Interviews

Women’s Security Society meet

by Mark Rowe

On a balmy June afternoon, over 100 Women’s Security Society (WSS) members and guests gathered at Nomura’s Thameside offices for the WSS’ conference Acting More Intelligently, Ellen Lovatt writes.

The focus of the conference was given additional weight as the phone hacking judgments were revealed in the days around the conference.

First we heard from WSS Board Member Rowena Fell (Associate Director at Merck Sharpe & Dohme) about Merck’s insider threat programme. Rowena has over 50 countries she is responsible for which leaves her with a lot of languages, time zones and cultures to navigate. The tips she shared about how Merck is addressing these issues through its programme gave everyone a lot to think about. In particular, everyone was very interested to hear about their ‘super hero’ themed employee education programme; having learnt the importance of training along with strong policies. In giving examples of insider threats, she highlighted that organisations can no longer rely on staff wheeling suitcases of files out the door and instead need to look out for staff uploading confidential information to the cloud or downloading it to a USB.

Then we were lucky enough to hear from John Bree, MD Corporate Security and Business Continuity at Deutsche Bank. He gave his definition of the insider threat and the vulnerability landscape. He also highlighted the importance of training and awareness, but also spoke about the importance of senior sponsorship and the need for the tone to be set from the top. As many organisations have realised, it’s not about doing only what’s legal, it’s about doing what’s right and is sustainable. In John’s own words: “The how is as important as the what.”

In discussing the [US retailer] Target breach, he reminded the audience of the need to manage vendors and all secondary processors throughout the vendor chain.

He reminded everyone that one size does not fit all and that we all need to focus on our own organisation’s insider threats, understand our own near misses, and identify patterns of behaviour and key indicators that can help us better understand the insider threat. He encouraged the audience to ask themselves every day what they can do better and, where possible, to work closely with local law enforcement agencies.

We were then privileged to hear from Professor Sadie Creese, who is working on the Corporate Insider Threat Detection Research Project at Oxford University.

She spoke about the lessons they are learning from their detection research. She explained that there had been a shift in the acceptance of corporations in admitting when they have been hacked, but that they still cannot accept the need to admit to an insider breach; as that is still deemed a loss of control. She also talked about red flags and the need to understand changes in the behaviour patterns of employees.

The research is considering both deliberate attacks and also accidental events. Their modelling approach is multi-layered, looking at what is i) conceptual, ii) feasible and iii) ethical and legal. They are developing a prototype detection system and also working on teaching materials to improve education and raising awareness of the insider threat, as their research has already shown that managers are unaware and unprepared for the insider threat. Sadie did, however, confirm that there are exceptions to this rule in the banking and energy sectors.

You could tell the audience will all be eagerly awaiting the final findings from the research project. Sadie’s final words of advice were that organisations should be seeking intelligence led cyber security

Based on the comments and advice of all the speakers, many members might be looking at staff who suddenly start arriving early and leaving late, or other employee ‘red flags’, a little differently …

These really informative talks were then followed by a very lively panel discussion on the issues raised in the talks, under the Chatham House rule. So if you want to be a party to these types of discussions, sign up to be a member (www.womensecuritysociety.co.uk) and join us at our next event.

Thanks again to Nomura for hosting us and providing us such a great space for the conference and to our sponsors for their continued support. In the words of one of the guests “This was the best event yet”. The WSS will no doubt strive to improve on that at the next one!

Related News

  • Interviews

    Guardians after GDPR

    by Mark Rowe

    Adam Mayer, Technical Product Marketing, at the data analytics company Qlik, writes that during his college years he was quite the Depeche…

  • Interviews

    The malicious four

    by Mark Rowe

    Malware; those malicious programs that can make life miserable by infecting your PC and Smartphone and, at worst, steal your money, is…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing