Top Cybersecurity Statistics/Trends/Facts, Zero Trust, & Hiring Strategies – BSW #235

Announcements

• InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

• In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

Hosts

Matt Alderman

VP, Product at Living Security

1. 1. Top cybersecurity statistics, trends, and facts
   Survey data from the past year paints a picture for what your threat landscape will potentially look like in the coming months, including: - Phishing - Botnets - Cloud Security - Open-source and trhird party risks - Cyber Fraud - DDoS - Ransomware - Defensive preparation and response - Cybersecurity hiring/staffing
2. 2. What’s Next for the Federal Government and Zero Trust?
   OMB’s draft memo on zero trust instructs agencies to achieve specific cybersecurity goals by the end of fiscal year 2024. The memo says agencies are required to make progress in the following five areas: 1. Identity 2.Devices 3. Networks 4. Applications 5. Data
3. 3. 5 steps toward real zero trust security
   Looking to advance in your zero trust journey? These steps will keep your strategy on track: 1. Know what zero trust really means 2. Identify what you want to protect 3. Design the network from the inside out 4. Log all traffic 5. Commit to the long run, but take those first steps
4. 4. 4 Cybersecurity Strategies for Small and Midsize Businesses
   Small and midsize businesses aren’t immune to cyber threats. They must research and prepare for attacks just as large enterprises would. Unfortunately, smaller companies typically have fewer resources and less talent available to help fortify against attacks. They should employ the following strategies for how to effectively respond: 1. Monitor and Target 2. Always Expect a Breach 3. Create a Culture of Security 4. Scrutinize Your Supply Chain
5. 5. Seven strategies for building a great security team
   The dangers of a dysfunctional security team are easy to imagine, ranging from difficulty attracting and retaining talent to putting your organization at risk. These seven steps can make a world of difference: 1. Accelerate career advancement 2. Create a supporting cast 3. Create teams that better reflect the overall population 4. Hire for, and cultivate, nontechnical skills 5. Build strong, resilient team players 6. Show your team the mission 7. Let your team members know what’s in it for them
6. 6. 3 Strategies to Rethink Hiring Cybersecurity Talent
   Despite the ever-growing need to secure the public sector, hiring and retaining cyber professionals in state and local government has never been harder. Here are three tactics that may help: 1. Redesign your hiring practices and pay scale for cybersecurity professionals 2. Change what you are looking for and develop talent in house 3. Partner more with the private sector
7. 7. How to survive and thrive in a meeting
   How much will it cost if you take the hourly rate of everyone multiply by the length of the meeting? Make sure the meeting takes up the right amount in our working lives, no less-no more, but following these tips: 1. Guard against your time 2. Outline the outcome upfront 3. Be cautious with your time 4. All-in or leave 5. Size matters 6. The recurring is laziness 7. Deliberately join the meeting

Ben Carr

Independent Consultant & CISO

Lee Neely

Information Assurance APL at Lawrence Livermore National Laboratory