From Security Weekly Wiki
Jump to navigationJump to search


  • Does Your Board Really Understand Your Cyber Risks? - Over the past decade, business leaders have had to face an uncomfortable truth: It’s become impossible to sit at the head of a company and not address the threat of cyber risk. But where do you start? Here are the basic building blocks:
    • Define your risk appetite
    • Focus on outcomes
    • Establish a culture of cybersecurity and resilience
  • Why Companies Need CISOs and CIOs as Board Members - Diversity not only includes gender and racial diversity, but also diversity of thought. Technology expertise is especially lacking at the board level. In fact, a new report (PDF) finds that in 2019, approximately 70% of new independent directors came from CEO, operating or senior finance experience, with no mention of technology experience representation. As the discussion on risk and security is heightened and becomes more complex, organizations must look towards a future that includes technology experts on their boards.
  • 10 value-adds that CISOs can deliver - Savvy security chiefs are generating returns for their organizations beyond enabling secure business operations. Here's how they do it:
    • Bring better order to organizational data
    • Identify policy and procedural lapses
    • Spot superfluous spending
    • Lend skills to IP protection
    • Make security a selling point
    • Build Bridges
    • Help out partners
    • Find, promote opportunities for standardization
    • Shape strategic plans
    • Streamline regulatory controls
  • How can the C-suite support CISOs in improving cybersecurity? - Here are three recommendations:
    • Improving security with culture
    • Encouraging cyber-secure practices from the top
    • Think security-first
  • Think You're Spending Enough on Security? - While the amount will vary from organization to organization, here are three ways for everyone to evaluate whether they're allocating the right amount of money and resources.:
    • Hack Yourself Secure
    • Follow a Framework
    • How Much Do You Stand to Lose?
  • “Psychology of Human Error” Could Help Businesses Prevent Security Breaches - A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that nine in 10 (88%) data breach incidents are caused by employees’ mistakes. The study “Psychology of Human Error” highlighted that employees are unwilling to admit to their mistakes if organizations judge them severely. Here are a few other finding:
    • Younger employees are five times more likely to admit to errors, while 50% of employees aged between 18-30 years stated they have made mistakes compared to 10% of workers aged over 51
    • Older employees are less vulnerable to phishing scams
    • Nearly 45% of respondents cited distraction as the top reason for falling for a phishing scam
    • 57% of remote workers admit they are more distracted when working from home