Categories
Articles Retained Search Best Practices

Ditching Recruiting Firms Contingency, RPOs, and Old-Fashioned Retained Search

Why are more and more forward-thinking employers ditching recruiting firms that produce, to put it bluntly crap. Most firms that have spent the time to really investigate the search marketplace have learned that Contingency, RPOs, and traditional retained search firms need to be ditched in favor of the 21st century success based recruitment?

In a 3.5% unemployment rate, most Hiring Managers know the undisciplined, inexperienced, and average “C players” are predominant on job boards.  In addition, with job aggregators, job openings get overexposure to the point the company suffers in public relations and branding.  same goes for RPOS and contingency search firms – the more they re-post the same job posting, the worst candidates are revealed.

Ditching Recruiting  Firms that Fail to Produce

You have certain objectives you want a new hire to meet, for most C-level executives there is not a cookie cutter template to be applied to their position.  Your target market are passive candidates, those that would never read job postings that have been picked over by every Tom, Dick and Harry, they simply are not actively looking,   What interests passive candidates?  A new challenge, a different product or service portfolio, location, company size, and more.   A typical job posting showcasing responsibilities and requirements is a no enthusiasm road map.  It is in reality a robotic drone of words strung together that entices only the unemployed or average active job seeker.

Ditching-Recruiting-Firms-300x200Even the traditional retained search model, which does produce much better candidates, is going by the wayside.  More and more companies are ditching recruiting firms that are traditional retained search models.

While employers understand the deposit to initiate a search, they expect results.   Most have a 90 day to 6 month replacement guarantee.  But they collect all the fees within 90 days regardless of outcomes.

‘The new paradigm, which NextGen Global Executive Search has used for a decade, is a search should be success based in regards to the recruitment fees.  Also known as a performance based search, after the deposit (which is a very reasonable percentage of the overall cost) the 2nd invoice is due upon acceptance of the shortlist and in-person interviews are scheduled. The final invoice is due upon the hire being completed.

Ditching Recruiting Firms with Compensation Based Fees

In addition, success based search fees should be a flat fee and not based on compensation.  The reason is simple, in that compensation based fees can cause an increase in the overall recruitment fees during offer negotiations which is an inherent conflict of interest.  As stated earlier the 3rd and final invoice occurs on the hire and is backed by a  24 to 36 months replacement guarantee.

The end result is both the employer and recruiter have skin in the game and the employer is confident that the majority of the fee is based on the recruiting firm meeting the objectives and a solid new hire.  To read further on why companies are ditching recruiting firms and comparisons between contingency, RPO, traditional retained search, and success based retained search, download the PDF.

Categories
Articles Talent Acquisition - Assessments

Why Two-Way Behavioral Assessments is Key to a Great Hire

Why do an increasing number of astute Hiring Managers want behavioral assessments?  The end goal is to make the RIGHT HIRE to achieve quick ASSIMILATION, faster PRODUCTIVITY, and longer RETENTION.  Behavioral assessment (sometimes referred to as “Psychometric Testing”) has become increasingly recognized as a valuable source of information when making hiring decisions.

There is a wealth of data to demonstrate that using behavioral assessments in conjunction with sound, responsible recruitment methods reduces employee turnover, and it’s quickly becoming standard practice for many employers and recruiters.

When used strictly one-sided whereas applicants/candidates are tested, the results are vague and often mis-interpreted.   In addition, when compared to a one-size fits-all “corporate culture” , the results don’t help in determining if said candidate is really a good fit for the team he/she will work within AND what effects they will have on team dynamics .  The one-sided test isn’t worth the additional time and expense

When in the current economic climate is behavioral assessments REALLY an essential part of assessing potential candidates?  When testing a candidate, what are you measuring the results against?

Just in case you’re unfamiliar with behavioral assessment, although the process varies from company to company, it usually involves a questionnaire that asks the candidate about their opinions, preferences and priorities.  Behavioral reports can include information such as preferred working environment, how they respond to tight deadlines, preferred management style, approach to selling, and much more.

Define the Role using Team Behavioral Assessments

Behavioral AssessmentsFiguring out exactly the kind of candidate you’re looking for and creating a job description to match can be a time‐consuming headache. But a simple job survey of the direct stakeholders to the role you are recruiting for, lasting around 12-14 minutes, will produce detailed analysis on how those stakeholders view the role and a composite team analysis on these FOUR POINTS:

 

Save TIME by Conducting Fewer Interviews

A resume or LinkedIn profile tells you whether a person has some of the qualifications and job history but usually it’s impossible to tell if a person has the right attitude, accomplishments until you interview them. Behavioral assessments, on the other hand, can provide you with that information in a fair and objective fashion.

So if, for example, you have 3 to 4 candidates that look great on paper, TWO-WAY behavioral assessments can help you reduce that shortlist to a more manageable number, and leave you with a much more efficient interview process.

