Business Security Weekly #228
1. Ransomware Trends 2021 – Fleming Shi – BSW #228
Ransomware attacks have surged in 2021, with the number of attacks increasing dramatically and ransom amounts continuing to skyrocket. Cybercriminals are also expanding their targets, shifting their focus to our critical infrastructure and evolving into deep-rooted software supply chain attack campaigns, which can cause long-lasting devastation.
In the past 12 months, Barracuda researchers have identified and analyzed 121 ransomware incidents, a 64% increase in attacks, year over year. Cybercriminals are still heavily targeting municipalities, health care, and education, but attacks on other businesses are surging.
This segment is sponsored by Barracuda Networks.
Visit https://securityweekly.com/barracuda to learn more about them!
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
Fleming joined Barracuda in 2004 as the founding engineer for the company’s web security product offerings, helping to create the first version of Barracuda’s message archiving product and paving the way for expansion into new content security product areas. As Chief Technology Officer, Fleming leads the company’s threat research and innovation engineering teams in building future technology platforms to deliver continued success in our security and data protection products. He has more than 20 patents granted or pending in network and content security.
2. 7 Tips, 5 Simple Tips, & 3 Strategies for CISOs – BSW #228
This week, in the Leadership and Communications section, 7 tips for better CISO-CFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Digital Supply Chain, and more!
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. Real IT leadership: Selling the transformative dreamIt's one thing to cook up a great new initiative, but making it happen requires powers of persuasion, solid partnerships, and access to genuine technical insight.
- 2. 7 tips for better CISO-CFO relationshipsA successful CISO/CFO relationship will help ensure an organization has the right resources for its risk profile. Here are some best practices for CISOs when working with the CFO in their organization: 1. Speak the CFO’s language 2. Leverage data-rich economic models to quantify risk 3. Communicate on a regular basis 4. Invest in your own financial literacy 5. Understand the budget process 6. Don’t neglect planning 7. Separate subjective and objective analysis
- 3. 3 Strategies to Secure Your Digital Supply ChainToday, most software products rely on thousands of prewritten packages produced by vendors or drawn from open source libraries. The most commonly used of these third-party software supply chain components are highly prized targets for cyber criminals. If attackers were to infiltrate them, they could compromise thousands or even millions of companies across industries and around the world. The good news is that firms don’t have to feel helpless; they can rely on others outside the firm to unearth vulnerabilities. Corporate leaders and IT teams can take three steps to prioritize and remediate vulnerabilities and forestall supply chain cyberattacks: 1. IT managers should rely more on automated tools to fix simple vulnerabilities 2. Businesses should conduct cost-benefit analysis for vulnerability patching 3. Procurers should demand that critical technology vendors implement “hot patching”
- 4. 5 Simple Tips to Help You Write a Powerful Email That Gets ReadFollow these tips to help you compose an effective email: 1. Pay Attention to the Subject Line 2. Don’t Forget About Formatting 3. Make Your First Sentence Count 4. Keep Your Email Short 5. Your Email Should Have Only One Call to Action
- 5. The Endless Digital WorkdayThe shift to remote work ended the traditional 9–5 workday: employees work in bursts, at night, between caregiving tasks, and whenever they can find time between the endless distractions of messages, calls, and emails. New research, however, shows that for many teams, this means people are quite literally working at all hours of the day, which also means that they’re almost never all working at the same time. Is this bad though? Researchers found that it depends on the task. For some tasks, being on at the same time improved productivity; for others, the distractions created by coworkers made it harder to finish the tasks, and productivity went up in what used to be considered off hours. Importantly, employees proved to be good judges of how to manage their time to be most productive. There are still lessons for managers. As a first step, write a team charter to establish norms and expectations, which should include specific times when the majority of the team is on together. That said, don’t force overlap or micromanage people. Finally, make it okay for people to be offline.
- 6. Cyber professionals need regular training, and a pay raiseYou can’t have solid cybersecurity without the right people. You’ve heard that before. Organizations need people with the right skills and they need to pay them commensurate with that skill. Yet, the skills shortage continues driven, according to one new study, by low pay.
- 7. These are the Top 4 Cybersecurity Skills In-demand in 2021Cybersecurity is one of the fastest-growing sectors and cybersecurity skills are in demand across verticals. Let’s learn about the top four in-demand cybersecurity skills in 2021: 1. Application development security 2. Cloud security 3. Risk management 4. Threat intelligence