CSO would definitely reduce the number of breaches. There are many more variables in play. #GRCchat
— Tim Crawford (@tcrawford) May 15, 2014

RT @LTucci: @tcrawford True, but can't hurt to have a CISO. <Agreed that a CISO is key, but not a silver bullet. #GRCchat
— Tim Crawford (@tcrawford) May 15, 2014

@tcrawford @LTucci Absolutely! The CISO and CIO should be on the same page, not the traditional adversarial relationship. #GRCchat
— Robert Naylor (@rbnaylor) May 15, 2014

Join the discussion by adding your two cents here, or by using the #GRCchat hashtag on Twitter.

For more coverage of this month's #GRCchat, follow @ITCompliance on Twitter and read our recaps on developing a risk profile and preventing financial gaps. Our next tweet jam is scheduled for June 19 at 12 p.m. EST (topic TBA). We hope to "see" you there!

Dig Deeper on Risk management and compliance

2015 might be a big year for these GRC technologies This could be a big year for GRC technologies. #GRCChat-ters predict which tools and processes will continue their upward trend in 2015 and which will wane.

What were your top IT GRC regrets from 2014? Information security is moving up the priority list at many organizations. In this #GRCChat recap, participants look back at 2014 to discuss their top IT GRC regrets.

Offensive security in the enterprise: Examples, advice and cautions In IT, offensive security can involve methods other than 'hacking back.' In this #GRCChat recap, participants offer examples of active defense tactics, as well as advice on when to go on the offensive.

Is meeting PCI DSS standards enough to protect customer data? In the wake of several high-profile data breaches, #GRCchat participants discuss whether meeting PCI DSS standards is an effective step toward better customer data protection.

Social media, vendor management complicate legal discovery Participants in the latest #GRCchat discuss how to overcome the legal discovery challenges presented by vendor management and social media data.

Information governance policy key to big data e-discovery management Big data creates many e-discovery challenges, but participants in the August #GRCchat said a comprehensive information governance policy can help.

Twitter chat: Top information security threats revealed

May #GRCchat participants share top information security threats and how to prevent data breaches caused by the biggest culprits: employees.

Dig Deeper on Risk management and compliance

Start the conversation

0 comments

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

Don't let edge computing security concerns derail your plans

Risk-based digital identity benefits CIOs, CMOs and customers

Agile practices endure and continue to adapt

SearchHealthIT

Digital transformation projects are an opportunity for healthcare CIOs

Cloud-based security enables healthcare orgs to grow with the times

3 health IT leaders on takeaways from 2019 CHIME Fall CIO Forum

SearchCloudComputing

A primer on Alibaba Cloud for Western enterprises

AWS, Azure and Google peppered with outages in same week

Google to unveil post-Chronicle cloud cybersecurity plans

SearchDataCenter

Microsoft quantum development turns toward hardware

Top 5 options for Linux certifications

New hardware, use cases shape server benchmarking needs

SearchDataManagement

How AI could save the enterprise data catalog

With Vitess 4.0, database vendor matures cloud-native platform

Managing unstructured data is crucial to enterprises' AI goals

SearchSecurity

Check Point: Qualcomm TrustZone flaws could be 'game over'

InfoTrax settles FTC complaint, will implement infosec program

Microsoft to apply CCPA protections to all US customers

Related Resources

Dig Deeper on Risk management and compliance

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.