An often-overlooked feature of behavioral assessment is its ability to tell you the training and management styles to use to get the best results from your new employee. Getting your recruit up to speed quickly and making them feel comfortable in the role with fast productivity is not only a time saver but it also reduces the expenses incurred through downtime.

Two-Way Behavioral Assessments Reduces Employee Turnover

We’ve already mentioned the fact that behavioral assessments reduces employee turnover, but have you ever stopped to consider just how expensive and time consuming it can be to replace a bad hire?
Aside from the fact that you have to spend time and money, repeating the recruitment process all over again, you also have to repeat the expense of onboarding and assimilation for the eventual replacement.

Although prices vary quite a bit, the average cost of behavioral assessments are s often far less than employers imagine. And any one of the above four points would more than justify the additional, modest investment. But put these four elements together and you have a potential saving of time and money that represents thousands of dollars. Especially in consideration of reducing employee turnover.

Categories
Articles Artificial Intelligence Cyber Security

Healthcare Cyber Attacks to Medical Devices, EMR Apps, and Cloud

Embracing next technology healthcare without adequate preparation will only open new risk avenues and threat vectors for healthcare cyber attacks.  Technology is perceived as a solution to address operational inefficiencies within the healthcare industry and to expand the reach of high quality healthcare services to remote regions. But the risks are mounting.

Vulnerable Devices for Critical Medical Practices

The proliferation of smart technologies will encompass the healthcare industry in coming years. Digital devices such as smart pacemakers and insulin pumps are used widely today, and the next generation of smart technologies will cover a variety of critical cardiovascular, respiratory, and neurological medical practices. However, next technology healthcare devices aren’t immune to sophisticated attacks. In control of malicious actors, vulnerable smart medical devices can deliver the killer blow to patients instead of maintaining stable health.

Cloud Vulnerabilities for Healthcare Cyber Attacks

Cloud connectivity is critical to access patient information anywhere-anytime, a promise that’s driving transition to the cloud for healthcare institutions. PHI data is effectively stored in off-site data centers beyond the control of healthcare providers originally in charge of maintaining patient data privacy and security. Any vulnerability in their cloud networks is an open invitation for hackers to compromise sensitive patient information.

IoT Networking

Unlike cloud vendors subject to stringent compliance regulations, patients themselves are unable to secure IoT-connected medical devices at home. A malware infected dialysis machine could be part

of a DDoS attack intended to bring down the entire network infrastructure of a hospital. Since IoT devices come from multiple vendors, through different processes and offer different technologies, it’s not entirely possible to maintain a consistent standard and control around healthcare cyber attacks and IoT device security.

Next Technology Healthcare Cyber Attacks to Mobile Apps

Healthcare providers adopting telemedicine practices using smartphone health apps may not realize or control the personally identifiable information shared with third-party advertisers. These apps run on mobile platforms vulnerable to security threats, especially when the OS is not updated to apply the latest available security patches.

Considering the general lack of security awareness among patients using outdated mobile app and OS versions, and fall prey to mundane social engineering ploys, the industry has a long way to go before considering mobile apps as secure channels to offer effective firewalls and security against healthcare cyver attacks.

Do you think the next technology healthcare industry is ready to take a deep dive into cyber security adoption without adequate preparation and fixing loopholes that exist within the technology itself?

Recruiting expertise in medical devices and electronic health records

Need an executive search consultant with deep knowledge and contacts in the medical field?  NextGen has identified and recruited key personnel ranging from principal / chief engineers in software development, systems design, and embedded wireless to directors and VPs in sales, business development, and technology to president of business unit for medical device manufacturers, electronic health records developers, clinical integration, and bio medical research and development.

Categories
Articles Cyber Security

Proactive Ransomware Mitigation Strategy for EMR

Ransomware is distributed as a social engineering ploy via email, malicious links and malvertizing, among other techniques. A proactive ransomware mitigation strategy for EMR is needed as once a user falls prey to these human exploits, ransomware is downloaded to the victim’s computer to begin the malicious process.

The virus attempts to connect with encryption-key servers, takes hold of public encryption keys and uses various encryption algorithms to encrypt mission-critical data on the network.

This data typically includes file formats of PDF, JPG, and Microsoft Office extensions. Basic OS recovery and reboot systems are disabled. The compromised data is moved, renamed, encrypted, and renamed again to ensure the required data cannot be queried using actual file names when ransomware is executed, which is when ransom is demanded via Bitcoin or other digital money transfer services. At execution, the start-up screen and several basic features are also locked until this payment is processed.

Why a Proactive Ransomware Mitigation Strategy for EMR Matters

Despite the prevalent security awareness, phishing schemes and drive-by-downloads remain one of the most effective techniques to deliver ransomware payloads onto target computers. To combat ransomware, a proactive ransomware mitigation strategy is to set up systematic corporate security training programs to prevent ransomware payload delivery onto your EHR systems in the first place.

Employ expert social pen-testers to phish your own staff. Emulate real-world exploits but do no ream harm to your organization or employees. Establish gamification-based rewarding programs to encourage dedicated adoption of security best practices. And yes, prior executive approval will be required to prevent awkward situations.

