Cybersecurity Failure, Reboot Security Strategy, & Solving the Skills Gap – BSW #203
In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
The 16th edition of the World Economic Forum’s (WEF) Global Risk Report was released on Tuesday, and many of the risks/threats contained are unsurprising. However, among these risks we are also facing cybersecurity failure, which is ranked 4th in the ‘clear and present danger’ section. What may not come as a surprise is that not enough people realize the significance of cybersecurity, and how to properly protect their information. This leaves individuals, as well as enterprises vulnerable to cyber-attacks.
Building security into the software development life cycle creates more visibility, but CISOs still need to stay on top of any serious threats on the horizon, even if they are largely unknown, including:
1. Cultural Divisions = More Risk
2. Digital Transformation Needs Scalability and Continuity
3. The Present and Beyond
CISOs talk about how they identify when they need a new security strategy and the process of developing it and selling the reboot to stakeholders:
1. Indicators of an ineffective security strategy
2. Align security strategy with risk
3. Security reboot planning and preparation
4. Selling a security reboot to stakeholders
As a leader, the more effectively you can self-regulate, the better you can lead and help others. Based on our experience, we’ve developed a five-step framework to help people make this shift:
Step 1– Understanding
Step 2– Awareness
Step 3 – Recall
Step 4 – Intention
Step 5 – Trust the process
Despite the best efforts by colleges and universities, students today are simply not learning modern skills. Surprisingly, relatively few colleges offer undergraduate or graduate cybersecurity degrees that ensure graduates have the skills that will make them successful.
Here’s A five-point plan for developing a 21st-century solution to our cybersecurity skills shortfall:
1. Build New Alliances
2. Overhaul Cyber-Education Approaches
3. Adopt an Apprenticeship Model
4. Incentivize New Skills Training
5. Market Cyber Career Paths Downstream
Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022
Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust