Security Technology Executive

MAY-JUN 2018

Issue link: https://securitytechnologyexecutive.epubxp.com/i/994589

Contents of this Issue

Navigation

Page 17 of 79

18 SECURIT Y TECHNOLOGY E XECUTIVE • May/June 2018 • www. SecurityInfoWatch.com Late last year, during a Security Execu- tive Council (SEC) Security State of the Industry briefing , the organization dug deep into the topic of emerging risks and threats to corporate business information today—and how to protect and provide counterintelligence (CI) effectively. The online briefing for the SEC's Tier 1 Security Leaders featured leading indus- try experts who identified horizon and emerging issues and the process and value proposition for establishing an in- house CI team. I was joined by presenters Dina Corsi, Deputy Assistant Director, Counterintel- ligence Division, FBI; and Brad Brekke, former Director, Office of Private Sector, FBI and former Vice President of Secu- rity, Target Corp. and led by moderator Bob Hayes, SEC Managing Director. The briefing focused on rising threats and significance of malicious acts to corpo- rations, as well as the expanding profile of potential perpetrators. " When you hear counterintelligence, many think about it in military terms. But corporations are now being targeted at such a high rate that it's creating an urgent responsibility for corporate secu- rity to address the issue," said Bob Hayes. Identify, Engage, Protect CI is often misunderstood and the world has changed with new and ever-hostile adversaries emerging. Now, CI threats can come from a broad range of deter- mined collectors, including employees and other trusted insiders, hackers, sub- contractors, strategic business partners and even those in academics. And it's no longer simply about classified material, but rather it is increasingly about technol- ogy-related proprietary data and intellec- tual property. As a result, the SEC stated that the CI threat is more significant than ever and is no longer 'spy versus spy.' The best CI plan will identify assets most valuable to the company, engage and integrate internal physical and information security elements and then engage and enlist the help of external ele- ments like the FBI, law enforcement and industry security partners to enhance the protection of those assets. Brad Brekke said the theory of CI should address cybersecurity as well as global and company business processes which may be susceptible to threats–and develop a value proposition based on theory but which maps out a planned approach. "This is an existential threat, of a magnitude that hasn't been clearly defined yet. Effective CI doesn't just raise a flag – it provides a plan to address the issues," Brekke added. Corporate security executives need to define and discuss the risks with execu- tive leadership, determine relevance and pertinent assets and develop a strong CI value proposition. At Target Corp., Brekke said its most important asset was data analytics on guests. "Target had acquired a lot of analytics based on guest data and the web and at the time the trend was to outsource those analytics. We enlisted the support of the federal gov- ernment to bring a different perspective to senior leadership on why they needed to establish an in-house CI team. Ulti- mately, what we were able to offer, at its core, was a small intelligence team that Mayo Clinic CSO and former member of the FBI Brad Brekke (L) and John Slattery (R), who worked counterintelligence for the FBI prior to retiring, both understand the threat posed by unchecked infiltration into the corporate sector by foreign agents seeking to steal technolog y information. COVER STORY » Despite many recent examples of foreign government- sponsored (or condoned) thefts and compromises of trade secrets, U.S. private sector organizations sometimes still fail to consider the security risks that globally interconnected commerce brings. «

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - MAY-JUN 2018