Blog

Tag: Larry Ponemon

Fasoo sponsors Cybersecurity event at the Stevens Institute in Hobeken, NJFasoo, in partnership with the National Cyber Security Alliance, New Jersey Technology Council and Stevens Institute of Technology is hosting “Closing the Threat Gap: Executive Perspectives on the Cybersecurity Landscape” featuring Dr. Larry Ponemon, Chairman of the Ponemon Institute, and Mark Lobel, US and Global TICE Cybersecurity Leader at PwC.  The event is at the Babbio Center, Stevens Institute of Technology in Hoboken, New Jersey on October 26, 2016 from 3:30 – 6:00 p.m.

The two keynotes will focus on the most pressing security issues facing organizations today. Dr. Larry Ponemon will review three of 2016’s highest rated studies focusing on cyber security and how organizations can best position themselves to protect sensitive information.  Mark Lobel will present the finding of PwC’s “Global State of Information Security Survey 2017,” that was released on October 5th. The keynotes will be followed by a panel discussion monitored by Dr. Paul Rohmeyer, Associate Professor Information Security Management, and Risk Assessment at Stevens Institute of Technology.

While the event is open to the public, seating is limited and requires registration. For more information on the event and to register:https://www.stevens.edu/school-business/cyberevent#registration

Fasoo Presents to Ponemon RIM CouncilBill Blake, President of Fasoo, Inc., joined Dr. Larry Ponemon in a presentation on July 20, 2016 to the Ponemon RIM Council of the findings from the recent Ponemon Institute survey “Risky Business: How Company Insiders Put High Value Information at Risk”.  Bill and Larry discussed numerous points highlighted in the survey including how to deal with careless acts by employees and contractors that can ultimately result in a data breach.

The Ponemon RIM (Responsible Information Management) Council is a select group of privacy, security and information management leaders from multinational corporations who are champions within their various industries on issues involving privacy and data protection.  Many of the members were very interested in the conversation about company insiders, since many security organizations focus more of their technology and human resource on fighting external threats to sensitive information.

Companies in this study said the primary cause of data breaches was the careless employee (56 percent of respondents) followed by lost or stolen devices (37 percent of respondents) or system glitches (28 percent of respondents). In contrast, only 22 percent of respondents say external attackers or malicious/criminal insiders (17 percent of respondents) caused the breach.  It is interesting that organizations believe they are more effective in preventing external attacks by hackers and third parties than careless employees or malicious or criminal insiders, yet the survey points to insiders as being the greater threat.  This is in contrast to what many organizations view as the primary threat to their intellectual property and other high value information.

While a lot of focus is on strengthening perimeter security to address external threats, clearly companies need to look internally to prevent accidental exposure of information through careless or malicious acts.  Two key areas to remediate these issues are to create training programs that address the common and careless actions prevalent in most companies and take advantage of technologies that allow for self-securing data based on the value of the content rather than relying on employees to decide what is and what is not sensitive and high value information.

Click here to download the full presentation used during the RIM Council meeting.

Fasoo and Ponemon Study Reveals Employees Highest Security Risk to OrganizationsFasoo just released the results of the security industry’s first look at how confident organizations are about protecting intellectual property and other high value information.  In the latest Ponemon Institute survey titled, “Risky Business: How Company Insiders Put High Value Information at Risk”, 72 percent of organizations are not confident they can manage and control employee access to confidential documents and files.  This study reveals that insiders are the highest security risk to an organization.

The Ponemon Institute surveyed 637 U.S. IT security practitioners familiar with their organization’s approach to protecting data, documents and files against cyberattacks. For the purpose of this research, high value information includes trade secrets, new product designs, merger and acquisition activity, intellectual property, financial data, and confidential business information.

Based on the findings of the research, employees and other insiders often lack the information, conscientiousness and guidance needed to make intelligent decisions about the information they access and share.  Companies are more confident they can stop external attackers from accessing confidential information than their own employees and contractors.  This study should make executives and security professionals think about how they control internal access to sensitive information.

Some of the key findings from the study include:

  • 56 percent of companies believe the primary cause of data breaches are careless employees
  • 70 percent can’t locate confidential information
  • 60 percent don’t have visibility into what confidential documents and files employees are sharing
  • 73 percent say their organization lost confidential information in the last 12 months
  • 59 percent are not confident in preventing data leakage by careless employees

Safeguarding high value information is a two-way street. Employees need to be responsible and follow data protection policies and safeguards. Companies need to have the tools, expertise and governance practices to protect sensitive and confidential information.

An interesting finding in the Ponemon survey is that sales departments, C-level executives, Finance and Human Resources pose the greatest risk to information assets.  This points to a greater risk of insider threats compromising sensitive data than external hackers and cyber criminals.

“There is a belief that data breaches are the work of malicious actors, internal and external, but it is more often the result of careless behavior by employees who don’t understand the impact of sharing files. The findings in this study should serve as a wake-up call for all organizations determined to protect high value information,” said Larry Ponemon, President, Ponemon Institute. “Better security hygiene, including education and consequences for risky behavior, should include every employee with access to information in addition to the organization locking down proprietary data, intellectual property and confidential information that shouldn’t be accessed by everyone.”

Click here to access the full report.

Categories
Book a meeting