bsw214

Business Security Weekly Episode #214 – April 26, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Cyber Accountability – 03:00 PM-03:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Our next technical training will be on May 6th at 11am ET exploring common misconfigurations of NGINX, the damage they could do, and how to avoid them! Next up, see how attackers gain access to endpoints and learn defensive strategies to protect against those attacks in our May 13th technical training also at 11am ET! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove it, it’s not a strategy.

Segment Resources:

www.VigiTrust.com

https://forbesbooks.com/mathieu-gorge/

Guest(s)

Mathieu Gorge

Matthieu Gorge – CEO at VigiTrust

@Matgorge

Mathieu Gorge is an established authority on data security, risk management, and compliance with more than 20 years global experience. Mathieu is a PCI DSS (Payment Card Industry-Data Security Standard) and data security expert. Since 2006, Mathieu has been a Councillor for Ireland’s France Chamber of Commerce, for which he also acts as its President. In 2014, he was appointed French Trade Foreign Advisor by the French government (Conseiller du Commerce Exterieur de la France). Mathieu is in high demand as a speaker at global security conferences, such as RSA, ENISA and ISACA. He also works closely with the PCI Council in the United States and European Union.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. Outgunned CISOs, Cyberthreat Reports, & Effective Cyber Security Strategy – 02:30 PM-03:00 PM

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2021 All Access Pass! RSA Conference will be a fully virtual experience from May 17th-20th, 2021. Security Weekly will be live streaming Monday-Thursday in the virtual broadcast alley, interviewing some of the top sponsors and speakers for the event. To register using our discount code, please visit https://securityweekly.com/rsac2021 [securityweekly.com] and use the code 5U1CYBER! We hope to “see” you there!

Description

In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report executives can really use, Creating and rolling out an effective cyber security strategy, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. There is no cybersecurity skills gap, but CISOs must think creatively – TechCrunch
JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches – Help Net Security – 96% of the CISOs acknowledge that they face a well-organized criminal industry motivated by financial gain. Furthermore, 72% of CISOs say adversaries are moving faster than they are, and 69% say their adversaries have improved their attack capabilities in the last 12-18 months.
  2. How to write a cyberthreat report executives can really use – Although cyberthreat reports should communicate the threats, vulnerabilities, risks and mitigation initiatives, security leaders caution against going into too much detail. Threat reports should include:

    – information about threats that could exploit vulnerabilities within the organization
    – how the security team is mitigating vulnerabilities
    – how its defending against threats and any additional actions that will be taken.
    – any news-making events or significant incidents that impacted others, even if they’re not relevant to the CISO’s own organization
    – any trends or issues emerging on the horizon, to help avoid surprises down the road.

  3. Creating and rolling out an effective cyber security strategy – This article explores how a cyber security strategy that’s effective for office-based, remote and hybrid workforces can be rolled out throughout the organisation.

    1. Communication and collaboration
    2. Evaluate risks and utilise findings
    3. Look beyond the first line of defence
    4. Limit access to mission-critical infrastructure
    5. Prioritise according to risk and value
    6. Relieve strain using cutting edge technologies

  4. 6 Leadership Paradoxes for the Post-Pandemic Era – The characteristics that leaders we interviewed considered most important in this new era align well with the six paradoxes of leadership described in Blair Sheppard’s recent book, Ten Years to Midnight.

    1. Strategic Executor
    2. Humble Hero
    3. Tech-Savvy Humanist
    4. Traditioned Innovator
    5. High-Integrity Politician
    6. Globally-Minded Localist

  5. 8 Tips for Crafting the Perfect Business Email – Writing a business email? Don’t hit ‘send’ until you’ve completed these key steps.

    1. Use a clear and relevant subject line
    2. Keep it short
    3. Tell them why
    4. Add a call to action
    5. Be friendly and upbeat
    6. Personalize it and make it relevant
    7. Test out different subject lines and copy
    8. Draft first, then add the recipient’s email

  6. Aggressive Body Language: 15 Cues and How to De-escalate – Let’s take a quick tour of the creepy, violent, and aggressive behaviors you should watch out for:

    1. Jaw Thrust
    2. Nostril Flaring
    3. Pursed Lips
    4. Chest Puff
    5. Pupil Dilation
    6. Lowered Eyebrows
    7. Teeth Licking
    8. Blading (Aggressive Stance)
    9. Tightened Muscles
    10. Sneering (Aggressive Face)
    11. Clenched Fists
    12. Foot Stomping
    13. Ocular Orbital Tension
    14. One-Leg Up
    15. Rattling