Secondly, it’s best to perform social penetration testing procedures on a separate, isolated network infrastructure such that sensitive data remains inaccessible and uncompromised. This strategy will essentially build the most effective line of defense against ransomware: the human firewall.

Advanced phishing attacks are known to bypass standard spam filtering standards set up by email clients. Another part of a proactive ransomware mitigation strategy for EMR is to establish strong spam filtering techniques such as blacklisting and whitelisting email and IP addresses, and real-time blackhole lists that are maintained by third-party security providers. Use content-based filters to ward off malicious content that’s most relevant to your organization.

Email validation systems such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and Domain Keys Identified Mail (DKIM) can prevent phishing emails from reaching your workforce. Establish strong administrative and access controls to prevent unauthorized and unintended downloads of executable files via email or the Web – even legitimate website could be compromised to deliver ransomware as downloadable content.

Strict controls that allow the absolute least user privileges to appropriate users will reduce the proportion of workforce who can inadvertently facilitate ransomware delivery to the corporate IT network. This approach will prevent anomalous and unauthorized downloads, installations, data transfer, editing and encryption from taking place.

Furthermore, streamline the updating, patching and validation processes for every tool used in the EHR systems. Most of the ransomware attacks exploit known vulnerabilities that remain unpatched. Standardizing mass rollout of updates across all systems is a time-consuming and cumbersome process if the operating systems and software are installed on local hard drives.

Organizations that maintain such systems take months and sometimes years before evaluating, authorizing and installing updates individually on each computer. On the other hand, organizations that maintain virtualized and cloud-based environments for the delivery of desktop OS and electronic heath records solutions can automate and streamline the process of software updates.

Although these measures drastically reduce the chances of successful malware delivery to your systems, your organization should be prepared to tackle the threat of ransomware infection and prevent execution of malicious programs. For instance, another proactive ransomware mitigation strategy is to limit user privileges and controls to install software against targeted file extensions.

If an installation is critical, the process should be flagged and transferred to a sandbox environment for detailed security assessment. Unauthorized changes to medical devices, files and data sharing should be blocked to prevent potential ransomware processes from executing.

Proactive Ransomware Mitigation Strategy for EMR Advanced Security

Deploy advanced security solutions that would detect anomalous processes, raise the alarm and cut-off compromised systems from the network to prevent the malware from spreading. Maintain an efficient backup recovery system that performs data backup in real-time and can be used to retrieve mission-critical data in a matter of minutes, as required. Consider using differential backup techniques that preserve the only the new changes performed to data that’s already backed up.

The minds behind ransomware attacks intend to hold this data to hostage so that victims are left with no option but to process the payments. If you can access this data using alternate means within acceptable schedule, the ransomware attack is rendered useless and you can eventually get security and IT experts to clean up the infected systems.

Finally, a sound proactive ransomware mitigation strategy for EMR is to coordinate with your security solutions providers and federal agencies to report possible ransomware attacks – they may already have relevant information and could be able to crack down on the perpetrators with the additional reporting, thereby preventing future attacks from the same sources.

Need help recruiting Cyber Security Professionals for HL7 or EMR Development?

NextGen Executive Search as successfully recruited and placed software developers, analysts, firewall and firmware design, sales, and product management for clinical integration, healthcare patient records management vendors, including medical device manufacturers for over 20 years.

 

Categories
Articles Cyber Security

Mobile Threat Exploits Are You Prepared to Defend Against Malicious Apps?

When we think of cyber threats to endpoints, typically what comes to mind is the need to protect our PC’s and laptops. Many more businesses are adding comprehensive security solutions and user policies administered to include mobile threat exploits.

But it’s unquestionable now that mobile phones are just as likely (if not more likely) to be targeted by cyber criminals. There are a few reasons for that.  The first reason that mobiles are now a legitimate target is the sheer number of them. It’s estimated that there will be over 6 billion smartphones in use by the year 2020. That’s around 70% of the world’s population using a smartphone in 3 years’ time.

Modern smartphones are now small computers. The processing power, functionality, and the way we’ve integrated them into our lives make them a treasure trove of valuable information and easy food for hackers wishing to use mobile threat exploits. And IoT Botnets further increases the vulnerability of cloud based data and mobile devices.Many people today use their mobile phones to access online banking and as a physical payment method in store. Cybercriminals tend to follow the money and so are putting resources into targeting mobiles. Last year, security vendor ESET discovered a form of malware that presented a false version of online banking login screens to steal credentials.

Exposing Vulnerabilities of Mobile Threat Exploits

Like any operating system, there is a continual process of discovering vulnerabilities and attempting to patch them before hackers can take advantage.

This can be complicated on the Android OS. Android is open source, allowing stakeholders to modify and redistribute it to fit their needs.

This means that when mobile threat exploits and vulnerabilities are fixed at the source, it doesn’t always translate to the problem being resolved for the user.

