InterSources Inc

“The laptop was encrypted.” That is where the client conversation started. Of course, our CISO did not rush past that sentence. The audit was clean. The checklist was complete. The required control was in place. Everyone could point to the same reassuring word: Encrypted. Naturally, that word carries weight in a boardroom. It sounds responsible, defensible, and complete. Encryption is foundational because it reduces risk, supports compliance, and belongs in every serious security program. Our CISO understood why the team felt reassured. He was not there to challenge their confidence, but to help protect it before the moment became real. He did not see a failed control. He saw an unfinished protection story. So, he asked the question that changed the conversation: “What protects the data after the checkbox turns green?” The room did not get defensive. It got focused. A lost or stolen device raises more than one question. It creates a sequence of decisions. 1. Who can access the data? 2. What happens after login? 3. What detects unusual file activity? 4. What protects information while it is being used? What changes when the device is no longer in the organization’s control? That is where compliance and operational protection begin to separate. A compliance answer says, “The control exists.” An operating answer says, “Here is what happens when conditions change.” CVE-2025-48804 is another reminder that physical-access risk does not disappear because a device is encrypted. That does not make encryption weak. It makes layered protection necessary. The best security leaders respect the checkbox, then ask what the checkbox does not see. They look at identity, endpoint behavior, data movement, runtime activity, credential exposure, and response steps as one connected picture. That is where technical depth becomes practical protection. The goal is not to make security louder, heavier, or more complicated. The goal is to clarify the next step before pressure even starts. Before the laptop disappears, before the support ticket opens, and before everyone searches the audit folder, the better question is this: If the device were gone tomorrow, would your team rely on the word “encrypted,” or would they know exactly what protects the data next?

Your disaster recovery plan may be ready for the breach you expect, but not for the breach you inherit. Most continuity plans address risks an organization expects to control, like fires, floods, ransomware, internal outages, and infrastructure failures. Those risks are still real. However, the upstream risk is the one hiding in plain sight: What happens when a critical SaaS vendor is breached, and the attackers come back? The recent Canvas LMS incident made this harder to ignore. The deeper issue was not only that a major platform was affected. It was the pattern: persistent access, repeated activity, and an upstream environment that customers do not fully control. That changes the recovery conversation. When the compromised environment belongs to a vendor, your team may not control the recovery layers. You may not control the timeline. You may not have full visibility into what happened or how far it reached. That is not a SaaS problem. It is an operational dependency problem. Therefore, continuity planning has to expand from: “What do we do if we get breached?” to: “What do we do if something we depend on gets breached?” This second question requires five practical capabilities: - Continuous identity federation reviews. - Clear SaaS data-location mapping. - Vendor-specific breach runbooks. - Real-time vendor security posture signals. - Credential rotation plans that do not depend entirely on vendor response time. The more useful way to look at this is operational: A vendor breach is not only a security event. It is an operating condition. The question is not only about vendor security. It is whether your organization can keep operating safely when a critical vendor becomes unreliable. That is where continuity is tested, and where the plan meets the business.   Which SaaS platforms sit in your critical path right now? If one became unavailable, compromised, or uncertain for forty-eight hours, would your team know exactly what to do? Who owns that answer before the incident begins?  

Moments like these remind us that meaningful connections are at the heart of strong business partnerships. Our Solutions Advisor, Adon Navarette, MBA, recently attended a Chicago Fire match alongside Fred Kwong, Ph.D., CISO at DeVry University, an opportunity to connect beyond day-to-day conversations and strengthen relationships in a more relaxed setting. A big thank you to Jenna Johnson, Director of Corporate Partnership, Chicago Fire FC, for hosting such a great experience. To top it off, Chicago Fire FC brought home the win! ⚽ #Networking #Leadership #Partnerships #Cybersecurity #InterSources

When identity is synthetic, verification is everything. See the full episode: https://lnkd.in/ePqJbEis

You secured your AI, but not the AI your team is already using. While you protect deployed AI, shadow AI is expanding your exposure. The next breach could start in everyday decisions: faster workflows, quick fixes, “safe” data. By the time you see it, it’s already embedded. In this edition of #CyberSentinel, we break down where AI risk is really coming from, and how leading teams are getting ahead of it. 📖 Read the full blog:

What if identity is no longer proof? Deepfakes are rewriting the rules. See the full episode: https://lnkd.in/edMqdCJb

I walked into a room full of supply chain operators, sustainability heads, and business leaders last week. I’m not a supply chain person. I’m an HR specialist at InterSources Inc and I was there because I believe the talent and people side of sustainability is the missing conversation in rooms like this. It was a great privilege of being in the room at the Sprih Roundtable at MIT. Thirty people. One honest question: “How do we build value chains resilient enough for what’s coming?” Someone said it plainly, “Sustainability is no longer a compliance checkbox. It’s about business survival. And we’re already few years behind.” I left thinking about one gap no one named directly: where does the green talent come from? You can have the strategy. The frameworks. The executive buy-in. But if the pipeline of sustainability-fluent professionals isn’t there, execution stalls. That’s the gap GreenSkills exists to close connecting purpose-driven job seekers with employers building the green economy. Grateful to Akash and the Sprih community for creating conversations this honest. More of this, please. Pleasure meeting sustainability professionals and making friends, big thanks to Sprih Team. #GreenSkil #ESG #Sustainability #GreenEconomy #TalentPipeline

Your brain decides whom to trust in 170 milliseconds. That’s faster than conscious thought, and it’s exactly what deepfake attackers are exploiting. When a voice sounds familiar, or a face looks real, the brain fills in trust before logic has a chance to catch up. Add urgency, and even well-trained teams can make the wrong call. In our latest edition of #CyberSentinel, we break down the important takeaways from our recent webinar with Dr. Fred Kwong, Ph.D., VP & CISO at DeVry University, and explain why this isn't just a cybersecurity problem but a widespread human vulnerability: #Deepfakes #Neurosecurity #IdentitySecurity #CISO

At the latest #ISACAChicagoChapter meeting, our Solutions Advisor Adon Navarette, MBA met with industry peers to discuss a key question: Why does security training often fail to change behavior? The session, led by Agathe Merle, Security Manager – Cybersecurity at Abbott, addressed a reality many organizations deal with: awareness alone is not enough. Great insights, meaningful discussions, and a strong reminder that security is only as strong as the people behind it.

Our New Business Development Director, Adon Navarette, MBA, recently attended the UIC Cybersecurity and Privacy Community Conference, hosted by Shefali Mookencherry, CISO, CPO, and Technology Solutions leader at the University of Illinois Chicago (UIC). The event brought together cybersecurity and privacy professionals to exchange insights, tackle today’s evolving challenges, and explore what’s next for securing data, systems, and trust in an increasingly complex digital landscape. Moments like these reinforce the value of collaboration across the cybersecurity community. #CyberSecurity #DataPrivacy #Leadership #Networking #TechCommunity