1. How Lockheed Martin, Cisco and PWC manage cybersecurity

    Cybersecurity remains a top priority for companies in all industries. The reason is clear. Criminals and other parties have access to inexpensive tools and training to attack companies and governments. The New York Times reported on the rise of ransomware earlier in 2015. This type of malicious software encrypts a user’s data and demands a payment to release it (or the data will be destroyed).

    Read Full Article

    1. At Cisco, we have comprehensive training program that addresses information security.
    2. Annual training and computer based testing is a key part of our practice to equip our staff with the skills to detect and avoid phishing and similar information security threats.
    3. Many phishing emails today use code, images and other material lifted directly from a company's website so they appear to be legitimate.
    4. At Lockheed Martin, our security approach includes monitoring for high risk behavior flags. These flags are then investigated by a specialized team. For example, if an employee suddenly starts logging into the company network at 3am where they previously never did so, that would raise a flag.
    5. There's a huge war for cyber security talent.
    6. I see a lot of organizations that tend to prefer hiring highly experienced security professionals. I prefer a diverse approach that includes bringing new graduates into the organization who can learn from and share with our experienced professionals.
    7. In managing vendors and third parties, the best approach is to request a SOC2 report where an independent party conducts a thorough assessment of security, privacy or other points.
    8. If a SOC2 approach is not feasible, there are two other alternatives: using a right to audit clause in the contract and questionnaires.
  2. Authors