How Lockheed Martin, Cisco and PWC manage cybersecurity

November 24, 2015

Bruce Harpham

Cybersecurity remains a top priority for companies in all industries. The reason is clear. Criminals and other parties have access to inexpensive tools and training to attack companies and governments. The New York Times reported on the rise of ransomware earlier in 2015. This type of malicious software encrypts a user’s data and demands a payment to release it (or the data will be destroyed).

Many companies are deploying greater resources to turn the tide of hackers: Google has a team of 10 full time hackers working to eliminate flaws. Given these threats, executives and technology leaders are asking for best practices and technologies. Developing security awareness in staff, growing security professionals and equipping CIOs to monitor security remain vital components to a successful security management strategy.

The next wave of security testing: send phishing emails to employees

The capabilities and knowledge of your organization’s customers and nontechnical staff has one been one of the greatest cybersecurity threats. The ability to persuade people and defeat security measures is known under the broad heading of social engineering. Social engineering tactics – specifically phishing emails – were at the core of the 2011 RSA SecurID breach which shook confidence in security across the world. As that incident shows, even highly respected firms and security technologies are vulnerable to social engineering threats. Leading companies use several approaches to mitigate the risk.

“At Cisco, we have comprehensive training program that addresses information security,” commented Patrick Harbauer, technical Lead for the Neohapsis PCI DSS services practiceat Cisco Systems. “Annual training and computer based testing is a key part of our practice to equip our staff with the skills to detect and avoid phishing and similar information security threats,” Harbauer says.

Read Full Article