This week in the Leadership Articles segment of Business Security Weekly, Matt Alderman, Paul Asadoorian and Jason Albuquerque cover the following articles: Unexpected Companies Produce Some of the Best CEOs, Security Think Tank: Hero or villain? Creating a no-blame culture, How Corporate Cultures Differ Around the World, The Guy Who Invented Inbox Zero Says We're All Doing It Wrong, Enterprise-scale companies adopting Azure over AWS, Goldman Sachs finds, and Forrester: Insider threats and employee rights strike tension.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Unexpected Companies Produce Some of the Best CEOs - About 10% of S&P 500 companies change CEOs annually. Historically, GE, IBM, P&G, and McKinsey have been viewed as CEO factories, but not now. Now, it's estimate there are over a dozen “stealth CEO factories” across a range of industries and geographies; these include Medtronic, Rohm and Haas, and Danaher Corporation. Three practices stand out as especially important in the success of these stealth CEO factories:
Give leaders broad authority.
Encourage them to think like CEOs.
Challenge strong performers early with big opportunities.
Security Think Tank: Hero or villain? Creating a no-blame culture - In the general business IT world, all too often the end-user is identified as the point of blame for an intrusion, resulting in a culture of fear with people afraid to report anything suspicious, especially if they have clicked on a link they shouldn’t have. If there is one thing we should have learned, it is that nobody is immune to social engineering. As a general rule, don’t blame people who honestly get things wrong. Listen and respond positively to reports of suspicious incidents and provide feedback. Peer pressure should eventually call out those who just won’t behave properly.
Caring and results were the most salient culture attributes across respondents’ organizations, reflecting an orientation toward collaboration and achievement in the workplace.
Authority and enjoyment ranked lowest overall, indicating that decisiveness and spontaneity were lower priorities.
Differences by region:
Organizations in Africa exhibited substantial flexibility. Many organizations in this region were characterized by learning and purpose, indicating an openness toward change through innovation, agility, and an appreciation for diversity.
Many firms in Eastern Europe and the Middle East were characterized by a strong degree of stability. An emphasis on safety was prevalent in these regions, revealing the prioritization of preparedness and business continuity.
Firms in Western Europe and in North and South America leaned toward a high level of independence.
Firms in Asia, Australia and New Zealand were more likely to be characterized by interdependence and coordination.
Employers should balance the need to eliminate insider data threats with protecting employees' privacy
In 2015, insiders caused 26% of the data breaches in the respondents' organizations, a statistic that rose to 48% in 2019.
Employers can have a successful insider threat program by openly communicating the program and IT rules with employees, clearly defining the program's objectives, letting employees know their part in security and avoiding the prioritization of security over productivity
[caption id="attachment_210" align="alignleft" width="120"] Jason Albuquerque - CIO & CSO[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Matt Alderman - CEO[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Paul Asadoorian - Founder & CTO[/caption]
Our next webcast is January 15th with Cecilia Marinier, RSAC Program Director, Innovation & Scholars where we will discuss RSAC Sandbox, RSAC Innovation Sandbox, RSAC Launch Pad, RSAC Security Scholar and their "How to” Seminar for Innovators and Entrepreneurs! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and using our code to register!