Bsw185

From Security Weekly Wiki
Jump to navigationJump to search

Business Security Weekly Episode #185 - August 24, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Employees Resist New Tech, Safer Cloud, & Lowest Data Breaches in 5 Years - 03:00 PM-03:30 PM


Announcements

  • Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed… How To Effectively Prioritize & Remediate Vulnerabilities! Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network on September 10th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

In the Leadership and Communications section, Why Do Your Employees Resist New Tech?, Who’s Responsible for a Safer Cloud?, Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years, and more!


Hosts

Jason Albuquerque's Content:

Articles

Matt Alderman's Content:

Articles

  • Cybersecurity new normal needs change in process, CISOs say - As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal.
  • Should State and Local Governments Obtain Cybersecurity Maturity Model Certification? - The Cybersecurity Maturity Model Certification (CMMC) is a certification and compliance process developed by the Department of Defense (DoD). But how can it help state and local governments?
  • Why Do Your Employees Resist New Tech? - While the use and application of technology has become near ubiquitous around the world, the actual adoption of new and emerging technologies across most organizations continues to be less than optimal. Here are five key levers to help business leaders create a culture that will help drive better, more effective tech adoption:
    • Incentivize technology use
    • Invest in the infrastructure
    • Make re-skilling and learning part of the plan
    • Don’t make it piecemeal
    • Understand how governments and policy are involved
  • Who’s Responsible for a Safer Cloud? - With so much reliance on multiple cloud providers and solutions, from diverse locations and sources, protecting and securing the cloud has gotten much more complex, and in some cases even misunderstood. Here's a plan for a safer cloud:
    • Develop a comprehensive plan
    • Understand your compliance requirements
    • Know your risk tolerance
    • Design and implement technology controls
    • Develop a continuous monitoring program
  • The cybersecurity skills shortage is getting worse - New research from ESG and ISSA illustrates a lack of advancement in bridging the cybersecurity skill shortage gap. Here are some key findings:
    • 70% of cybersecurity professionals claim that their organization is impacted by the cybersecurity skills shortage.
    • The primary ramifications of the skills shortage include an increasing workload on the existing cybersecurity staff, long-standing open jobs, an increase in hiring and training junior personnel, and an inability to learn or utilize security technologies to their full potential.
    • Skills shortages are most acute among application security specialists, cloud security specialists, and security analysts.
    • Only 7% of cybersecurity professionals claim that their organization has improved its position relative to the cybersecurity skills shortage over the past few years. Alternatively, 45% say that things have gotten worse while 48% believe things are about the same today as they were in the past.
    • When asked if their organizations were taking the necessary actions to address the impact of the cybersecurity skills shortage, 58% of cybersecurity pros believe their organization should be doing somewhat or much more.
  • Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years - Research from Risk Based Security highlighted that the number of publicly reported data breaches declined in the last five years, while the number of records exposed increased four-times more than any previously reported incident in the first six months of 2020. Here are the key highlights:
    • The number of payment card details exposed in the first six months of 2020 surpassed 90 million records. Despite this, there were even more Social Security / national identity numbers, financial account numbers, and dates of birth exposed during this period.
    • Four economic sectors (Information, Health Care, Finance & Insurance, and Public Administration) accounted for more than half (52.5%) of reported breaches.
    • The information sector accounted for 14.5% of reported breaches, with software providers, hosting, and other online services accounting for 86.5% of the information sector breaches.
    • The health care sector nearly matched the information sector, accounting for 14.3% of the reported breaches.

Paul Asadoorian's Content:

Articles

2. Disrupting Traditional Security Research & Advisory - 03:30 PM-04:00 PM


Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Ed Amoroso spent over 30 years with AT&T and was frustrated with the security research and advisory firms. We all have our stories, but Ed decided to do something about it. He created TAG Cyber to democratize world-class cyber security research and advisory services.


Vendors by Cyber Security Controls: https://www.tag-cyber.com/vendors/controls


Guest(s)

Edward Amoroso

Dr. Ed Amoroso is currently Chief Executive Officer of TAG Cyber LLC, a global cyber security advisory, training, consulting, and media services company supporting hundreds of companies across the world. Ed recently retired from AT&T after thirty-one years of service, beginning in Unix security R&D at Bell Labs and culminating as Senior Vice President and Chief Security Officer of AT&T from 2004 to 2016.


Hosts