Skip to main content

Featured

What Motivates Young Cybercriminals?

In the world of cybercrimes, the majority of cybercriminals always seek financial gain, but this is not the primary motivation. Aside from the advanced sophistication of state-sponsored incidences, the young cybercriminal venturing into the dark side boils down to their ego. Adolescent criminals seek out recognition among their peers eager for a sense of success in an effort to prove themselves.

Many seek out popularity within internet hacking communities driven by a feeling of accomplishment they compromised a target. This provides them with a rush, a demeanor to develop their skills further becoming tragically involved with organized crime immersed in their addictive and dangerous sphere of influence.

Others find inadequate employment opportunities and thus are lured into the dark side to learn a skill as a matter of survival by participating in online hacking groups. They are easy prey for organized crime and state-sponsored groups to recruit indoctrinating them into …

Don’t Let Organizational Politics Derail Security Initiatives


Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly.

Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not align with the organization’s political culture. Such an environment makes it extremely difficult to manage these initiatives. Security teams must recognize the obstacles they face and work to gain buy-in from key stakeholders.

The Problem With Organizational Politics

Denial can impede IT efforts — especially when C-suite executives are insulated from the realities of the security landscape. In many cases, when executives say that security is not in the budget, they simply mean that it is not on their radar and, therefore, doesn’t matter.

Other obstacles include hidden agendas and power struggles that prevent employees from sharing information with others. For example, some employees might withhold information as a tactic to ensure job security, while another staffer might use it as an organizational currency to buy influence. Chief information security officers (CISOs) may encounter this behavior during red on blue exercises when red team members refuse to divulge vulnerability test results to the security operations center (SOC) team, or at the very least aren’t totally forthcoming about their exploits.

Pushing the Right Buttons

No department is immune to the effects of organizational politics. Security professionals must thoroughly understand the political landscape and devise more effective ways to communicate risks to C-level executives. This communication must occur in business terms with a focus on the end business goals.

To successfully navigate organizational politics, IT professionals must gain their colleagues’ trust, which takes time. Start by forming personal connections with fellow employees or subordinates. People have their own individual interests and concerns, and leveraging them can go a long way toward building positive rapport.

The bottom line is that if IT professionals have the organization’s best interest in mind, executives and other stakeholders are less likely to question their motives. This trust enables them to foster alliances and more effectively advocate for security. The CISO can take it a step further by acting as a mediator to help employees in other departments find common ground when disagreements arise.
Organizational politics require security professionals to be adaptable. As executives and employees come and go, the political landscape shifts accordingly. The key is to understand what you’re up against and use your experience to keep security top of mind throughout the enterprise.