As September is National Insider Threat Awareness Month, there is no better time than the present to seriously reconsider how we educate America’s next generation of business leaders about these critical intelligence issues. As we wait on MBA programs to catch up to America’s new geopolitical reality, these are the three most important issues business schools, early stage entrepreneurs, and even seasoned pros should consider as they protect their life’s work.

Senior risk and compliance professionals within financial services company’s lack confidence in the security data they are providing to regulators, according to Panaseer's 2020 GRC Peer Report. Results from a global external survey of over 200+ GRC leaders* reveal concerns on data accuracy, request overload, resource-heavy processes and lack of end-to-end automation.

To understand current cloud infrastructure (IaaS) utilization and management practices, SailPoint, in partnership with dimensional research, surveyed executives and governance professionals who are directly involved with IaaS compliance and governance. The report reviews the global research survey which investigates current issues, risks, and challenges with IaaS environments as well as the tools used to manage access and governance of those environments.  In addition, the report found that a large majority (74%) of companies use more than one IaaS provider, with some companies reporting using as many as seven and eight – which can lead to significant security issues.

In a 360-degree virtual tour of Long View Gallery in Washington D.C., ASIS announced its Awards of Excellence Friday afternoon to conclude the 2020 GSX+ virtual conference. The Outstanding Performance Security Awards (OSPAs) were also announced at this time.

Recently, broader social dynamics, related to gender and nationality, in particular, are shaping the activity of cybercriminal forums. Digital Shadows explored this trend in a new analysis blog, "Unpicking Cybercriminals’ Personalities - Part 1: Gender and Nationality," that looks at how the dynamics of gender and nationality play out in cybercriminal forums and how it’s shaping cybercrime trends as a result. 

Now more than ever, government policy makers need to focus resources; allowing law enforcement to focus on the core duties and responsibilities of law enforcement officers. And industries like ours, need to be creative in developing solutions to support them in this effort. The physical security industry supports law enforcement and when private security works in partnership with law enforcement, police officers have more time to focus on preventing and solving crimes.

Lance Dubsky was named chief security officer at Quintillion. Dubsky is charged with ensuring the company's current corporate, physical, and cybersecurity, as well as positioning Quintillion to support a secure U.S. Arctic.  

The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently issued a Risk Alert (the “Alert”) discussing cybersecurity observations from its examinations over time. The Alert did not state the time period of examinations included; however, OCIE has conducted several cybersecurity targeted exams over recent years.

In fact, HIPAA penalties do distinguish degrees of “not knowing,” yet that doesn’t mean - like the traffic violation above - that a hefty fine still won’t land in your lap. Can your company deal with even a $50,000 (per violation) hit to the pocket book? Here’s the breakdown of potential penalties per OCR (Office of Civil Rights) discretion, as noted in the HIPAA Journal.