bsw243

Business Security Weekly Episode #243 – December 13, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Why Hospitals Face Unique Security Challenges – 03:00 PM-03:30 PM

Announcements

  • Throughout 2022, CRA’s Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

-More than 25% of US hospitals have suffered at least one ransomware attack in the last two years.

-Clearly, hospital IT teams, for the first time, the power to see and stop ransomware and other cyberattacks across a hospital’s sprawling and fragmented ecosystem of office IT, clinical technologies, and electronic health systems.

-Existing security solutions are only capable of detecting cyberthreats on office worker devices, which leaves two-thirds of a hospital’s IT environment invisible and undefended.

Guest(s)

Mike Murray

Mike Murray – CEO and Founder at Scope Security

@mmurray

Mike Murray is the founder and CEO of Scope Security, the healthcare security company. At Scope, Murray builds on his nearly two decades of experience leading teams of highly skilled security professionals to solve critical security problems in healthcare.

Throughout his career, Murray has helped discover some of the world’s most notorious breaches and nation state threats, and is sought out by industry, media and security teams for insights on today’s most pressing issues in cybersecurity.

Prior to founding Scope, Murray served as the Chief Security Officer at Lookout, where he presided over the protection of nearly 200m mobile users and their data. Previously, he led Product Development Security at GE Healthcare, where he built a global team that secured all of GE Healthcare’s portfolio of pre-market medical devices and services. Murray also co-founded The Hacker Academy and MAD Security, and has held leadership positions at companies including Lookout, nCircle Network Security, Liberty Mutual Insurance and Neohapsis.

Hosts

BenCarr

Ben Carr

CISO at Qualys

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. (13 Traits + 7 Strategies)/2 = 10 Effective Ways to Improve Communication – 03:30 PM-04:00 PM

Announcements

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

  • Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section: 13 traits of a security-conscious board of directors, 7 Strategies for CSO Cybersecurity Survival, 10 Effective Ways You Can Improve Your Communication Skills, and more!

Hosts

BenCarr

Ben Carr

CISO at Qualys

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. 88% of Boards view cybersecurity as a biz risk but few walk the talk – Eighty-eight percent of Boards of Directors (BoDs) view cybersecurity as a business risk, as opposed to a technology risk, according to a new survey from Gartner, Inc. However, only 12% of BoDs have a dedicated board-level cybersecurity committee.
  2. 13 traits of a security-conscious board of directors – A CISO’s success (and job longevity) is often dependent on support from the board of directors. Answers to these questions will reveal how security savvy a BoD is…

    1. Does the board have at least one security expert?
    2. Does the board ask good questions?
    3. Does the board’s chain of command and reporting structure put the CISO in a position of authority?
    4. Does the board conduct regular and detailed risk assessments?
    5. Does the board have security-focused subcommittees?
    6. Does the board meet regularly with the CISO?
    7. Are the IT budgets and cybersecurity budgets presented to the board together?
    8. Does the board integrate security concerns into all its discussion?
    9. Does the board receive security training?
    10. Does the board practice sound cybersecurity hygiene in its own communications?
    11. Does the board use benchmarks to measure security preparedness?
    12. Does the board make a determined effort to drive security culture throughout the company?
    13. Does the board create a climate of open, honest information sharing?

  3. 7 Strategies for CSO Cybersecurity Survival – Below are seven strategies to make cybersecurity professionals’ organisations safer from the countless network security threats they’ll be facing in the near future:

    1. Create a “Security-first” Culture
    2. Create a Continuous Security Education Program
    3. Implement a Zero-Trust Model Throughout the Business
    4. Implement SSL Visibility – “Break and Inspect”
    5. Review and Test DDoS Defences Regularly
    6. Secure all Inbound and Outbound Network Traffic Using SSL/TLS Encryption
    7. Establish and Test Disaster Recovery Plans

  4. Cybersecurity Team Lessons from Football Game Defeats – Underestimating, or not properly preparing for, adversaries can lead to big trouble — in both football and cybersecurity. So what can cyber teams learn from “The Game”?
  5. Here Is What Lazy Leadership Feels Like – We spend a lot of our time focussing on what good leadership looks like. But good leadership is not just a set of rules. It is a feeling that can be experienced by those who are led. So, here are the three things that are felt by the team under lazy leadership. If you are a leader, these are three things you should look out for to ensure you are never causing your team to feel this way:

    1. You Feel Tired
    2. You Feel Confused
    3. You Feel Undervalued

  6. Surprising Leadership Fact: Your Teams Don’t Need To Set Their Own Goals – The research distinguishes between three ways to set goals: assigned, participative, and self-set goals.

    – Assigned goals are those set by the leader and not negotiated with workers.
    – Participative goals require input from the team on what they should achieve. These goals are not mandated but co-constructed together with the leader.
    – Self-set goals are those that workers set by themselves without input from the leader.

    The research found:

    – Assigned goals are as effective as participative and self-set goals
    – Your team may prefer assigned goals

  7. 10 Effective Ways You Can Improve Your Communication Skills – To become a better communicator, you have to have the tools and skills to create the right message for the right audience, right? Here are the top 10 communication skills that will enhance the way you speak and listen:

     1. Clear Signaling
     2. Highlight Uniqueness
    3. Reading Faces
    4. Still-Face Experiment
    5. Facial Absorption
    6. Use Powerful Words
    7. Embodied Cognition
    8. Sharing Feedback
    9. Positive Body Language
    10. Storytelling