Mobile-Threats

The most famous example of this is the Stagefright vulnerability. This was mobile threat exploits in the code library associated with media playback. If a hacker sent malicious code within a video via MMS, the attack could be successful without any interaction from the user.  This vulnerability was said to affect 95% of Android users making patching a nightmare. Although there had been previous serious vulnerabilities in Android, such as FakeID, TowelRoot, and PingPong, this was the first exploit of this scale that could be successful without any user input.

No OS is Safe

Typically, we see most of mobile attacks targeted at Android devices. But iOS is not completely bulletproof. XcodeGhost was a copycat version of Apple’s development environment, used for creating apps.  Developers that used the rogue version of Xcode to create their apps unwittingly delivered their product to the App Store with the malware in tow.

Mobile Threat Exploits Protection Starts with Education

So clearly, we need a robust plan in place to protect mobile devices from mobile threat exploits. But how do we go about this? The first thing to consider is user education. When using a laptop, most people know not to open attachments from unknown sources.  But mobile users are not always as careful. Educate them to apply this same level of caution to mobiles; only downloading apps from trusted sources and giving the application, the minimum permissions required to perform its task.

Management is Not Security

Your company likely already has an Enterprise Mobility Management (EMM) solution in place. This is useful for managing a fleet of mobiles and preventing opportunistic crimes by enforcing passcodes, for example. But EMM is not sufficient to protect against more advanced threats, and most suites don’t have the functionality to detect, analyze and respond to cyber attacks. For this reason, it’s important to supplement your EMM with a Mobile Threat Defense (MTD) product.MTD has far greater mobile threat exploits threat-detection capabilities and can help to prevent man-in-the-middle attacks, detect non-compliant or malicious apps, and spot jailbroken devices. It’s important to have this level of security on your mobile devices due to the amount of corporate data that can typically be accessed via mobile now.

User-Based Access Controls

A cloud-based Identity as a Service (IDaaS) solution can also help to increase security. The benefits of this to a business are two-fold: For the user, all their corporate systems can be accessed via a single sign-on (SSO). This eliminates the need to remember multiple login credentials.It’s likely to be a multifactor sign-on process which is more secure than a static password. IDaaS also allows users to be automatically granted certain access rights or privileges based on their role. Employees get the right tools to complete their job function and no more. This means that in the event of a mobile threat exploits, the compromise, the amount of accessible information can be limited.

Effective Patching

As mentioned, patching mobile devices is not always straightforward, particularly in Android ecosystems. Updates can be blocked by Google, the handset manufacturer, or the mobile operator. However, this situation has improved since Stagefright. Even given these difficulties, it’s important that you have a process for keeping your operating systems up to date. This should be easy to configure in your EMM solution.Ultimately, we don’t need the statistics to tell us that mobiles are here to stay in the business world; we see evidence of this every day. Mobiles are now integral to huge chunks of our working lives. And because of this, the threat from hackers will continue to grow.

What steps are you taking to ensure that mobiles aren’t an easy attack vector into your business?  And do you feel that your users are as educated on mobile threat exploits as they are about conventional PC-based malware?

 

Categories
Articles Cyber Security

Healthcare Is Unprepared for Cyber Attacks and here’s why…

Healthcare is unprepared for cyber attacks and as the cybercrime threat landscape for medical devices and electronic health records is evolving at unprecedented rates this lack of preparation does not bode well.  The malicious intent of financially motivated or state-sponsored cyber-criminals was best served by victimizing financial institutions, power infrastructure and the business sector.

The sheer wealth of profitable consumer information stored within the servers and IT networks powering these industry segments have attracted cyber attack interests for decades. At the same time, these industries are investing vast resources to strengthen their security posture. Cyber criminals pursuing easier targets are aiming for the healthcare industry instead, where a similarly vast deluge of sensitive personally identifiable information powers increasingly digitized healthcare services from less-secure network infrastructure.

Inherent Loopholes as Healthcare Is Unprepared for Cyber Attacks

Healthcare institutions excel in medical practices but are inherently prone to security attacks. 2017 might have seen only a limited number of successful attacks, but make no mistake that healthcare is unprepared for cyber attacks and this is a very real threat, and here’s why. The future of healthcare centers are paperless medical practices. Digital patient information stored in network-connected servers is a recipe for disaster unless strong security defense capabilities are in place to ward off sophisticated cyber attacks. And that’s precisely the problem with the healthcare industry they are woefully unprepared for technology adoption.

While the government and the industry is pushing to embrace Electronic Health Record (EHR) systems, the same attention is not given to invest in strong security solutions, technologies, and processes across the widening industry of healthcare institutions, hospitals, surgery centers and EMR/EHR management providers.

Equating Compliance to Security: Global regulatory authorities enforce strict laws to ensure security of digital health records and electronic systems used in the healthcare industry. However, these laws are designed to establish and maintain a minimum standard of security capabilities and practices. The risks could be far worse and varied. Therefore, it becomes more obvious why healthcare is unprepared for cyber attacks by maintaining compliance standards such as HIPAA do not translate into strong security capabilities.

