Threats arising from cyberspace pose risks to both VIP individuals and the companies they associate with. Executive and VIP protection has traditionally been associated with physical security, but today, criminals target VIPs to gain access to high-value assets, to impersonate them in phishing campaigns (spear phishing attacks) or use their names and data in other fraudulent activities.
Cybersecurity managers must understand how company leadership is organised around security. They have to understand how the company leadership structure works and recognise that security is everyone’s concern—not a separate function relegated to a select few.
Risk is inherent in every decision that a person makes in life. When you cross the street, you might be run over by a bus. Eat at a restaurant, you might get food poisoning. Risk is everywhere, especially in business. In this article, we’ll look at different methods for understanding and communicating those risks, especially in the face of resistance.
Before the cloud, everyone had his or her own little medieval IT castle—the data centre. Much like a real castle, it had a perimeter wall (network edge), a gate with guards who allowed or blocked access (firewall) and different defence zones within the walls (network segments). It was pretty simple to identify liabilities—they came from the guys trying to ram in the castle door.
When hiring a new employee, most companies fail to do the most basic security checks. They usually don’t even check the applicant’s official ID. So really, the person showing up for work could be anybody.
Most companies also fail to verify the applicant’s claims. Many, if not most, of the CVs that companies receive don’t accurately reflect the truth. They aren’t necessarily fake, and there’s some truth to most of them, but CVs sometimes exaggerate or misrepresent a candidate’s experiences.
Cybersecurity managers spend a lot of time thinking about when, and how, to deny or allow entry to certain systems or resources, from digital access points or physical entryways like IT systems, cloud services, elevators, and even doors. Access control is an essential element of security.