Cybersecurity Failure, Reboot Security Strategy, & Solving the Skills Gap – BSW #203
In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!
The 16th edition of the World Economic Forum’s (WEF) Global Risk Report was released on Tuesday, and many of the risks/threats contained are unsurprising. However, among these risks we are also facing cybersecurity failure, which is ranked 4th in the ‘clear and present danger’ section. What may not come as a surprise is that not enough people realize the significance of cybersecurity, and how to properly protect their information. This leaves individuals, as well as enterprises vulnerable to cyber-attacks.
Building security into the software development life cycle creates more visibility, but CISOs still need to stay on top of any serious threats on the horizon, even if they are largely unknown, including:
1. Cultural Divisions = More Risk
2. Digital Transformation Needs Scalability and Continuity
3. The Present and Beyond
CISOs talk about how they identify when they need a new security strategy and the process of developing it and selling the reboot to stakeholders:
1. Indicators of an ineffective security strategy
2. Align security strategy with risk
3. Security reboot planning and preparation
4. Selling a security reboot to stakeholders
As a leader, the more effectively you can self-regulate, the better you can lead and help others. Based on our experience, we’ve developed a five-step framework to help people make this shift:
Step 1– Understanding
Step 2– Awareness
Step 3 – Recall
Step 4 – Intention
Step 5 – Trust the process
Despite the best efforts by colleges and universities, students today are simply not learning modern skills. Surprisingly, relatively few colleges offer undergraduate or graduate cybersecurity degrees that ensure graduates have the skills that will make them successful.
Here’s A five-point plan for developing a 21st-century solution to our cybersecurity skills shortfall:
1. Build New Alliances
2. Overhaul Cyber-Education Approaches
3. Adopt an Apprenticeship Model
4. Incentivize New Skills Training
5. Market Cyber Career Paths Downstream
We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend.
So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays a...
Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more!
This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into specializations for areas like cloud security and bug bount...