Archive for ‘Information Spillage’

Bridging the Cybersecurity Talent Gap

Thursday, July 28th, 2016

john_timmerman-ns

Recently, a colleague of mine attended the 2016 CISO Leadership Forum in San Francisco where he had the opportunity to listen to Steve Zalewski, Chief Security Architect for Levi Strauss & Co., discuss the state of his cybersecurity resources. “I don’t need more hammers,” Mr. Zalewski stated, “I need more people to swing them.” The current shortage of cybersecurity experts is creating a “perfect storm” that could spell data disaster for a lot of organizations, both public and private. While cyber threats are growing more sophisticated and dangerous, a recent Cisco report highlights that there are 1 million open cybersecurity positions globally. This is a significant talent gap that is not going to be remedied quickly and is already causing significant difficulties.

So where can a data security team find more people to swing the data security hammers?

cybersecurty shortage
(more…)

 

 

How Will ‘Brexit’ Impact EU GDPR Compliance?

Tuesday, July 26th, 2016

craig_adams-ns

As a Brit who thinks our country is great, but also a European who spends a large part of his time travelling around the continent, I was shocked to find that the UK electorate voted to leave the European Union! If I’m honest with myself, I didn’t see it coming. My general impression of the British public is that, on the whole, we are conservative with a small “c” and typically vote to maintain the status quo. – the grass is very rarely greener…

Brexit
(more…)

 

 

What is Your Data Exposure Risk?

Wednesday, July 13th, 2016

What would happen within your organization if it was faced with the unenviable process of e-discovery? Calm, quick assembly of relevant information, or pure chaos?  My guess is that it would lean heavily towards the latter; in fact, many companies are opting to settle out of court rather than deal with the resourcing and financial hardships which come from the process of e-discovery.

Why? Because companies are sitting on huge piles of data; sure, much of it is relevant business information, but I’d wager that a large percentage is ROT (redundant, outdated, and trivial). This type of data comes from the many versions of files created but never deleted, documents from employees who have long since left the company and are no longer useful, and the myriad of files which were once useful but have long since passed their shelf life (marketing campaigns from 6 years ago, anyone?).


(more…)

 

 

5 Email Policies to Save the Saints

Tuesday, July 5th, 2016

I think that I communicate with my colleagues almost as much via email as through verbal communications – even those I share an office with. In fact, probably about a third of the verbal communications are social interaction rather than direct business discussion. In email, however, most of the communication with my colleagues contains business information, sometimes including large attachments containing sensitive strategic plans. And unlike a verbal conversation which is lost to the ether, email endures. So, while talking about business plans outside the office where someone might overhear has some risk to the company, sending an email to the wrong recipient can be significantly more damaging. Yet, organizations are still not protecting themselves from these accidental breaches.

As a case in point I offer you this example from the National Football League (NFL). It is reported that on July 1st, the New Orleans Saints intended to send an email to the NFL head office regarding their plans to pick up a player who was just put on waivers (released) by the Cleveland Browns. The email, however, was accidentally addressed to the entire league. In other words, they broadcast their plan to all of their competition.

NFL-blog-image
(more…)

 

 

IT is Not Responsible for Your Mistakes

Wednesday, March 30th, 2016

victoria_mcglone-ns

We’ve all been there; heart racing, palms sweating, and gasps of remorse while frantically pressing the email recall button and praying you haven’t done what you think you have just done. You guessed it, I’m talking about the “oops” email – the email that you should not have just sent. The email that could cost you your job, your reputation and a sizable amount of regret!

Suggesting that IT is responsible for protecting today’s data is like suggesting a car dealership is responsible for the safety of drivers.  Ultimately, you can buy a car from a dealership, but it’s your responsibility to be safe and avoid accidents.  IT alone can’t cover the “oops” email or any other user blunders. As we move forward in a world where users are responsible for creating and handling an organization’s most important asset – data – it’s imperative to make users aware of their responsibility. After all, users are often much more aware of the sensitivity of a file than a machine can be.

I hear you asking: “Why is it my responsibility when we have all these great security systems?”

oops-blog
(more…)

 

 

Millennial Privacy – A Paradox?

Tuesday, January 26th, 2016

sandra_catana-ns

Each year, International Privacy Day reminds us how important it is to question where sensitive data resides, who has access to it, and how to best value and protect private information. As large enterprises hire the next generation of social media savvy employees, it is also a good time to question whether these millennials understand the value of data. Do they know what information should stay private vs. what can be shared?

Working with a generation that readily connects, collaborates and shares information online, companies are faced with educating employees on balancing the need to share with the need to protect. In an era of digital business, company brand and customer loyalty and retention depend on it.

blog privacy day

(more…)

 

 

Oh Canada! How a Trip to Ottawa Converted a Data Classification Skeptic into a TITUS Champion

Thursday, January 14th, 2016

jeremy_wittkop-ns

The following blog has been re-posted with permission of the author. The original post can be found on Jeremy Wittkop’s LinkedIn blog.

This will be the rarest of posts. I am going to begin my post about why Data Classification is important to a content and context aware security program by telling you all of the reasons why I was originally skeptical of its value. I do so in hopes that people who share the same concerns I did will have an opportunity to experience the magic of the Titus approach vicariously through me. I am also going to do something that few people who are in my position are willing to do, while simultaneously do something no author should ever do. I am going to admit I was wrong and I am going to quote myself.

“I was wrong” – Me

blog_ottawa
(more…)

 

 

The New Asset on Your Balance Sheet

Wednesday, October 28th, 2015

mark_cassetta-ns

With so many metrics focused on the “cost of a data breach” as well as how much money is spent on data security, is it crazy to think that boards of directors will begin asking for financial statements around data value in the next couple of years?

The concept of placing value on your data is not new – analysts have been talking about infonomics and information valuation for a while now. In fact, it just appeared on a recent Gartner hype cycle which suggested infonomics will take 5 to 10 years to plateau. However, with the pressure on organizations to build a strong culture around data security, I would argue we are going to see the need for data value statements within the next 2-3 years.

infonomics
(more…)

 

 

The Critical Importance of Protecting Intellectual Property

Wednesday, September 16th, 2015

michael_osterman-ns

The value of intellectual property was $329 billion worldwide in 2013, accounting for 1.5% of the $22.2 trillion of the financial flows tracked by the World Trade Organization. In the United States, the $128 billion in intellectual property (royalty and licensing income) generated by US companies accounted for 5.6% of the $2.28 trillion in US exports, making intellectual property revenues second only to food and agriculture exports1. Moreover, given that organizations worldwide lose five percent of their revenue to fraud2, much of it attributable to the theft of intellectual property, protection of this content must be a top priority for any organization.

Osterman_blog

(more…)