big corporations, cyber-security mistakes
The inside job
Click below if you prefer to listen.

Episode #25

Your Security Boost

Free guidance checklist: Protection Compass for business owners & decision makers
Securing a high-stake facility has specific requirements.

As a start let’s clarify what is considered a high-stake facility. A safety critical infrastructure is a term used mostly by governments to describe the kind of facility that if something goes wrong the safety and/or well-being of masses will be affected negatively. That is a wide term including facilities related to:
• the world or state economy
• a country’s’ protection and interests
• facilities related to public protection such as police, agencies: CIA, NSA, Europol, Interpol, civil defense etc
• mass transportation mediums such as airplanes and ships
• nuclear facilities
• NASA and European Space Agency
• Chemical facilities
• Weapon manufacturers
• Financial institutions controlling worldwide economy
• High-tech companies with cutting-edge technology
• Top 500 companies or businesses with billions in revenue

Obviously, this is not an exhaustive list and you might wonder why I have included some of the aforementioned as examples for safety critical infrastructures when the classic term does not include them. Well, terms in technology must be revisited and I always base my professional opinion on custom evaluation of the impact in the worst-case scenario.
The most important thing to remember is that for such facilities it is crucial for their security to be outstanding. From design, to implementation, to operation and control the security must be close to spotless. That is because their threat level is extremely high.

Today thought I would like to focus to just one component for such facilities which is the most essential; people. Something that is considerable even in lower threat facilities and businesses, but its impact is lower as well so while scaling up in threat level we must step up our game plan for the insiders’ selection.

Want a little help?
cyber-security approach, philosophy, business, protection
Obviously, this is not an exhaustive list and you might wonder why I have included some of the aforementioned as examples for safety critical infrastructures when the classic term does not include them. Well, terms in technology must be revisited and I always base my professional opinion on custom evaluation of the impact in the worst-case scenario.
The most important thing to remember is that for such facilities it is crucial for their security to be outstanding. From design, to implementation, to operation and control the security must be close to spotless. That is because their threat level is extremely high.

Today thought I would like to focus to just one component for such facilities which is the most essential; people. Something that is considerable even in lower threat facilities and businesses, but its impact is lower as well so while scaling up in threat level we must step up our game plan for the insiders’ selection.

The selection of people must be strategic for two reasons:
1) To increase the effectiveness of protection based on their skills, expertise and experience and
2) Most importantly minimize or avoid the intrusion of attackers with inside knowledge especially on essential departments functioning protection inside the facility. It is a common pattern for attackers to try to penetrate in the very early stages of the facility establishment as the security is still under progress, they will be able to leave on purpose security holes or even discover security holes created by mistake, critical information can be in plain side especially if essential departments do not function properly or do not have full control which is a common scenario.

Evaluating people’s threat level for the business is an artful process as you will need to build their profile bit by bit and on a continues base. An essential part in this process is going to be a good relationship establishment with the local and international police and establishing assets as informants.

You think I am overreacting?

Let me tell you a secret. No matter how secure your facility is, the people who will design it, set it up, operate it and their ability to evaluate the threat level, select the right people, compartmentize information for the remaining of the staff is a non- negotiable for your facility’s protection.

Just keep in mind that if you fall in the category of safety critical infrastructures you have a responsibility to select the right people and at the same time you protect your facility survival. Security has become the most valuable asset for business survival.

One last thing, stress is not one of the characteristics of the right security professional. At the times they must perform more, which is basically always, they must be able to have a clear head and perform to the fullest of their capabilities. I believe the best way it has been described was by Will Smith. He said, and I quote, “You must realize that the point of maximum danger is the point of minimum fear”. When you are protecting safety critical facilities you have already established familiarity with risk and fear does not exist in your vocabulary.

You must realize that the point of maximum danger is the point of minimum fear. Will Smith Click To Tweet
Over to you now.
1) How important do you believe it is the selection of all of your insiders for your business protection and survival?
2) What measures would you consider essential to establish better control over your business protection from insiders with malicious purposes?
Apply what you learn immediately.
cyber-security approach, philosophy, business, protection
RELATED POSTS:

Subscribe

and get the latest updates

1 Comment

  1. George Nicolaou
    George Nicolaou on December 1, 2018 at 8:14 pm

    The most high profile attacks are an inside job. Nice read thanks.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *