A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Employees’ Contribution to Breach of Trust Breadcrumb Home Insights Blog Employees’ Contribution to Breach of Trust April 26, 2018 Employees’ Contribution to Breach of Trust This is a follow up article to our earlier blog post, Thoughts on Breach of Trust vs. Breach of Security. In his Optiv blog article, Mitch Powers stated that 1 in 5 employees would be willing to sell their password to an outside party. Is this a potential contributor to a breach of trust between organizations? Could such employees be identified prior to or during employment? In my opinion, the 20 percent who would sell out their employer could be easily identified. The best strategy, in my opinion, is to get some good references, and use LinkedIn and other means to identify other references who can provide an unvarnished opinion of a candidate. Possibly a personality test of some kind might help identify key characteristics. Part of the problem is this: Employees, when they leave an organization, most often leave their manager. So it could be that single relationship that is the culprit - so a manager's skills and personality may also be a contributor. Next, it's likely that some employees break their loyalty with the organization when the organization makes moves to break loyalty with them. For instance, if a company changes policies in a negative way, or changes compensation plans in a negative way, employees may feel undervalued and they may lose their sense of loyalty to the company. Finally, personal circumstances may play a role. For example, an employee could enter a period of financial hardship that could alter their behavior out of simple desperation. For this reason, some organizations conduct periodic background investigations on employees in high-risk positions in order to better understand whether they remain a low risk. Fortunately, employers are not simply helpless here. Organizations can perform broad and/or focused risk assessments to discover weaknesses in processes and technologies; this can provide opportunities to create, strengthen, or fix controls. Next, organizations can perform threat modeling on specific systems and processes to see could go wrong; this too can provide improvement opportunities. Here's an example. An organization is fearful that employees might, consciously or not, give up login credentials to an unauthorized party. This actually happens quite often, mostly through credential-stealing malware, some of which is so advanced that it remains undetected even when anti-virus programs are up to date and operating properly. In this situation, multi-factor authentication (MFA) is a common remedy. In organizations that are sensitive to the minor inconvenience that MFA imposes on its users, adaptive authentication can be implemented. This examines the login session more carefully and decides when stronger authentication is called for – like if the login comes from a location far away from the place where the last successful authentication occurred. Trust can be earned and lost, but it can also be verified. While employees are sometimes the weak link, key activities can be adjusted (sometimes without end user awareness) in order to provide organizations with added confidence that individuals are continuing to practice sound judgment. By: Peter Gregory Director, Information Security Peter Gregory is a director in Optiv's Office of the CISO. He is a leading security technologist and strategist with a long professional history of advancing security technology, compliance and risk management at all levels of corporate culture. He has published more than 40 books and authored more than 30 articles for leading trade publications in print and online. Share: Customer Relationships SecOps
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services