When Larry Ponemon tells you that something in his research on cybersecurity surprises him, it comes as a bit of a shock.
Is there anyone who has more insight on the issues our industry faces than he does?
Ponemon will be talking about those surprises as he kicks off SecureWorld Twin Cities on September 6, 2017. During his exclusive breakfast session, he will be sharing about a benchmark study he conducted on the "Insider Threat" your company faces. And that's where his findings were inconsistent with what he expected.
Dr. Ponemon's research revealed that many companies actually make a decision to discount red flags involving current employees and insider threats.
"We found that companies err on the side of goodness. They don't want to accuse somebody without full evidence of a crime, so they write it off as negligence," he told SecureWorld.
"And we discovered insider threats are not viewed as seriously as external threats, like a cyber attack. But when companies had an insider threat, in general, they were much more costly than external incidents. This was largely because the insider that is smart has the skills to hide the crime, for months, for years, sometimes forever."
That finding reminds us of our recent story about the Columbia Sportswear IT Director charged with setting up an alias account so he could secretly hack the company's network.
Ponemon on changing role of the CISO
Dr. Ponemon will also be delivering the opening mainstage keynote at SecureWorld Twin Cities on "The Evolving Role of the CISOs and Their Importance to the Business," and his research in this area will offer powerful insights for information security executives who are on the rise.
"The most prominent CISOs, now, still have a good technical foundation but they really excel in other areas so they can converse with C-level executives. Many are communicating to the top, with a direct line if they need it, to the CEO. And often with responsibility to present to the board."
He says another trend his Ponemon Institute is finding is that individual lines of business are starting to hold more of their own risk, with the CISO in a coaching role.
And he'll also be talking about the increased pressure on CISOs as they face major assurance and compliance issues, particularly in light of GDPR and a tough new law in the state of New York that may be an indication of where things are headed in other states.
Dr. Ponemon's research will be a fantastic start to the SecureWorld cybersecurity conference in Minneapolis. Thank you to our Advisory Council members who have helped build an incredible agenda for information security executives in the region. Here is the complete agenda.
You can see admission details and register here for the first annual SecureWorld Twin Cities.