Lack of Security Awareness: A significant proportion of life-threatening spearphishing and ransomware attacks are designed to exploit the human element. Random clicks to malicious links by unsuspecting workforce in the healthcare industry cost millions of dollars in damages. Inadequate workforce education and training on maintaining security of digitized records and new healthcare technologies is prevalent in the industry considering the simple root causes of these costly attacks.

Lack of Resources: Many healthcare institutions do not operate on the same IT security budget in comparison with financial and business organizations. A recent conducted by The Ponemon Institute finds healthcare organizations rate their ability to defend against cyber-attacks at a meager 4.9 out of 10.

Outsourcing May Alleviate Healthcare Industry Unprepared for Cyber Attacks

Healthcare institutes work to excel in the services they have to offer, and tend to outsource critical healthcare IT operations. These IT service providers are subject to strict regulations including HIPAA, whereas healthcare organizations cannot accurately assess the risk of business associates or ensure security of Protected Health Information (PHI) shared with them.

Categories
Articles Cyber Security

Personal Cyber Security Has Now Become More Personalized

Cyber-attacks are amplifying across the globe.  Personal cyber security is important as not only have they becoming more frequent, but they are also impacting a wider band of digital terrain. A single worm, like WannaCry is capable of infecting countless systems in numerous ways, from email accounts to personal data to service disruptions and other critical disturbances. The impact and frequency has led to billions of dollars’ worth of damage, to include lost productivity. Damage to an organization’s reputation is not even calculable.

Budgets are growing tight due to the continued cost of cyber security protections and investigations. While this regularly effects large organizations, small to mid-size businesses are also seeing an increase in cyber-attacks. Hackers are turning toward smaller targets because they are less likely to have secure infrastructure and even less likely to know they are under attack. A worm or virus can sit in a computer system for months and without an in-house IT team, small businesses are especially vulnerable.

Personal Cyber Security Thwarts Hackers

A target that is even smaller than a small business is you. Personal cyber security is becoming more relevant as hackers seek out any vulnerability. But if small businesses can’t even afford an IT team, and if large organizations are finding their budgets shrinking due to cyber security costs, then how can an individual protect themselves?Personal Cyber SecurityCompanies like Rubica are offering personal cyber security options that protect individuals, and the businesses they own or work for, from cyber-attacks by providing easy-to-use and affordable cyber security options.

I rarely recommend any company’s products or services, but Rubica has options and features that warrant a serious look by executives and Board members alike.

Far too often individuals do not adhere to security protocols because the protocols are too complicated or time-consuming. People take short-cuts to avoid tedious passwords or log-in requirements.

Doing so on your personal device is risky, but when your personal device is also synced to business applications results can be catastrophic. By providing employees with personal cyber security features, Rubica protects individuals and businesses.

Some of Rubica’s defining features include its mobile ready app that can be downloaded on desktops, tablets and smart phones. There is no need to install hardware or receive staff training on its use. The app is backed by Rubica’s signature concierge service. The cyber ops team is on call at any time. But users rarely need to contact Rubica since the security app and service does its work without the user even knowing.

Personal Cyber Security Solution by Rubica

Rubica’s cyber ops team provides personal cyber security to any user who has downloaded the application. Once downloaded, the cyber ops team is able to monitor your data, identify threats and alert you when necessary. By paying attention to personal behavior patterns, the team is able to deduce when an imposter has entered a network.

If the idea of data and behavioral monitoring is not a price you are willing to pay in exchange for personal cyber security, then don’t worry. Rubica can be turned on and off. Users are able to access the app and view activity graphs, review investigated events and ask Rubica staff questions about their data or any ongoing threats. Rubica’s personalization means that your personal cyber security choices just got more personal.

Require the rolodex and expertise of an executive search team?

NextGen has a solid track record in identifying and recruiting “A players” – the top 14% of the workforce that produces 8 to 10 times more than even “B platers” – AND these “A players” exist at every level from lead software developer to cyber analyst to Director of business development to VP of Cyber Counterintelligence and much more.  We recruit for red, blue, and purple teams for cyber defense contractors and DoD as well as private sector cyber security needs.

 

Categories
Articles Cyber Security

Facing New Cyber Warfare Tactics – Implement CCI Methods

Cyberspace is an official battlefield for almost a decade in many states. According to a series of data breach investigations report (2013-2016) of Verizon facing new cyber warfare tactics, despite cyber criminals remain a major actor category in causing data breaches, the significant participation of nation-states and state-affiliated groups in cyber-operations is not to be underestimated.

The operators in the latter category do not simply target short-term monetary gain, but in-depth and persistent penetration to attain strategic objectives, notably the advanced persistent threat (APT). Our businesses, government, and military are facing new cyberwarfare tactics used in economic espionage, geopolitical campaigns and remote sabotage attempts. High profile events in recent years ranging from the Chinese APT1 eavesdropping over 140 international companies, Russian APT28 implementing asymmetric warfare against Georgia and Ukraine between 2008 and 2014, to the DNC email hacking in the recent US presidential election and Olympic Games (Stuxnet) sabotage incident in 2010, contribute to the rapid development of cyber intelligence landscape.

