bsw203

Business Security Weekly Episode #203 – January 25, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Everyone missed SUNBURST… or did they? – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/extrahop for more information!

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn’t say either way with confidence. And then came the question, “why didn’t anyone catch this?” ExtraHop’s Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise.

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Guest(s)

Matt Cauthorn

Matt Cauthorn –

VP Sales Engineering at ExtraHop

Matt Cauthorn is responsible for all security implementations and leads a team of technical security engineers who work directly with customers and prospects. A passionate technologist and evangelist, Matt is often on site with customers working to solve the complex and mission-critical business problems that Fortune 1,000 and global 2,000 companies face. After years spent helping customers tap into the value offered by network-based analytics, Matt has been able to bring fresh thinking to security threat detection. Prior to ExtraHop, Matt was a Sales Engineering Manager at F5 and before that he started his career in the trenches as a practitioner where he oversaw application hosting, infrastructure, and security for five international data centers.

Hosts

JasonAlbuquerque

Jason Albuquerque –

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman –

Executive Director at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

2. Cybersecurity Failure, Reboot Security Strategy, & Solving the Skills Gap – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Next Thurs, Feb 4th @ 11am ET, in our first technical training of 2021, you’ll Learn How to Manage Insider Risks in the Work-from-Anywhere World! Register at https://securityweekly.com/webcasts. If you missed any of our 2020 webcasts or technical trainings, they are available at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!

Hosts

JasonAlbuquerque

Jason Albuquerque –

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman –

Executive Director at CyberRisk Alliance

  1. Cybersecurity Failure among Highest Risks, warns World Economic Forum – The 16th edition of the World Economic Forum’s (WEF) Global Risk Report was released on Tuesday, and many of the risks/threats contained are unsurprising. However, among these risks we are also facing cybersecurity failure, which is ranked 4th in the ‘clear and present danger’ section. What may not come as a surprise is that not enough people realize the significance of cybersecurity, and how to properly protect their information. This leaves individuals, as well as enterprises vulnerable to cyber-attacks.
  2. The Most Pressing Concerns Facing CISOs Today – Building security into the software development life cycle creates more visibility, but CISOs still need to stay on top of any serious threats on the horizon, even if they are largely unknown, including:

    1. Cultural Divisions = More Risk
    2. Digital Transformation Needs Scalability and Continuity
    3. The Present and Beyond

  3. How to reboot a broken or outdated security strategy – CISOs talk about how they identify when they need a new security strategy and the process of developing it and selling the reboot to stakeholders:

    1. Indicators of an ineffective security strategy
    2. Align security strategy with risk
    3. Security reboot planning and preparation
    4. Selling a security reboot to stakeholders

  4. How to Keep Your Cool in High-Stress Situations – As a leader, the more effectively you can self-regulate, the better you can lead and help others. Based on our experience, we’ve developed a five-step framework to help people make this shift:

    Step 1– Understanding
    Step 2– Awareness
    Step 3 – Recall
    Step 4 – Intention
    Step 5 – Trust the process

  5. Data privacy law is coming, big tech privacy officers say – At the digital CES 2021 event, privacy leaders at Google, Twitter and Amazon said the time is right for a data privacy law. Finally!
  6. A 21st Century Solution to Our Cybersecurity Skills Shortfall – Despite the best efforts by colleges and universities, students today are simply not learning modern skills. Surprisingly, relatively few colleges offer undergraduate or graduate cybersecurity degrees that ensure graduates have the skills that will make them successful.

    Here’s A five-point plan for developing a 21st-century solution to our cybersecurity skills shortfall:

    1. Build New Alliances
    2. Overhaul Cyber-Education Approaches
    3. Adopt an Apprenticeship Model
    4. Incentivize New Skills Training
    5. Market Cyber Career Paths Downstream

PaulAsadoorian

Paul Asadoorian –

Founder/CIO at Security Weekly/CyberRisk Alliance