Phy-gital Roundtable: Breakfast Roundup from Germany and Netherlands

02 May '15 | Debjyoti Paul

German Shoppers: Meet Them in the Fast Lane to Phy-gital

15 January '15 | Ralf Reich

Shoppers Will Share Personal Information (But They Don’t Want to be “Friends”)

15 January '15 | Anil Venkat

Modernize or Perish: Property and Casualty Insurers and IT Solutions

14 January '15 | Manesh Rajendran

Benelux Reaches the Phy-gital Tipping Point: Omnichannel Readiness is Crucial

13 January '15 | Anil Gandharve

The New Omnichannel Dynamic: Finding Core Principles Across Industries

13 January '15 | Debjyoti Paul

Technology does not disrupt business – CIO day 2014 Roundup

02 December '14 | Anshuman Singh

Apple Pay – The Best Is Yet To Come

02 December '14 | Indy Sawhney

Digital transformation is a business transformation enabled by technology

01 December '14 | Amit Varma

3 Stages of FATCA Testing and Quality Assurance

06 October '14 | Raman Suprajarama

3 Reasons why Apple Pay could dominate the payments space

18 September '14 | Gaurav Johri

Beacon of Hope: Serving Growth and Customer Satisfaction

05 August '14 | Debjyoti Paul

The Dos and Don’ts of Emerging Technologies Like iBeacon

30 July '14 | Debjyoti Paul

What You Sold Us On – eCommerce Award Finalist Selections

17 July '14 | Anshuman Singh

3 Steps to Getting Started with Microsoft Azure Cloud Services

04 June '14 | Koushik Ramani

8 Steps to Building a Successful Self Service Portal

03 June '14 | Giridhar LV

Innovation outsourced – a myth or a mirage or a truth staring at us?

13 January '14 | Ramesh Hosahalli

What does a mobile user want?

03 January '14 | Gopikrishna Aravindan

Think Again – It’s about Security

Posted on: 26 March '10

My experiences of meeting with CIOs, CISOs and Heads of Information Security & Compliance of large and mid-sized Enterprises internationally in the past six months, reveals a distinct trend.

Although IT budgets are no longer what they once boasted, the Security spend seems to have continued more or less unabated. However, one aspect that has not remained constant is the answer to the quintessential question, “What keeps you awake at night?” I’ve been probing this very issue and it has been quite surprising to listen in with one’s ear to the ground, especially from CIOs who have a large staff in their organization, across both Public and Private Sectors.

It is not what you would expect. The ominous, external threat landscape ranks in the Top Five on their list, but it is not necessarily top most on the CIO’s agenda. The real threat is from the Inside. It is about their own internal staff, which in their own words is in desperate need for continuing security awareness education.

Security has long since become a means to resolve a business problem. Increasingly, Business Intelligence and Analytics are creating avenues to solve Security problems. This can be illustrated with a simple example. Let’s say you are the CIO of an organization that has over 50,000 employees for whom you are responsible. And you are paranoid about all the possibilities that make your systems and network vulnerable as a result of either unintentional or possibly malicious reasons. What do you do?

One large Government agency has found that the solution is actually in Business Analytics. Every day, when the employees (no matter whether she is a contractor, an entry level appointee or the CEO) turns on her laptop, desktop or workstation, a series of questions pop up on her screen that necessarily need to be answered, before she is allowed to log in. Moreover, these questions are targeted specifically to the role and responsibility of the individual, and would therefore vary greatly, depending upon function. The input information is tracked and analyzed by the Business Intelligence tool. If the employee is not able to answer more than 80% correctly, she is asked to enroll in a Security Awareness Training session.

This is Security 101 at its most optimum. From a place where the problems seemed intractable, the organization has now put a process and system in place that makes continuous security education self-sustained. And the best part is that the entire process is completely automated resulting in increased security, while lowering the total cost of ownership. This is an example of Business Analytics & Intelligence solving a continuous security awareness education problem that in turn solves a huge business issue.

Insider attacks constitute as much as 80% of all Internet and computer related exploits. A recent transatlantic survey in two major International cities revealed some staggering statistics! The sustained global recession and the need for a competitive edge were the primary triggers that caused employees and contractors to engage in such behavior.

  • Geetha

    Thank you for this very informative post.

    The stiff test undertaken by each and every employee at the time of logging in every morning is a great idea especially because the questions that pop up are role-based. This role-based access control exercise done on a daily basis should definitely be more effective in ensuring sustained security awareness than clearing a ‘mandatory online security awareness course’ done as an annual exercise?

    Thanks and regards,

    Geetha