According to a report conducted by Ari Kaplan Advisors titled Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices,
data security officers are beginning to have more influence at their organizations, and the majority of these individuals are focusing on internal threats to their networks. “We had in-depth conversations with chief information security officers and directors from Fortune 500 and Fortune 1000 companies about the dynamic nature of security and how their role is adapting,” said Ari Kaplan, the report’s author and principal researcher. “Security leaders now have a much more influential seat at the table, partly because of the public nature of breaches and the lack of information security.” Additionally, the report found that since last year, the focus has shifted from external threats to internal threats. About 75 percent of respondents reported they have insider threat policies in place, and employees were almost universally viewed as the most vulnerable link in the information security chain. The most effective tool to strengthen this link, most respondents believed, was training. About 70 percent of respondent organizations offer employee training to minimize risk. “We’re seeing a lot more hands-on training, employee monitoring, and testing to address the issue,” said Kaplan.