Application security, Cybersecurity Asset Management, Careers, Compliance, Leadership, Privacy

10 Years Later… 15 Priorities, 8 Weeks, & 7 Steps – BSW #229

This Week, In the Leadership and Communications section:10 years later, software really did eat the world, CISOs’ 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more!

Full episode and show notes

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
  1. 1. 10 years later, software really did eat the world - Ten years after the publication of the oft-quoted Marc Andreessen op-ed "Why software is eating the world," lines of code are still revamping industry dynamics and generating fresh revenue streams. Disruption has even accelerated given wider cloud adoption and the influence of AI.
  2. 2. Cyber security and crossword puzzles, problem solving for professionals - In the intense and fast-moving world of cyber security, problem solving capabilities are key. New trends and new organizational conundrums crop up on a daily basis, meaning that businesses need to be able to innovate on the fly and launch new cyber security campaigns quickly. As the CISO of Delta Airlines says, “To excel in this field, you have to be a good problem solver, not necessarily a strong programmer.”
  3. 3. Let Your Top Performers Move Around the Company - As a manager, it’s human nature to want to hang on to the superstars in your group, department, or division. But ultimately, that’s detrimental to the organization and to the individuals involved. Multiple studies on talent mobility show that actively moving employees into different roles is one of the most underutilized, yet most effective, development and cultural enhancement techniques in companies today. In fact, research has shown that high-performance organizations are twice as likely to emphasize talent mobility versus low-performance companies. Building a culture of mobility is a trait of very healthy organizations, and the benefits are clear. Cross-functional collaboration increases, departmental cooperation is enhanced, innovation improves, and companies begin working more as one cohesive team instead of separate fiefdoms.
  4. 4. CISOs’ 15 top strategic priorities for 2021 - According to CISOs, analysts and security leaders, the typical CISO priority list today has many or most of these 15 items: 1. A focus on fundamentals 2. Identifying, mitigating third-party risk 3. Assuring security within enterprise code 4. Defending against ransomware attacks 5. Getting board-level support 6. Support for transformation and strategic goals 7. Increasing agility 8. Upskilling teams 9. Addressing IoT security 10. Security by design 11. More automation 12. Strengthening remote work security 13. Securing the cloud 14. Keeping up with emerging, evolving privacy laws 15. Building continuity plans to account for global events
  5. 5. CISA Release Guidelines to Prevent Ransomware Attacks - The Cybersecurity and Infrastructure Security Agency (CISA) recently released a security fact sheet to safeguard critical corporate data from various exfiltration attempts. The fact sheet helps individuals and organizations understand the severity of the ransomware threat landscape and how to defend against it. CISA highly recommended businesses to adopt the guidelines, which include: - Maintaining offline, encrypted backups of data and regularly testing backups - Creating, maintaining, and exercising a basic cyber incident response plan, resiliency plan, and associated communications plan - Mitigating internet-facing vulnerabilities and misconfigurations to reduce the risk of hackers exploiting this attack surface - Employing best practices for the use of Remote Desktop Protocol (RDP) and other remote desktop services - Conducting regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices - Updating software, including operating systems, applications, and firmware, regularly - Disabling or blocking inbound and outbound Server Message Block (SMB) Protocol and remove or disable outdated versions of SMB - Reducing the risk of phishing emails from reaching end users by enabling strong spam filters and implementing a cybersecurity user awareness and training program
  6. 6. 7 steps to protect against ransomware-related lawsuits - How a CISO prepares for and responds to a ransomware attack can have huge consequences should customers or partners decide to sue. Here are seven actions CISOs can take to protect their enterprise against ransomware-related legal actions. 1. Assess the risk 2. Adopt ransomware prevention best practices 3. Build a recovery plan 4. Practice good security hygiene 5. Encourage top-down management support 6. Support transparency 7. Consider insurance coverage
  7. 7. How to Build Rock-Solid Self-Esteem in 8 Weeks (or less!) - Building self-esteem takes time, so don’t be hard on yourself about getting it all done fast. Let’s take it week by week. Follow this framework, and you’ll be on your way to a lifetime of high self-esteem: Week 1: Do a Social Media Cleanse Week 2: Cut Out Toxic Friends Week 3: Clean Your Environment Week 4: Create Micro Wins Week 5: Develop Your Mission Statement Week 6: Do Something Uncomfortable Week 7: Build Your Social System Week 8: Quit Negative Self-Talk Read more at: https://www.scienceofpeople.com/self-esteem/
Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
prestitial ad