bsw223

Business Security Weekly Episode #223 – July 12, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Can XDR Solve Ransomware? – 03:00 PM-03:30 PM

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Join us July 15 at 11 AM ET to learn how a thoughtful approach to SASE can improve security and enable scalability. In our July 22nd technical training at 11 AM ET, learn how Guided-SaaS NDR Enables Rapid Response. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Every day brings news of more breaches and ransomware attacks. Why are organizations failing to protect themselves, and what can we do to combat these cybersecurity threats? Technological advances, such as XDR and AI-driven threat monitoring, offer a way to thwart attackers in an ever-evolving security landscape.

Guest(s)

Maurice Stebila

Maurice Stebila – Former CISO at Harman by Samsung and Chairman and Founder of CxO InSyte at CxO InSyte

A Chief Information Security, Compliance and Privacy Officer with over 20 years of global technology leadership, Maurice Stebila has served as an advisor or CISO to some of the world’s biggest companies, including Harman International, Samsung, General Motors (GM), Hewlett Packard (HP) and Electronic Data Systems.

He is renowned as an industry authority and thought leader and has spoken at top cybersecurity and IoT conferences, including DHS – Connected Car, Evanta / Gartner, RSA, and Samsung Developers Conference. He is also the author of multiple award-winning cybersecurity awareness programs and infosec newsletters. Now, as the founder and leader of CxO InSyte, he’s using his knowledge and experience to bring together CISOs and other experts to share their insights through his platform, a cybersecurity information exchange and professional network event consortium for CISOs and CIOs.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. CISO Wishes and Initiatives, Risk of Disconnect, and Cyber Insurance Rises – 03:30 PM-04:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Description

In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

  1. Secretary Mayorkas Announces Most Successful Cybersecurity Hiring Initiative in DHS History
  2. Start With Why
JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. 3 Things Every CISO Wishes You Understood – Ensuring the CISO’s voice is heard by the board will make security top of mind for the business, its employees, and their customers. But the role of the CISO is as diverse as it is dynamic, varying massively depending on the organization, and is a role that’s constantly in flux. Here are three things that every CISO wishes you knew:

    1. The CISO’s Role Is Changing Before Our Eyes
    2. CISOs Are Capable of Helping Other Areas of Business Function
    3. Questions of Ethics and Technology Are More Important Than Ever

  2. Critical CISO Initiatives for the Second Half of 2021 – Here are the top goals for 2021, based on the lessons we have learned from 2020:

    1. Security Operations Center (SOC) Automation
    2. Remote Workforce Monitoring
    3. Access Analytics and Risk-Based Access Controls
    4. Detecting and Preventing Insider Threats
    5. Cloud Transformation
    6. Extended Detection and Response (XDR)

  3. The risk of disconnect between CIOs and CISOs – Companies need their CIO and CISO working together to reach their strategic goals. Strain in the relationship is a recipe for breaches.
  4. What is the BISO role and is it necessary? – Relatively new and somewhat controversial, the business information security officer, or BISO, acts as the CISO’s tactical and operations-level ambassador to the business units. Here are some of the responsibilities of this role:

    1. raise the cybersecurity program’s profile within the organization;
    2. increase delivery of cybersecurity services internally;
    3. connect with business units, learn their needs and offer them technical and operational support; and
    4. organize and execute cybersecurity service delivery.

  5. What Does It Take to Be a Cybersecurity Professional? – With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career.
  6. NIST defines “critical software” with a broad range of security functions – The goal is to enable stronger security practices for government-purchased software mandated by President Biden’s cybersecurity executive order. NIST has determined that “EO-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:”

    – Is designed to run with elevated privilege or manage privileges
    – Has direct or privileged access to networking or computing resources
    – Is designed to control access to data or operational technology
    – Performs a function critical to trust
    – Operates outside of normal trust boundaries with privileged access

    Later phases of the EO’s implementation may also include other categories of software, including:

    – Software that controls access to data
    – Cloud-based and hybrid software
    – Software development tools such as code repository systems, development tools, testing software, integration software, packaging software, and deployment software
    – Software components in boot-level firmware
    – Software components in operational technology (OT)

  7. Cyber insurance costs up by a third – The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance.