Business Security Weekly #227
1. The 3 Mistakes All First Time CISOs Make That No One Tells You – Jim Routh – BSW #227
Listen in for a discussion with Jim Routh, former CISO at Aetna, CVS Healthcare, and Mass Mutual, to discuss the 3 mistakes all first time CISOs make. Jim will share the lessons he learned throughout his career and how CISOs can avoid these 3 mistakes, including:
1. Setting Expectations
2. Hiring Talent
3. Retaining Employess
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
SC Media debuts its all-new SC digital experience, fully integrated with Security Weekly podcast content and more. The new site increases the scope and scale of original content resources from editorial staff, contributors, and the far-reaching CyberRisk Alliance network. Visit www.scmagazine.com to check out the new look!
Jim Routh is currently on the Boards of Supply Wisdom, GrammaTech, Savvy, Accountable Digital Identity Association and the Global Resiliency Federation. He is the former Board Chair for the Health Information Sharing & Analysis Center (H-ISAC) where he served for five years and former Board member for the Financial Services Information Sharing & Analysis Center (FS-ISAC). Jim is a former CSO/CISO for American Express, DTCC, KPMG, Aetna, CVS and MassMutual. Jim brings to the boards a vast business and technology background and is considered a digital and cyber security industry expert and thought leader. He has prepared and delivered several customized education sessions to Board members for the National Association of Corporate Directors (NACD) based on leading cyber security practices. Jim is currently an advisor for Transmit Security, Wiz, Devo, Netskope, Armis, Virsec, Securiti, Gurucul, Data Theorem, Cleer Security, Picnic, Saviynt, Legit Security, Reveal Security, and Graphite Health. He serves in an advisory capacity and investor for cyber specific venture funds including: Syn Ventures, CyberStarts, Security Leadership Capital, Ballistic Ventures and Rain Capital. Jim is an ICIT Fellow and an Adjunct Faculty member where he teaches cybersecurity for the NYU Tandon School of Engineering.
2. New Fines Making Business Case for Security, & Improving Security as a Team – BSW #227
In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company’s products?, and more!
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. A Chief Executive Officer’s Guide to CybersecurityThe CEO should make sure a risk management committee is constituted at the board level where IT and information security threats, risks, and mitigation plans can be discussed.
- 2. Zoom Settlement: An $85M Business Case for Security InvestmentRansomware isn’t the only way lax security can cost a business eight figures in damage. Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. More importantly, Zoom’s journey is an object lesson showing that cybersecurity matters to the bottom line.
- 3. Amazon GDPR fine signals expansion of regulatory focusAmazon's $887 million GDPR fine likely stems from consumer consent and may indicate the EU is moving beyond data breaches and zeroing in on data practices.
- 4. CISOs: Do you know what’s in your company’s products?CISOs need to take a more direct role in the operations side of the business to help build security in by design. When product design takes place, and third-party firmware or software is identified to be a part of the product, who conducts the security review? The vendor, the CISO’s team or operations? All of the above.
- 5. Organizations Still Struggle to Hire & Retain Infosec Employees: ReportIs the cybersecurity skills shortage overstated? No, according to a recent survey of Information Systems Security Association (ISSA) members. The majority of respondents report the skills shortage is a significant problem that is hurting organizations. ISSA, along with industry analyst firm Enterprise Strategy Group (ESG), surveyed 489 cybersecurity professionals and found 57% of organizations have been affected by the skills shortage. Most (95% of) respondents think the cybersecurity skills shortage and its associated effects have not improved over the past few years, and 44% say the problem has gotten worse. Only 5% say the shortage has improved.
- 6. Improving Cybersecurity as a TeamUsing trusted sources, such as the CIS Controls and CIS Benchmarks from the Center for Internet Security, can help get your team on board with assessing: - the current state of your organization's cybersecurity - how you stack up with other frameworks you may need to comply with - how to monitor everything over time