Insider threats get a lot of press, and deservedly so. Different studies have shown just how dangerous the insider threat is. Almost every organization is vulnerable to employee error or maliciousness.
However, employees aren’t your only “insider” problem. Third-party vendors can wreak havoc on any company’s security – just ask Target about that – and IT leaders are concerned about the security risks that third parties pose, according to a new Enterprise Strategy Group survey commissioned by Seclore.
In the executive summary, ESG discussed the reasons why IT departments have these concerns. Two that jumped out at me included:
When Was the Last Time You Practiced Your Plan?
Plenty of companies have some sort of emergency plan in place and even a few of those practice the plan on a regular basis with their employees. Yet, nearly 60 percent of American adults say they have never practiced what to do in a disaster at work, school, or home in the past year.
Even those companies who do have a plan in place often find their plan was completely insufficient in the event of an actual emergency. What is the problem? We all know it’s important but we mostly believe it won’t happen to us and if it did, we’d know what to do. That simply is not the case. As we’ve all been warned, “it’s not a matter of if; it’s a matter of when.”
Critical events come in all forms: fire, natural disasters, power outages, IT outages, hazardous chemical spills, terrorism, work and school shootings, hostage situations, bomb threats, and structural failures. Did I leave anything out? Likely so. I list these not to scare, but to illustrate how many things could go wrong and why it’s so critical to have an emergency notification system in place, practiced, and understood.
Inadequate infrastructure and weak logistic chains substantially increase the risk that an extreme natural event will become a disaster. This is a core finding of the World Risk Report 2016, produced by the Institute for Environment and Human Security at the United Nations University and the Bündnis Entwicklung Hilft – Gemeinsam für Menschen in Not, in cooperation with the University of Stuttgart.
Nature cannot be controlled and humans can only influence to a limited degree whether, and with what intensity, natural events are to occur. But they can take precautions to help prevent a natural event from becoming a disaster. It is this vulnerability of a society that forms the basis for the World Risk Index, which calculates the disaster risk by multiplying vulnerability with exposure to natural hazards (cyclones, droughts, earthquakes, foods, and sea-level rise). This risk is especially high wherever natural events hit vulnerable societies. While a low level of vulnerability is not a guaranteed protection against disasters, it can reduce the risk.
“Societal factors, such as nutrition, medical services and governance, decide to a large extent whether a natural hazard becomes a disaster,” said Dr. Torsten Welle, Senior Scientist at IREUS. “But through targeted interventions the impacts of disasters can be reduced and important lessons can be learned from recognized weaknesses.”
The index assesses the risk of disaster in 171 countries and the island state of Vanuatu once again displays the greatest risk. The United Kingdom comes in at 131st place, while the United States is 127th, Canada is 145th and Australia is 121st.
The top ten countries with the highest risk according to the report are:
- Solomon Islands
- Brunei Darussalam
- Costa Rica
- Papua New Guinea
The top ten countries with the lowest risk according to the report are:
- Saudi Arabia
- United Arab Emirates
The risk of disasters remains high in 2016. From 1980 onwards, a significant increase was recorded in the number of reported disaster events worldwide. Estimated damage levels continue to reach new peaks. And while this trend has been on a downward trajectory since 2012, this could change at any time. The 2015 statistics are a stark reminder that there is still an urgent need for action despite this decline: The United Nations recorded 346 reported disasters, more than 22,000 deaths, almost 100 million affected persons and economic damage totalling approximately US $66.5 billion.
Do you know what those three action verbs are referring to? No, that’s not a playground game.
Those three verbs are what may save your life when an Active Shooter is in your vicinity. They are what the FBI and DHS recommend as to how to respond in that type of situation. If you didn’t immediately know what they were, then someone in your organization has not trained your fellow employees for this type of incident.
But, wait. Whose responsibility is it to train your organization’s employees? Most companies recognize Active Shooter as one of their top threats but they have not prepared for this scenario. So as Business Continuity professionals, should you take a wait and see attitude – wait for Human Resources to add a mandatory brief video to their training programs and hope that this will be enough? Obviously not.
As a Business Continuity professional, you have plans in place to deal with managing risks. But did you consider an Active Shooter?
Partnership will extend LANDESK’s IT asset management to manage and optimise complex server- and data centre-based enterprise products
LONDON – LANDESK, a global leader in user-cantered IT solutions, today announced that it has entered into an OEM agreement with Concorde, a recognised leader in software license optimisation. This will complement LANDESK’s IT asset management (ITAM) suite. The agreement extends LANDESK’s endpoint software asset management to encompass complicated server license models that run in the data centre. The combined solution will empower asset managers to more effectively manage their entire asset estate.
“Concorde’s license optimisation technology will extend the capabilities of the LANDESK ITAM suite by providing additional entitlement management and decision modeling to help our customers better determine their effective license position,” said Steve Workman, vice president of corporate strategy at LANDESK. “This partnership joins Concorde’s software licensing expertise to LANDESK’s proven discovery and endpoint asset management capabilities, a collaboration that will deliver industry-leading IT and software asset management.”
The addition of Concorde technology to LANDESK’s ITAM suite will help customers better understand complex, server-based enterprise products like those offered by Oracle, Microsoft, VMware and IBM. These kinds of products can be difficult to track due to the transitory nature of virtual machines, the complexity of vendors’ license agreements and the frequency of changes to license terms and conditions. In combination with LANDESK ITAM suite, Concorde’s technology will provide transformational insights into server-side applications, which helps organisations optimise spend across client and data centre applications, minimise the impact of audits and make budget cycles more predictable.
“Concorde’s proven SaaS platform complements LANDESK’s comprehensive approach to IT asset management,” said Phil Merson, CEO of Concorde. “Our OEM agreement with LANDESK provides a new opportunity to bring a world-class approach to SAM, expanding the LANDESK product suite. We recognise that enterprise organisations are looking for solutions, not just point tools. Our agreement extends both offerings to give customers better visibility and control to manage their software investments.”
For more information, please visit www.landesk.com.
LANDESK is the global authority on user-centred IT. By integrating and automating IT tasks, LANDESK helps organisations balance rapidly-evolving user requirements with the need to secure critical assets and data. LANDESK is headquartered in Salt Lake City, UT, and has offices all over the world. To learn more, visit www.landesk.com.
Copyright © 2016, LANDESK. All rights reserved.