Content, Breach, Security Staff Acquisition & Development, Vertical markets

Grainger Appoints CISO After Former IT Contractor Arrested for Alleged Hack

Mark Lohman named CISO
Mark Lohman named CISO

Grainger, a provider of manufacturing, repair and operations (MRO) equipment, has promoted Mark Lohman to the chief information security officer (CISO) position. The move comes amid reports that a former Grainger IT contractor has been arrested for allegedly hacking the company.

Lohman most recently served as Grainger's senior director of information security and business continuity. He possesses decades of information security experience and is expected to help Grainger strengthen its commitment to cybersecurity, the company said in a prepared statement.

The Lohman appointment was announced after former Grainger information technology contractor Edward Soybel last week was arrested for allegedly breaching the company's computer servers multiple times in 2016.

Soybel intentionally caused damage to Grainger's automated inventory management program, which operates the company's on-site dispensing machines and has approximately 18,000 customers throughout the United States, an indictment alleges. He worked as a technical support contractor at Grainger's facility in Niles, Illinois from November 2014 to February 2016; Grainger terminated Soybel, and his access to the company's servers was deactivated.

Grainger is North America's leading broad line supplier of MRO equipment. The company recorded $10.1 billion in sales in 2016 and has operations in Asia, Europe and Latin America.

How Do CISOs Respond to Security Issues?

CISOs are becoming exceedingly important to organizations of all sizes and across all industries, which is reflected in a recent survey conducted by cloud computing company ServiceNow.

Key findings from the ServiceNow "Global CISO Study" of 300 CISOs included:

  • 81 percent of CISOs are "highly concerned" that data breaches go unaddressed.
  • 78 percent are worried about their ability to detect data breaches.
  • 70 percent believe it is difficult to prioritize security alerts based on the importance of the data under attack.
  • 67 percent plan to automate more in the next three years.
  • 55 percent believe their teams have developed skills to address future threats.

Many CISOs are faced with an overwhelming scale of security alerts, according to ServiceNow. To manage alert overload, CISOs should automatically prioritize security alerts based on their potential impact, ServiceNow recommended.

In addition, communication often remains a barrier to effective security, ServiceNow indicated. To overcome this problem, CISOs must foster relationships between security and other functions, ServiceNow said, to ensure various departments can work together to identify and minimize risk.

A shortage of cybersecurity professionals continues to plague CISOs as well, ServiceNow pointed out. Fortunately, MSSPs are available to help CISOs automate their security and deliver optimal protection against a wide range of cyber threats.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.