Methods in Facing New Cyber Warfare Tactics

Thus, in this troubled water, not only the digital assets and intellectual properties of private companies are under constant surveillance of ​cybercriminals but also public critical infrastructures and new Internet of Things connected data and devices are at stake. Highly skillful and resourceful actors enthusiastically collect intelligence through sophisticated hacking tools, computer worms and network mapping technologies.This intelligence collection empowers malicious actors to succeed in striking companies and governments. One key underlying factor for successful risk mitigation is not only to catch up with the ‘hardware’ technological advancement, but also the software in facing new cyber warfare tactics to analyze the pattern, identity and objectives of the intruder so as to effectively counterstrike intelligence collection of the adversary.Facing new cyber warfare tactics by implementing CCI methodsThus, adopting military doctrines such as decoy, deception and deterrence to detect and mitigate cyber risks becomes a valuable cyber counterintelligence (CCI) strategy for both private companies and states. In the tactics, techniques, procedures (TTP) guidelines implemented by the U.S. Department of Defense (DoD) Joint Chiefs of Staff, at least four major intelligence collection methods can be identified in cyberspace. Intelligence can be collected through human (HUMINT), open-source (OSINT), signal (SIGINT) and geography (GEOINT).Based on these notions, the security researcher, Robert Lee, suggests two approaches to apply these concepts in CCI policy making: defensive CCI and offensive CCI.The former recommends regular red team assessment to evaluate both internal network vulnerabilities and external threat landscape. The latter is about setting up honeypots and sock puppets to interact with the adversary so as to achieve deception and delay effects. Both approaches require a comprehensive understanding of the internal networks, operations and procedures about one’s own organization. Ideally, one optimal CCI employment involves a mix of active and passive intelligence gathering to understand the potential adversaries.

Assessments in Facing New Cyber Warfare Tactics

In other words, it implies the hybrid application of conducting internal and external assessment as well as interacting with the intruders. Hence, the organization can be better prepared in facing new cyber warfare tactics by drafting its response plan and internal policies with more concrete scenarios, evidence, and more significantly, grasp of the tactics of the adversary.

In addition, internal analyst and general employee training is a prerequisite for the successful implementation of CCI strategy. On the one hand, improving the security awareness of general employees is an important, yet underestimated, means to prevent initial network compromise. For example, the victims of APT1 mostly started by falling prey to spear phishing which eventually caused successive large-scale data breaches. Educating employees to be cautious of unverified and false web information addresses the most vulnerable human factor in cybersecurity trust chain.

In other words, it implies the hybrid application of conducting internal and external assessment as well as interacting with the intruders. Hence, the organization can be better prepared in facing new cyber warfare tactics by drafting its response plan and internal policies with more concrete scenarios, evidence, and more significantly, grasp of the tactics of the adversary.

In addition, internal analyst and general employee training is a prerequisite for the successful implementation of CCI strategy. On the one hand, improving the security awareness of general employees is an important, yet underestimated, means to prevent initial network compromise. For example, the victims of APT1 mostly started by falling prey to spear phishing which eventually caused successive large-scale data breaches. Educating employees to be cautious of unverified and false web information addresses the most vulnerable human factor in cybersecurity trust chain.

On the other hand, the training of in-house analysts has to be rigid and unconventional. They must be able to identify, evaluate and distinguish accurate intrusion data to defend the organization. Putting themselves into the adversary’s shoes is a crucial perspective to anticipate the interests, objectives and strategies of the intruder. It also prevents them from being misled to well-crafted falsified data.

To optimize the performance of the duties of in-house analysts, a number of emerging cybersecurity vendors in deception technology like TrapX, Attivo and Cymmetria develop products and solutions adapted to this specific need. Through setting up decoys and buffering zones such as honeypot servers, sandbox and other buffering mechanisms, the defending organization can maximize the counterintelligence efforts to study the attacker.

In conclusion, adopting CCI perspectives in facing new cyber warfare tactics is an imminent issue for companies and governments to cope with constantly evolving and sophisticated cyberattacks. After all, the information security solutions of major vendors in the market target a more general public having relatively less security challenges than institutions dealing with multi-billion digital assets, IoT networks, and critical infrastructure. Installing ubiquitous anti-virus/ spyware detection software is the earliest phase in defending one’s institution.

In case of constant aggressive network breaches that their existing cybersecurity solutions and internal policies are ineffective, even defenseless, against the adversary, it is time to consider integrating CCI tactics and perspectives into the institution’s cyber defense strategy.

If the states are involved in attacking private entities, for what reasons companies should not introduce CCI to their management?

Whether you are a manufacturer, hardware or software vendor, or defense contractor, you Must have the best talent available who has a TSI and /or active security clearance to work in cyber defense and cyber counterintelligence.  NextGen has served companies with identifying and recruiting cyber analysts, red / blue / purple team engineers, and more.

 

Categories
Articles Talent Acquisition - Assessments

Increasing New Hire Productivity Self Development & Mentoring

Increasing new hire productivity requires making sure the new employee can hit the ground and produce.  Behavioral assessment (sometimes referred to as “Psychometric Testing”) has become increasingly recognized as a valuable source of information when making hiring decision.

There is a wealth of data to demonstrate that using behavioral assessment in conjunction with sound, responsible recruitment methods reduces employee turnover, and it’s quickly becoming standard practice for many employers and recruiters.  But by and large behavioral assessments are not used properly.In addition, is it really worth the additional time and expense? In the current economic climate is behavioral assessment REALLY an essential for your next recruitment campaign?

The answer is:  YES with a CAVEAT towards Increasing New Hire Productivity

Increasing-New-Hire-ProductivityHere are three points why increasing new hire productivity works when behavioral assessments are used properly.  What is a general consensus among most companies is this usually involves a questionnaire that asks the candidate about their opinions, preferences and priorities.

Based on the results, and by comparing the answers against years and years of historical data and expert analysis, the individual’s attitudes and behaviors can be extrapolated.

Behavioral reports can include information such as preferred working environment, how they respond to tight deadlines, preferred management style, approach to selling, and much more.

If you’re skeptical, ask one of your employees – preferably one you’ve known for many years – to take an assessment. You’ll likely be surprised at just how inaccurate the results are.

1. Defining the Role Fit and Team Fit = Increasing New Hire Productivity

Figuring out exactly the kind of candidate you’re looking for and creating a job description to match can be a time-­‐consuming headache. But a simple survey of the stakeholders of the role (direct report, internal customers, the top employees already in that team the new hire will work within) can then be put into a Composite survey that will produce a detailed description of the ideal characteristics you’re looking for, many of which can be inserted straight into your job description.  There is virtually no scientific proof that performing a behavioral assessment of candidates alone will result in a “good hire”

To be successful in evaluating candidates and making the right hire so that increasing new hire productivity is the goal, once you know they fit the role in terms of tangible skills, education, and experience, but t,he fact that 46% of all new hires fail within the first 18 months, according to Leadership IQ, it is vitally important to measure the intangibles in the role fit and to assess the candidate’s impact on team dynamics.  And here is where so many Hiring Managers make a HUGE mistake.  The one-size-fits-all “corporate culture” is used to assess candidates across the board.  But the truth is that ALL teams are unique and EACH has their OWN CULTURE which may align in some ways with the corporate culture statement.  An accurate behavioral assessment of a potential candidate is when it is measured against  the team composite profile.  In particular, you need to measure

  • Values and Motivations and how the potential candidate’s views and needs impact  team dynamics
  • Relational Communications Traits – how the candidate is able to listen as well as sell his/her ideas to the team
  • Conflict Resolution Skills – many of post Baby Boomers were not taught this skills, so training is essential if hiring
  • Decision Making Traits –  can he/she make a valued fast decision or do they delay and waiver inconsistently?

2. Conducting Fewer Interviews

A resume or LinkedIn profile can somewhat tell you whether a person has the ideal qualifications and job history but usually it’s impossible to tell if a person has the right attitude and accomplishments until you interview them. Behavioral assessment done the right way, on the other hand, can provide you with that information in a fair and objective fashion. So if, for example, you have 7 candidates that look great on paper, a team fit and role fit scientifically based assessment can help you reduce that shortlist to a more manageable number, and leave you with a much faster interview process.

3. Customized Mentoring / Coaching = Increased New Hire Productivity

Quick assimilation – faster or rather increasing new hire productivity and longer retention.  It’s the goal for EVERY Hiring Manager.  An often overlooked feature of team fit and role fit profiles and behavioral assessments is its ability to tell you the training and management styles to use to get increased new hire productivity.  Getting your new recruit up to speed quickly and making them feel comfortable in the role is not only a time saver but it also reduces the expenses incurred through downtime.

We’ve already mentioned the fact that behavioral assessment reduces employee turnover, but have you ever stopped to consider just how expensive and time consuming it can be to  replace a bad hire?   Aside from the fact that you have to spend time and money, repeating the recruitment process all over again, you also have to repeat the expense of on-boarding and assimilation for the eventual replacement.

And it’s almost impossible to put a price on the potential for lost business and the reduced employee morale that occurs while the position remains vacant. Although prices vary quite a bit, the average cost of behavioral assessment is often far less than employers imagine. And any one of the above four points would more than justify the additional, modest investment.

But put these three elements together and you have a potential saving of time and money that represents tens of thousands of dollars.  Especially in consideration of reducing employee turnover.   So, the question is not whether you can afford to use behavioral assessment. The real question is…  Can you afford NOT to use behavioral assessment?

NextGen Global Executive Search – Increasing New Hire Productivity

Get an inside look at how NextGen uses this behavioral assessment with award winning Leadership Vault Recruiting process.  NextGen Executive search provides retained and engagement recruitment services for clients who build and service aerospace power systems, UAVs, drones, and stealth tech; artificial intelligence, machine learning, and augmented reality; cyber security and cyber defense; industrial automation, robotics, industrial power system, renewable energy, and fossil generation; medical devices and electronic health records; mobile networks, digital media, embedded wireless, IoT, and cellular  infrastructure.  Compare our search process and fees compared to other search firms by clicking the image below or contact us today.

 

Categories
Articles Talent Acquisition - Assessments

Screening Candidates for Team Fit is BETTER than Corporate Culture Match

Screening candidates for team fit is more fruitful and accurate than corporate culture match. Work is a lot like life in general in that screening candidates cultural fit is what many strive for.  While it is a lofty goal, it is also a bit of star Trek wishful thinking that all will be well in the universe and a perfect hire will happen.

 In life, we tend to mingle with people who are quite like ourselves. As an individual, a person would usually be drawn to another who expresses similarities, in language, music, and style are among the things. In a few words: we are attracted to the same culture. The same goes for the business world.

Companies have a selection process where they usually look for candidates who share the same values and methods of their organization, i.e corporate culture. Screening candidates for team fit takes more work but in the end it is about the performance of the team and the impact the individuals being considered for hire will impact team dynamics.

Each team has their own culture.  And teams are made up of individuals.  If everyone thinks the  same and has the same corporate culture and process methods philosophy, their is no innovation, no challenge to different thoughts as everyone is robotic in their thinking.

And cultural fit should not be mistaken for one’s own prejudice. A candidate should be hired based on how they would make a positive impact on the team he/she will work within and how that in the end would be beneficial for the company without clashing with other employees and while at the same time maintain demeanor. If these are met  y assessing team fit instead of culture fit,  then that new hire is likely to fail.

Screening Candidates for Team Fit is Essential to Team Success

While cultural fit can be discerned in the screening process, whether the candidates fit the team he/she will work within is one of the main purposes of utilizing psychometrics to asses a candidate’s impact on team dynamics.  The major problem is the reliance upon one-way behavioral testing that partially measures a potential candidate’s potential behavioral patters, values, and motivations, but fails to take into account the team composite regarding relational communications style, decision maing and conflict resolution skills, and leadership/management style.

Many feel that in  a panel interview they can discern within a few hours how a candidate will impact team dynamics and weigh heavily on Human Resources to provide the behavioral assessment.  the interaction established in the interview exhibits the candidate’s credentials to accomplish the job and an essential fit needed to perform efficiently within the role, but cannot measure team fit.

Behavioral interviews are often used; unfortunately, the standard practice does not work well. Organizations need to measure a candidate’s behavioral profile against the composite reading of the team’s behavioral profile. This type of psychometric measurement combined with the in-person interviews can accurately tell how the candidate’s approach and conduct are compatible with the ones practiced within the team, as well as within the company.

According to Entrepreneur, Corporate culture is “a blend of values, beliefs, taboos, symbols, rituals and myths companies develop over time.” In itself, a company has their own identity within its workforce and it greatly varies from one organization to another. Within a company, it is common that different people are working together.

Screening Candidates for Team Fit Means a Good Hire

Screening candidates for team fit assures that teamwork is common and important in a corporate setting. Employees who value working with peers and acknowledge the input of various ideas is most likely to work well in an organization that puts emphasis working in teams. Working with others is an important part in business organizations.

However, when an employee prefers to work alone, he or she might be a good cultural fit in an organization that is more inclined in working in teams.Screening candidates for cultural fit and team fit also measures the capability of an employee to embrace diversity and exhibits no qualms in working in an organization that is compatible to their own set of principles and ideals. Companies need to recognize and employ candidates who exhibit these traits. Employees who are happy in their work environment tend to perform better and stay longer.

Despite the diverse personalities within a workforce, a company needs to find balance in shaping their work culture that will assure its accomplishment. Working in organizations would mean meeting a lot of people with different backgrounds. Both cultural fit and team fit emphasizes an employees’ abilities in and characteristics that can contribute to the success of the company.

A Recruitment Process Unmatched

NextGen’s award-winning Leadership Vault search process begins with the Discovery step where the objectives of the role, how a candidate will use their skills, team dynamics, and value proposition are determines.  The target candidate profile includes researched competitor and company targets followed by documenting accomplishments, relative KPIs, depth of industry / customer relationships, and scientifically based team fit analysis.

Success based recruitment fees where majority is based on acceptable deliverables and the actual hire.  Backed by a custom on-boarding plan and a 24 to 36 month replacement guarantee and a retention rate of 93% of our placements are working for same client at 3.5 years of service with 72% in 5 years.  You should expect NOTHING LESS than hiring an “A player” when you pay a recruitment fee.

Charles Moore

Charles Moore

DX / CX / CDP IoT & 5G Wireless
How to Evaluate an Executive Search Firm
Receive the latest news

Subscribe To Our Newsletter

Get notified about new articles, videos, seminars and all the breaking industry news as it happens