"Professionals like me now understand that we are the ambassadors for ethical behavior and should actively encourage other employees to adhere to it," says Alessandro Moretti, a senior risk and security executive.
People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees - and educate them, as well - to thwart a potential threat from within.
"It's a crime like no other crime," says James Ratley, president of the ACFE, describing fraud. "There was not a gun involved, there was not a knife; there was in many cases a ballpoint pen or a computer."
Bringing Your Own Device raises jitters among employers, who worry about exposing or losing sensitive data, and employees, who fret about their bosses spying on them. Despite these anxieties, the trend will continue because that's what people want.
Five years ago, the Council of Registered Ethical Security Testers began as an organization to bring standardization to the penetration testing industry. Today, CREST's scope is expanding across industries and global regions, says president Ian Glover.
Improved collaboration and communication between small businesses and financial institutions is the first step toward improving online security, says Mark Patterson, an ACH fraud victim. What else would help?
Security managers need the heads up from non-IT executives before they dismiss employees, some of whom might seek payback for their sacking by pilfering data or sabotaging systems, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.
Cybersecurity Coordinator Howard Schmidt recognizes the need to battle online piracy to protect U.S. intellectual property but contends legislation before Congress to do just that would unacceptably curtail Internet freedom and increase cybersecurity risks.