Skip to main content

Featured

How Cybercriminals Weaponize Social Media

In the era of social media, cybercriminals and state actors use these networks to monitor various social events such as protests, elections, and natural disasters.  These bad actors commonly employ crowdsourcing techniques to obtain critical intelligence into ongoing cyber attacks. It is one of their primary real-time monitoring dashboards to gauge the effectiveness of their attacks such as data breaches, account hijacking, cyber propaganda and a host of other attacks.
These attacks are well coordinated and overwhelming that bear the hallmarks state actors are behind most of the malicious activities.  For example, attacks against the social media networks that have a large user base such as LinkedIn, Facebook, Twitter, and Instagram are common. 

Researchers have described social media as a modern-day electronic lynch mob. For instance, any insignificant local story suddenly becomes viral where millions of people distort the facts drumming it up with the virtues or evils of partisan poli…

Don’t Let Organizational Politics Derail Security Initiatives


Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly.

Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not align with the organization’s political culture. Such an environment makes it extremely difficult to manage these initiatives. Security teams must recognize the obstacles they face and work to gain buy-in from key stakeholders.

The Problem With Organizational Politics

Denial can impede IT efforts — especially when C-suite executives are insulated from the realities of the security landscape. In many cases, when executives say that security is not in the budget, they simply mean that it is not on their radar and, therefore, doesn’t matter.

Other obstacles include hidden agendas and power struggles that prevent employees from sharing information with others. For example, some employees might withhold information as a tactic to ensure job security, while another staffer might use it as an organizational currency to buy influence. Chief information security officers (CISOs) may encounter this behavior during red on blue exercises when red team members refuse to divulge vulnerability test results to the security operations center (SOC) team, or at the very least aren’t totally forthcoming about their exploits.

Pushing the Right Buttons

No department is immune to the effects of organizational politics. Security professionals must thoroughly understand the political landscape and devise more effective ways to communicate risks to C-level executives. This communication must occur in business terms with a focus on the end business goals.

To successfully navigate organizational politics, IT professionals must gain their colleagues’ trust, which takes time. Start by forming personal connections with fellow employees or subordinates. People have their own individual interests and concerns, and leveraging them can go a long way toward building positive rapport.

The bottom line is that if IT professionals have the organization’s best interest in mind, executives and other stakeholders are less likely to question their motives. This trust enables them to foster alliances and more effectively advocate for security. The CISO can take it a step further by acting as a mediator to help employees in other departments find common ground when disagreements arise.
Organizational politics require security professionals to be adaptable. As executives and employees come and go, the political landscape shifts accordingly. The key is to understand what you’re up against and use your experience to keep security top of mind throughout the enterprise.

Comments