Check Point Software CISO Jony Fischbein has a lot on his plate. Like many CISOs, he juggles the security of multiple corporate departments with thousands of employees, all of whom possess different personalities, security requirements, and potential risk factors.
"A lot of these departments … they want to drive to the same place, but they have different needs," said Fischbein in a keynote at this week's CPX 360 conference, in New Orleans. Each day he is tasked with making decisions to secure these departments and each of their employees, while also tackling his overall goal and greatest challenge in being a CISO: enabling business processes.
Tackling this challenge starts with addressing human-based issues. "People are the biggest asset and the biggest weakness in any organization," Fischbein said. "Engage them wisely."
This means knowing how employees can aid in your defenses, but more importantly the people you need to protect against. The first group includes overmotivated employees. "These employees will do stuff because they just want to promote the business," he explained, but they often do this by downloading tools and applications not sanctioned by the IT department. "Shadow IT," or the use of software without the business' consent, presents security issues.
While eager employees pose a risk, unhappy ones are considerably more dangerous. "These are the No. 1 people who will hurt the company," Fischbein added. Angry workers who are motivated to cause damage can use their access to steal contacts and code and expose internal data. "These problems are relevant to everyone," he said, noting that for every 1,000 employees, chances are five to 15 are unhappy. They may face penalties, he continued, but ma ..
Support the originator by clicking the read the rest link below.
