Twitter chat: Top information security threats revealed
May #GRCchat participants share top information security threats and how to prevent data breaches caused by the biggest culprits: employees.
Before the 2013 ISSA International Conference, SearchCompliance Site Editor Ben Cole asked speaker and Providence Health & Services CISO Eric Cowperthwaite to explain the primary sources of top information security threats for modern organizations: "The reality today is the vast majority of employees have some way to be mobile, whether it's on laptops the company provides, or their smartphone, or logging in via VPN and computing from anywhere," Cowperthwaite said. "That's a huge area of concern."
During May's SearchCompliance #GRCchat, participants took to the Twitter-sphere to discuss the best methods for minimizing business ramifications of security breaches -- especially as employees are increasingly mobile. Tweet jam expert and former Federal Communications Commission CIO Robert Naylor chimed in throughout the Twitter discussion to share his perspective and offer advice:
Q3 Employees play the most important role! They are usually the easiest point of entry for malware, APT’s, and Botnets. #GRCchat
— Robert Naylor (@rbnaylor)
May 15, 2014
Ben Cole agreed:
A3 Workers play a HUGE role in data protection- employees are the first line of defense when it comes to #databreach protection #GRCChat
— Ben Cole (@BenjaminCole11)
May 15, 2014
A3 (cont) they must understand the vulnerabilities of the data they are responsible for, and what they can do to protect it #GRCChat
— Ben Cole (@BenjaminCole11)
May 15, 2014
As big data, mobility, the cloud and innovative consumer technologies work their way into business processes, they cause a breadth of new security issues for IT professionals. Cole and #GRCchat participant Brian Fanzo sounded off:
A4 More data/more places= more security headaches. Plus biz need to figure out how to separate corporate and personal mobile data #GRCChat
— Ben Cole (@BenjaminCole11)
May 15, 2014
A3 as @rbnaylor said earlier, email phishing is a huge security vulnerability so employees need to avoid doing something stupid #GRCChat
— Ben Cole (@BenjaminCole11)
May 15, 2014
Insider threats are the number one problem. Unfortunately #mobile & #byod increase that risk. #GRCchat
— Brian Fanzo (@iSocial_Fanz)
May 15, 2014
Employees and internal customers play a chief role in data breach prevention, but simple, one-time training sessions won't remedy the issue.
SearchCompliance asked tweet jam participants to speak to this in the past. During our February #GRCchat, we asked, "What information management practices must be included in a mobile device policy to assure proper data security and to prevent breaches?" Tweet jammers suggested companies consider remote wipe control, info management policies for new tech, and frequent data confidentiality reminders for employees.
Robert Naylor's secret sauce? Creative -- and frequent -- training to prevent information security breaches:
Q3 I would deploy as many different and interesting types of training possible to ALL employees! #GRCchat
— Robert Naylor (@rbnaylor)
May 15, 2014
Q3 I liked a system pop-up quiz on cyber security each time someone logs into their computer and upon return from a locked screen. #GRCchat
— Robert Naylor (@rbnaylor)
May 15, 2014
I like your style! RT @rbnaylor: Q3 Cartoons make these types of things more interesting for end user. Keep it meaningful and fun. #GRCchat
— RachelTT (@RachelatTT)
May 15, 2014
@rbnaylor Absolutely! Not only to be entertaining, but because it makes training stick. #GRCchat
— RachelTT (@RachelatTT)
May 15, 2014
Aside from educating employees on how to prevent security breaches, it is important that organizations -- especially those of enterprise capacity -- have leadership in place to enforce security programs and lead by example.
@LTucci Not so sure that a CSO would definitely reduce the number of breaches. There are many more variables in play. #GRCchat
— Tim Crawford (@tcrawford)
May 15, 2014
RT @LTucci: @tcrawford True, but can't hurt to have a CISO. <Agreed that a CISO is key, but not a silver bullet. #GRCchat
— Tim Crawford (@tcrawford)
May 15, 2014
@tcrawford @LTucci Absolutely! The CISO and CIO should be on the same page, not the traditional adversarial relationship. #GRCchat
— Robert Naylor (@rbnaylor)
May 15, 2014
Join the discussion by adding your two cents here, or by using the #GRCchat hashtag on Twitter.
For more coverage of this month's #GRCchat, follow @ITCompliance on Twitter and read our recaps on developing a risk profile and preventing financial gaps. Our next tweet jam is scheduled for June 19 at 12 p.m. EST (topic TBA). We hope to "see" you there!