Sage Advice - Cybersecurity Blog

Four Cybersecurity Myths Organizations Need to Bust

In today’s threat environment, we can count on the fact that there will be more spectacular breaches to come. The bad guys will always get in. It’s time to acknowledge that reality and take action.

In our experience, many organizations who are just getting started on their path to cyber resiliency have a few misconceptions when it comes to cybersecurity. These myths must be busted in order for organizations to defend themselves against the risks they face. Here are four of the most common myths that must be busted.

Read More

Topics: Security Policy, Cybersecurity Culture

How to Detect and Respond to Insider Threats

It’s not always easy to determine when your data has been compromised by an insider. When someone has approved access to sensitive data, and it's part of their job to use that data, how can you tell if something bad is happening?

Read More

Topics: Cybersecurity Culture, Cyber Defense

Tips to Avoid the Insider Threat

Even environments with the most mature perimeter defenses are at risk of insider threats. Whether from malicious intent, carelessness, or clicking on a phishing email, the result is the same. Your sensitive data is exposed. The good news is that there are things you can do to deter, and in some cases prevent, insiders from compromising your network.

Read More

Topics: Cybersecurity Culture, Cyber Defense

Identifying the Malicious Insider Threat

The majority of incidents caused by insiders are the result of employee / contractor negligence or just an honest mistake. But some are of malicious intent. For example, this benchmark study, found that 22% of insider-related incidents were caused by a criminal insider. It's still important to be aware of this type of threat though because they are typically very difficult to detect and often take a long time to discover. And the longer it takes to detect a data breach or leak, the more costly it can be for your organization.

Read More

Topics: Cybersecurity Culture, Cyber Defense

Cybersecurity and the Insider Threat

Ever since Edward Snowden walked out of the National Security Agency (NSA) with a treasure trove of classified information, the threat posed to corporate data from an inside attack has been widely accepted. Today, study after study show that insiders pose a significant cybersecurity threat, reporting statistics like: 

Read More

Topics: Cybersecurity Culture, Cyber Defense

Creating a Cybersecurity Culture Part 5: Practice Matters

So you’re well on your way to creating a cybersecurity culture in your organization. You’ve built a foundation of institutional knowledge, and you’ve carefully considered how people, process, and technology play a role. But there’s one more element to think about, and that’s testing. Actually not just testing, practice is also important. One of our security advisors often says, “You can’t think your way into playing the piano.” Practice will help you achieve cybersecurity resilience.

Read More

Topics: Cybersecurity Culture

Creating a Cybersecurity Culture Part 4: Technology

Bill Gates once said, “The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.” In terms of a cybersecurity culture this couldn’t be more true.

Read More

Topics: Cybersecurity Culture

Creating a Cybersecurity Culture Part 3: Process

When building a Cybersecurity Culture, process plays an integral role. Every process should include learning, improvement, and accountability touch-points, as well as provide end-to-end corroboration of the function it represents.

Let’s review what this looks like in practice.

Read More

Topics: Cybersecurity Culture

Creating a Cybersecurity Culture Part 2: People First

Building a Cybersecurity Culture is important in our current threat environment. It can ensure that an incident only causes a minor interruption to business-as-usual – not a major disruption (or worse).  Cybersecurity is made up of three important elements – people, process, and technology – and each must be developed for a cybersecurity culture to endure. In part two of our blog series we’ll look at how people fit into a Cybersecurity Culture. There’s a tendency to get into an IT-first conversation, when discussing cybersecurity, but it’s really a people-first conversation. Without people there would be no culture, and nothing to protect. 

Read More

Topics: Cybersecurity Culture

Creating a Cybersecurity Culture Part 1: Institutional Memory

In the current cyber threat environment, organizations must be vigilant. Vigilance begins with preparation. Being prepared starts with being aware. To be successful, you need to develop cybersecurity awareness throughout your entire organization, which leads to institutional practices that support the secure execution of your business strategy. You need to create a culture of cybersecurity.

Read More

Topics: Security Policy, Cybersecurity Culture