bsw228

Business Security Weekly Episode #228 – August 16, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Ransomware Trends 2021 – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/barracuda for more information!

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

Description

Ransomware attacks have surged in 2021, with the number of attacks increasing dramatically and ransom amounts continuing to skyrocket. Cybercriminals are also expanding their targets, shifting their focus to our critical infrastructure and evolving into deep-rooted software supply chain attack campaigns, which can cause long-lasting devastation.

In the past 12 months, Barracuda researchers have identified and analyzed 121 ransomware incidents, a 64% increase in attacks, year over year. Cybercriminals are still heavily targeting municipalities, health care, and education, but attacks on other businesses are surging.

This segment is sponsored by Barracuda Networks.

Visit https://securityweekly.com/barracuda to learn more about them!

Guest(s)

Fleming Shi

Fleming Shi – CTO at Barracuda Networks

@ShiFleming

Fleming joined Barracuda in 2004 as the founding engineer for the company’s web security product offerings, helping to create the first version of Barracuda’s message archiving product and paving the way for expansion into new content security product areas. As Chief Technology Officer, Fleming leads the company’s threat research and innovation engineering teams in building future technology platforms to deliver continued success in our security and data protection products. He has more than 20 patents granted or pending in network and content security.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. 7 Tips, 5 Simple Tips, & 3 Strategies for CISOs – 03:30 PM-04:00 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: Lesley Carhart, David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week, in the Leadership and Communications section, 7 tips for better CISOCFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Digital Supply Chain, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Real IT leadership: Selling the transformative dream – It’s one thing to cook up a great new initiative, but making it happen requires powers of persuasion, solid partnerships, and access to genuine technical insight.
  2. 7 tips for better CISO-CFO relationships – A successful CISO/CFO relationship will help ensure an organization has the right resources for its risk profile. Here are some best practices for CISOs when working with the CFO in their organization:

    1. Speak the CFO’s language
    2. Leverage data-rich economic models to quantify risk
    3. Communicate on a regular basis
    4. Invest in your own financial literacy
    5. Understand the budget process
    6. Don’t neglect planning
    7. Separate subjective and objective analysis

  3. 3 Strategies to Secure Your Digital Supply Chain – Today, most software products rely on thousands of prewritten packages produced by vendors or drawn from open source libraries. The most commonly used of these third-party software supply chain components are highly prized targets for cyber criminals. If attackers were to infiltrate them, they could compromise thousands or even millions of companies across industries and around the world. The good news is that firms don’t have to feel helpless; they can rely on others outside the firm to unearth vulnerabilities. Corporate leaders and IT teams can take three steps to prioritize and remediate vulnerabilities and forestall supply chain cyberattacks:

    1. IT managers should rely more on automated tools to fix simple vulnerabilities
    2. Businesses should conduct cost-benefit analysis for vulnerability patching
    3. Procurers should demand that critical technology vendors implement “hot patching”

  4. 5 Simple Tips to Help You Write a Powerful Email That Gets Read – Follow these tips to help you compose an effective email:

    1. Pay Attention to the Subject Line
    2. Don’t Forget About Formatting
    3. Make Your First Sentence Count
    4. Keep Your Email Short
    5. Your Email Should Have Only One Call to Action

  5. The Endless Digital Workday – The shift to remote work ended the traditional 9–5 workday: employees work in bursts, at night, between caregiving tasks, and whenever they can find time between the endless distractions of messages, calls, and emails. New research, however, shows that for many teams, this means people are quite literally working at all hours of the day, which also means that they’re almost never all working at the same time. Is this bad though? Researchers found that it depends on the task. For some tasks, being on at the same time improved productivity; for others, the distractions created by coworkers made it harder to finish the tasks, and productivity went up in what used to be considered off hours. Importantly, employees proved to be good judges of how to manage their time to be most productive. There are still lessons for managers. As a first step, write a team charter to establish norms and expectations, which should include specific times when the majority of the team is on together. That said, don’t force overlap or micromanage people. Finally, make it okay for people to be offline.
  6. Cyber professionals need regular training, and a pay raise – You can’t have solid cybersecurity without the right people. You’ve heard that before. Organizations need people with the right skills and they need to pay them commensurate with that skill. Yet, the skills shortage continues driven, according to one new study, by low pay.
  7. These are the Top 4 Cybersecurity Skills In-demand in 2021 – Cybersecurity is one of the fastest-growing sectors and cybersecurity skills are in demand across verticals. Let’s learn about the top four in-demand cybersecurity skills in 2021:

    1. Application development security
    2. Cloud security
    3. Risk management
    4. Threat intelligence