Improve Your Leadership, Rekindling Community, and Cybersecurity Spending Strategies – BSW #275
In the leadership and communications section, 7 Uniquely Personal Bits of Wisdom To Improve Your Leadership, 4 key areas cybersecurity leaders should focus on, Cybersecurity spending strategies in uncertain economic times, and more!
Security Weekly listeners save 20% on InfoSec World 2022 passes! InfoSec World will be held September 27th through the 29th at Disney's Coronado Springs Resort in Lake Buena Vista, Florida. Visit securityweekly.com/isw and use the code ISW22-SECWEEK20 to secure your spot now!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
- 1. 7 Uniquely Personal Bits of Wisdom To Improve Your LeadershipHere they are. #1. “Whatever you are doing, do it like you mean it.” #2. “Write a letter and get that mustard!” #3. “Eat spaghetti with a fork.” #4. “Guuuuuuiiiiiiide!” #5. “Get out of your people’s way.” #6. “In 90 years I’ve only met two people that truly couldn’t wait to go to work every day.” #7. “Thank you for being nice to me 27 years ago.”
- 2. 4 key areas cybersecurity leaders should focus onHere are four critical areas every chief information security officer (CISO) should invest in now to help set their team up for success: 1. Security Staff Training 2. Providing Visibility 3. Keeping up-to-Date With Security Technology 4. Prioritizing Remediation Effectively
- 3. Lloyd’s of London to exclude state-backed attacks from cyber insurance policiesMoving forward, all standalone cyberattack policies falling within risk codes “CY” and “CZ” must include a suitable clause excluding liability for losses arising from any state-backed cyberattack in accordance with the requirements set out below, Lloyd’s stated. At a minimum, the state-backed cyberattack exclusion must: - Exclude losses arising from a war (whether declared or not), where the policy does not have a separate war exclusion. - (Subject to 3) exclude losses arising from state-backed cyberattacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state. - Be clear as to whether cover excludes computer systems that are located outside any state which is affected in the manner outlined in 2(a) and (b) above, by the state-backed cyberattack. - Set out a robust basis by which the parties agree on how any state-backed cyberattack will be attributed to one or more states. - Ensure all key terms are clearly defined.
- 4. Rekindling a Sense of Community at WorkDuring the pandemic, many of us became more isolated than before. Community, which the authors define as a group of individuals who share a mutual concern for one another’s welfare, has proven challenging to cultivate, especially for those working virtually. To learn more, they conducted a survey with the Conference of Women in which they asked nearly 1,500 participants about their sense of community at work before and since the pandemic and found it has declined 37%. When people had a sense of community at work, they found that they were 58% more likely to thrive at work, 55% more engaged, and 66% more likely to stay with their organization. They experienced significantly less stress and were far more likely to thrive outside of work, too. People can create community in many ways, and preferences may differ depending on their backgrounds and interests. The authors present several ways companies have successfully built a sense of community at work that leaders can consider emulating at their own organizations.
- 5. Cybersecurity spending strategies in uncertain economic timesWhen most companies developed their cyber program, there was a strong emphasis on tools that could help the security team manage its environment. During economic uncertainty, it is a good time to review those tools and apply a total cost of ownership model by considering the following questions: - What was the initial cost of the tool? - What was the cost to install or implement the tool in your environment? - What is the operating cost of the tool? - What are the maintenance costs of the tool? - Is the tool meeting expectations and mitigating the appropriate risk?
- 6. How 2023 cybersecurity budget allocations are shaping upSecurity spending is not expected to slow much next year as organizations look to improve cloud defenses, rely more on MSSPs.