Users a Top Security Threat

Friday, January 25, 2013 @ 12:01 PM gHale

Threats from internal computer users either in the office or mobile represents one of the greatest concerns in protecting corporate data for CISOs, a new report said.

In a report from Austin, TX-based IT professional community Wisegate, entitled, “Preparing for the Top IT Security Threats of 2013,” CISO members shared their viewpoints on the top anticipated threats for 2013 — and how to prepare for them.

Targeted Vulnerabilities 2 Years Old
Cyber Report: Attack Intensity on Rise
Attack Report: Traffic Tracks to China
Back to Basics: Security 101

The general consensus among members was specific threats like the latest virus or DDoS attacks against household name banks are not the most urgent security concerns to address. The real issue, or threat, is from the user that represents the most commonly exploited security vulnerability that will require heightened attention from CISO’s in 2013.

“What emerged from the panel of security experts was an agreement that there is no one-size-fits-all answer to awareness training,” said Tom Newton, CISO of Carillion Clinic. “CISOs need imagination and perseverance to get their message across, and often innovative methods of training from third-party vendors can be quite helpful. We must instill in each employee they are ultimately responsible for information security.”

Wisegate’s research shows:

• Simple data classification labels are the most effective with end users. Something simple like “protected” and “unprotected” is a great place to start.
• CISOs need to make themselves more accessible. It encourages employees to openly share issues, and helps CISOs find out how effective their programs are.
• The most effective programs use a variety of ways to get the message out that accommodates different learning styles.
• CISOs need to be creative and tap into their in-house experts in Marketing and Training to help the program be successful.
• The introduction of intermediary ‘security leads’ or security champions within and from the different departments can help to bridge that credibility gap between security and user.
• Security executives are not alone. Even veteran CISOs are still figuring this out, and need to leverage help from others inside and outside their organization to be successful.

The report shows specific details on how CISOs are planning to tackle these challenges and what strategies they will deploy.

The report “demonstrates the importance of, and difficulty in, addressing security awareness issues and how the average computer user has become an open door for cyber criminals to attack every corporation,” said Sara Gates, founder and chief executive of Wisegate.

Leave a Reply

You must be logged in to post a comment.