bsw210

Business Security Weekly Episode #210 – March 22, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Medical Device Secure Development Lifecycle – 03:00 PM-03:30 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for modern ransomware attacks! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

How to incorporate security into your existing medical device development process, What artifacts need to be created, & Security activities that are new.

Guest(s)

Christopher Gates

Christopher Gates – Director of Product Security at Velentium

Christopher is Velentium’s Director of Product Security, overseeing the company’s Cybersecurity division. Christopher has worked for over 40 years developing medical devices, the last 12 of which have been dedicated to device cybersecurity.

Christopher describes himself as a prophet who evangelizes the benefits of a secure development lifecycle, not only to increase a device’s security but also to ease the burden of the developer and ensure the high-quality outcome of the product itself. Christopher is on a five year mission to raise the level of cybersecurity in the medical device industry, this started with the first and only book published about Medical Device Cybersecurity and is continuing with certified training in embedded cybersecurity for medical device manufacturers.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Dictionary Attacks, SASE Misinformation, & 3 Key Tasks – 03:30 PM-04:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Description

In the Leadership and Communication Segment, 5 Reasons Why Cybersecurity Should Be A Priority While Planning Your Business, 3 Key Tasks That Help Me Work Way Less and Accomplish More, Everything You Need to Know About Dictionary Attacks, Is Misinformation Slowing SASE Adoption, & more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

  1. Winning the Cybersecurity Contest – Prioritization, Hand Off to MSSP, Run a Scout Team, Invest in People, Left of Boom
  2. 5 Reasons Why Cybersecurity Should Be A Priority While Planning Your Business – Heh: “Hence, the cybersecurity in your business can: Involve more clients, Form the sustainable loyal clients base, Build the nice reputation, Save money on the new PR company”
  3. Is Misinformation Slowing SASE Adoption? – “SASE is the convergence of networking and security that optimizes access performance, reduces operational complexity and enhances security posture on a global scale,” said Greenfield. “SASE is built on a cloud-native and cloud-based architecture, which is distributed globally across many points of presence (PoPs) and supports all edges of the network.”
  4. CIOs lead digital tool transformation, but adoption imperfect – “Digital tools provide value, but there’s a gap between what businesses can achieve and the potential of certain tools, according to Dion Hinchcliffe, VP and principal analyst at Constellation Research. “Modern IT solutions have very high leverage and can provide lots of value, if we’re using … some of their more advanced features, which we typically don’t train our workers on first,”” – Adoption means people are trained on it!
  5. Cloudflare wants to be your corporate network backbone with centralized management and security
  6. 3 Key Tasks That Help Me Work Way Less and Accomplish More – Prioritize and execute: “Now, I take a slightly different approach, and it has paid off immensely. I focus 70–80 percent of my time each day on my main income stream, and I utilize that other 20–30 percent of my day for other things (which I will describe in more detail in task two below). By devoting only 70–80 percent of my time to my main income stream, I have opened up opportunities to work on other projects. “
  7. $50m ransomware demand on Acer is highest ever – Carnage: “Separately, BleepingComputer’s investigation into the attack suggests that the REvil gang may have successfully weaponised the Microsoft Exchange ProxyLogon vulnerabilities in order to gain access to Acer’s network.”
  8. Everything You Need to Know About Dictionary Attacks – CISOs need more practical advice: Two-factor authentication, Password vaults, and making certain developers are using 1) Secure password hash storage and 2) Secure password reset. Make those things a priority, the rest is noise.