Bsw187

From Security Weekly Wiki
Jump to navigationJump to search

Business Security Weekly Episode #187 - September 14, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Cracks in the Foundation: Understanding the New Endpoint Challenge - 03:00 PM-03:30 PM


Visit https://securityweekly.com/eclypsium for more information!


Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Cyber adversaries have mastered the art of staying one step ahead of our controls. As endpoint protections grow stronger, attackers have adapted by going further down the stack - targeting firmware, hardware and device-level vulnerabilities. Eclypsium’s John Loucaides discusses recent exploits, and the steps business security leaders should be taking to protect the foundations of the enterprise.

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them!



Guest(s)

John Loucaides

John Loucaides is the VP of Research and Development at Eclypsium, the comprehensive cloud-based device security platform that protects enterprise devices all the way down to the firmware and hardware level. Headquartered in Portland, Oregon, the company was named to Fast Company’s annual list of the World’s Most innovative Security Companies for 2020, the CNBC Upstart 100 list, and Gartner's Cool Vendor list for Security Operations and Threat Intelligence. John has extensive history in hardware and firmware threats from experience at Intel Corporation and the United States government. At Intel he served as the Director of Advanced Threat Research, Platform Armoring and Resiliency, PSIRT, and was a CHIPSEC maintainer. Prior to this, he was Technical Team Lead for Specialized Platforms for the federal government.


Hosts

2. Cyber Risks, C-Suite Supporting CISOs, & Cybersecurity Spending - 03:30 PM-04:00 PM


Announcements

  • BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! You can get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!

Description

In the Leadership and Communications section, we're playing 3 questions - Does Your Board Really Understand Your Cyber Risks?, How can the C-suite support CISOs in improving cybersecurity?, Think You're Spending Enough on Security?, and more!


Hosts

Jason Albuquerque's Content:

Articles

Matt Alderman's Content:

Articles

  • Does Your Board Really Understand Your Cyber Risks? - Over the past decade, business leaders have had to face an uncomfortable truth: It’s become impossible to sit at the head of a company and not address the threat of cyber risk. But where do you start? Here are the basic building blocks:
    • Define your risk appetite
    • Focus on outcomes
    • Establish a culture of cybersecurity and resilience
  • Why Companies Need CISOs and CIOs as Board Members - Diversity not only includes gender and racial diversity, but also diversity of thought. Technology expertise is especially lacking at the board level. In fact, a new report (PDF) finds that in 2019, approximately 70% of new independent directors came from CEO, operating or senior finance experience, with no mention of technology experience representation. As the discussion on risk and security is heightened and becomes more complex, organizations must look towards a future that includes technology experts on their boards.
  • 10 value-adds that CISOs can deliver - Savvy security chiefs are generating returns for their organizations beyond enabling secure business operations. Here's how they do it:
    • Bring better order to organizational data
    • Identify policy and procedural lapses
    • Spot superfluous spending
    • Lend skills to IP protection
    • Make security a selling point
    • Build Bridges
    • Help out partners
    • Find, promote opportunities for standardization
    • Shape strategic plans
    • Streamline regulatory controls
  • How can the C-suite support CISOs in improving cybersecurity? - Here are three recommendations:
    • Improving security with culture
    • Encouraging cyber-secure practices from the top
    • Think security-first
  • Think You're Spending Enough on Security? - While the amount will vary from organization to organization, here are three ways for everyone to evaluate whether they're allocating the right amount of money and resources.:
    • Hack Yourself Secure
    • Follow a Framework
    • How Much Do You Stand to Lose?
  • “Psychology of Human Error” Could Help Businesses Prevent Security Breaches - A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that nine in 10 (88%) data breach incidents are caused by employees’ mistakes. The study “Psychology of Human Error” highlighted that employees are unwilling to admit to their mistakes if organizations judge them severely. Here are a few other finding:
    • Younger employees are five times more likely to admit to errors, while 50% of employees aged between 18-30 years stated they have made mistakes compared to 10% of workers aged over 51
    • Older employees are less vulnerable to phishing scams
    • Nearly 45% of respondents cited distraction as the top reason for falling for a phishing scam
    • 57% of remote workers admit they are more distracted when working from home

Paul Asadoorian's Content:

Articles