bsw230

Business Security Weekly Episode #230 – August 30, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Staff Attrition Is Rising, Retaining Women in Tech, & Growing Privacy Concerns – 03:00 PM-03:30 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s in-person event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on world pass and main conference registration! Visit https://securityweekly.com/isw2021 to register now!

Description

In the Leadership and Communications section, Executives in tech say staff attrition is rising, 7 in 10 Facility Managers Consider OT Cybersecurity a Major Concern, Consumers Concerned About Personal Data Collection, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Executives in tech say staff attrition is rising – More than nine in 10 executives in technology, media and telecom are seeing higher-than-usual attrition in their ranks, according to a PwC survey. Executives in these industry sectors say salaries, career advancement opportunities and improved relationships with managers drive staff departures. The trio of factors are more impactful in tech, media and telecom than in other industries.
  2. Intellectual property protection: 10 tips to keep IP safe – Your company’s intellectual property—whether that’s patents, trade secrets or just employee know-how—may be more valuable than your physical assets. Here’s how to establish basic policies and procedures for IP protection:

    1. Know what intellectual property you’ve got
    2. Know where your intellectual property is
    3. Prioritize your intellectual property
    4. Label valuable intellectual property
    5. Secure your intellectual property both physically and digitally
    6. Educate employees about intellectual property
    7. Know your tools to protect intellectual property
    8. Take a big picture view
    9. Apply a counter-intelligence mindset
    10. Think globally

  3. Consumers Concerned About Personal Data Collection: KPMG – Data collection is rising, with 70% of the business leaders surveyed reporting that their companies have increased collection of consumer personal data over the last year. General population respondents are worried about how organizations use their data, and many of these concerns are grounded in a fundamental lack of trust. Key Findings include:

    – 83% would not willingly share their data to help businesses make better products and services
    – 64% say companies are not doing enough to protect consumer data
    – 47% believe their smart devices are listening to their conversations
    – 40% say they don’t trust companies to use their personal data ethically
    – 13% don’t trust their own employer to use their personal data ethically

  4. Security Think Tank: Steps to a solid data privacy practice – How to build, or rebuild, a solid business data privacy practice in a post-Covid-19 world:

    1. You need to know where data is being stored and used, because if you do not know, you cannot control it.
    2. The data owner is key in identifying and controlling who or what process can access and use the data.
    3. Understanding the value of data and understanding how different security techniques can protect data is key to developing a risk assessment and, ultimately, the chosen security architecture.
    4. User and process access controls must be based on a strict “need to know” basis. Just because a person is a senior manager does not mean they need access to every file or data item within their company, organisation unit or department.
    5. Access controls should ideally take into account a user’s or process’s origination point and possibly time of day. 2FA for users is a valuable way to enhance network security and data privacy by significantly improving access to a company’s infrastructure.
    6. Sensitive and secret information must be held separately from other data and ideally in a separate physical store. Access to this type of data must also be restricted to known origination points, for example authorisation down to not just a department, but appropriately authorised users or group of users within a department. Additionally, an authorised point of origin might be required, such as known IP addresses.

  5. 7 in 10 Facility Managers Consider OT Cybersecurity a Major Concern – Honeywell research has revealed that 7 in 10 facility managers consider OT cybersecurity as a severe security concern. Nearly 33% plan to invest in OT cybersecurity products over the next 12 to 18 months. Key Findings include:

    – 27% of facility managers have experienced a security breach in their OT systems in 12 months.
    – Around 66% of respondents view managing OT cybersecurity as one of their most challenging responsibilities.
    – Over 56% of respondents are currently more willing to invest in safety-focused solutions (including OT cybersecurity) than they were before the onset of the pandemic.

  6. Security blind spots persist as companies cross-breed security with devops – Devops has become common in software-development organizations around the world, but many companies are still struggling with cultural issues that are dampening security practitioners’ influence in the devsecops practices crucial for next-generation cloud application development.
  7. Retraining women in tech for the post-pandemic workforce – The trend of women leaving the workforce mid-career to take on family obligations or other responsibilities is not new. However, the COVID-19 pandemic greatly exacerbated this exodus. In fact, nearly three million women left the U.S. workforce during the pandemic, as many have had to make tough choices between careers and families.

    The good news is that this is a solvable problem. We should explore ways to ensure that women — specifically technical women — have the necessary resources, tools, and opportunities to successfully transition back to work. Here are some recommendations to consider:

    1. The rise of the ‘returnship’
    2. The bootcamp, reimagined
    3. Attracting diversity through flexibility

2. State of Cyber Threats: Tenfold Increase in Ransomware – 03:30 PM-04:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/fortinet for more information!

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our speakers: Lesley Carhart, John Strand, Alyssa Miller, Dave Kennedy, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, Justin Kohler, Jay Beale, Trenton Ivey & Ryan Cobb!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Looking into the first half of 2021, there are important indicators of what cyber adversaries are planning next. This will be a conversation about cyberthreat trends and looking into takeaways from big name attacks so far this year.

Segment Resources:
https://www.fortinet.com/fortiguard/labs https://www.fortinet.com/blog/threat-research

This segment is sponsored by Fortinet.

Visit https://securityweekly.com/fortinet to learn more about them!

Guest(s)

Derek Manky

Derek Manky – Chief, Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs

Experienced thought leader and innovator who has helped to build global collaborative frameworks in the cyber security industry. Strategist to global leaders/heads of state, private public sector relations, C-Suite consultant, threat intelligence expert on cybercrime.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance