Kamhen is an independent company specialising exclusively in Information Security. Kamhen was founded by internationally recognised industry experts and has become one of the foremost Information Security consultancies.

More about Kamhen...

What we do

We offer a comprehensive range of Information Security and training services Our services help businesses to protect their valuable information assets.

More ...

What's your cybersecurity whistleblower strategy?

It reads like a security nightmare. An employee, maybe even someone in IT, contacts a government regulator and reports major vulnerabilities in the company’s infrastructure. The employee says the company knows about the problems but has done nothing, putting people's personal data or maybe even their physical safety at risk.

Even worse, the whistleblower claims to have been punished for complaining too much to management about the problems. An investigation ensues, forcing the company to hire attorneys and consultants, and the regulator levies a hefty fine when several accusations prove accurate. Finally, the whistleblower is given a portion of that judgement, financially rewarded for exposing their employer’s dirty laundry.

When I discuss this scenario with other security professionals, many see it as a classic case of insider threat. The fictive whistleblower is blasted as unprofessional, spiteful, a traitor even. That reaction may be understandable, but it is increasingly misinformed and dangerous. Whistleblowers will be coming to cybersecurity, and a strategy built around blaming and demonizing them will actually make things much worse.

In 2015, the Securities and Exchange Commission (SEC) settled charges that R.T. Jones Capital Equities Management violated the “safeguards rule” by not doing more to prevent a security breach that compromised the information of about 100,000 people. Even though no one appeared to be harmed, the SEC censured R.T. Jones and fined the firm $75,000. Justifying the enforcement, the SEC said,




What do you see as the biggest security threat to your business?

Who's Online

We have 6 guests online

CISO, African Development Bank

Genuine experts in Information Security.
They have built a leading competency in this area with Kamhen Services

Teaminfosec Ireland

We have worked together in various capacities ranging from strategic partnership to consulting internationally. relentless in the pursuit

eFortresses Inc. - USA

An extremely sharp professional organisation, whose ability                   to grasp the bigger picture for Information Security goes