Industrial Security. Especially the cyber kind. My inbox attracts several messages each day.
Last July I began to think that people were ignoring me. Few press releases, announcements, interviews. It was a quiet time.
I really don’t have any list of product announcements or new companies. But I thought that I’d pass along an awareness to pay attention to your cyber security risks, policies, mitigations, and counter measures.
Most of the announcements have come in the guise of “our CEO can address the new threats on industrial control systems”.
Remember when there were 3-4 places to go for industrial cyber security help?
Not so. These days there are many. The interesting ones to watch are several from Israel founded by former Israeli army intelligence officers.
There is a product and/or strategy to fit every conceivable type of threat. Part of your risk analysis needs to be a thorough evaluation of all the new ideas and companies.
Unfortunately, the number one risk continues to be people. Your people. Usually it’s carelessness. For example last winter I was in a conversation with two security product marketing managers for a large company. Each had just been slapped on the wrist (or something) for clicking on a link in a bogus email. It is just so easy.
Clicking links, opening files, not being careful with Flash, inserting USB drives, letting a contractor take a laptop home…
Most companies have policies on terminated employees–whether through downsizing or due to cause. You need to treat people with respect. Even someone terminated for cause doesn’t need a quite public “perp walk.”
However, you do need to make sure there is no network access after termination. IT must move in and change passwords immediately. Check out remote network access they might have.
I am no expert, but I have experience with employees and common sense. Be careful, take your time, think it through.
Protect those assets.