New Fines Making Business Case for Security, & Improving Security as a Team – BSW #227
In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company’s products?, and more!
Announcements
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
- 1. A Chief Executive Officer’s Guide to CybersecurityThe CEO should make sure a risk management committee is constituted at the board level where IT and information security threats, risks, and mitigation plans can be discussed.
- 2. Zoom Settlement: An $85M Business Case for Security InvestmentRansomware isn’t the only way lax security can cost a business eight figures in damage. Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. More importantly, Zoom’s journey is an object lesson showing that cybersecurity matters to the bottom line.
- 3. Amazon GDPR fine signals expansion of regulatory focusAmazon's $887 million GDPR fine likely stems from consumer consent and may indicate the EU is moving beyond data breaches and zeroing in on data practices.
- 4. CISOs: Do you know what’s in your company’s products?CISOs need to take a more direct role in the operations side of the business to help build security in by design. When product design takes place, and third-party firmware or software is identified to be a part of the product, who conducts the security review? The vendor, the CISO’s team or operations? All of the above.
- 5. Organizations Still Struggle to Hire & Retain Infosec Employees: ReportIs the cybersecurity skills shortage overstated? No, according to a recent survey of Information Systems Security Association (ISSA) members. The majority of respondents report the skills shortage is a significant problem that is hurting organizations. ISSA, along with industry analyst firm Enterprise Strategy Group (ESG), surveyed 489 cybersecurity professionals and found 57% of organizations have been affected by the skills shortage. Most (95% of) respondents think the cybersecurity skills shortage and its associated effects have not improved over the past few years, and 44% say the problem has gotten worse. Only 5% say the shortage has improved.
- 6. Improving Cybersecurity as a TeamUsing trusted sources, such as the CIS Controls and CIS Benchmarks from the Center for Internet Security, can help get your team on board with assessing: - the current state of your organization's cybersecurity - how you stack up with other frameworks you may need to comply with - how to monitor everything over time
