Business Security Weekly (Audio)

Organizations rely heavily on Salesforce to manage vasts amounts of sensitive data, but hidden security risks lurk beneath the surface. Misconfigurations, excessive user permissions, and unmonitored third party integrations can expose this data to attackers. How do I secure this data? Justin Hazard, Principal Security Architect at AutoRABIT, joins Business Security Weekly to discuss the security challenges of Salesforce. Justin will discuss how proactive oversight and a strong security posture in Salesforce requires additional capabilities, including: Continuous monitoring of your Salesforce environment, Strict access controls of Salesforce users, and Automated backup of sensitive data. Think your data in Salesforce is safe and secure, think again. This segment is sponsored by AutoRABIT. Visit https://securityweekly.com/autorabit to learn more about them! In the leadership and communications segment, Boards Have a Digital Duty of Care, The CISO's greatest risk? Department leaders quitting, The 15 Habits of Highly Empathetic People, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-425

In this discussion, Mike Puglia, General Manager of Kaseya Labs and veteran in cybersecurity, addresses the hidden threats in SaaS applications like Microsoft 365 and Salesforce. He highlights how attackers exploit weaknesses via hijacked tokens and misconfigured settings. Mike also emphasizes the importance of beyond-basic protections, such as implementing telemetry and managing SaaS integrations. The conversation explores the evolving role of the Chief Trust Officer and the strategies for SMEs to enhance SaaS security while navigating the complexities of modern IT infrastructure.

The Security Weekly 25 index is back near all time highs as the NASDAQ hits another record high. Funding and acquisitions have shifted to AI as the security industry continues to evolve. We also had a new IPO, Netskope. They will replace CyberArk once the Palo Alto Networks acquisition closes, allowing the index to survive another public company acquisition. In the leadership and communications segment, Boards Seeking AI Specialists, A CISO's Guide to Navigating the Urgent AI Security Storm, How to Write AI Prompts That Get Results (& Don't Suck), and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-423

Join Dr. Yonesy Núñez, a global cybersecurity executive and seasoned CISO, as he dives into the pressing issue of CISO burnout. He advocates for mental wellness through 'optimizing the operator'—achieving harmony of mind, body, and spirit. Yonesy highlights practical health changes like reducing alcohol and improving nutrition. He emphasizes the need for organizational alignment to support CISOs and discusses the role of Business Information Security Officers (BISOs) in scaling security. This insightful conversation tackles how to recognize burnout and implement necessary changes in the cyber landscape.

Rahul Parwani, Head of Product, Security Solutions at Airia, dives into the security implications of the Model Context Protocol (MCP) as AI reshapes business operations. He highlights the security nightmare posed by community-built MCP servers and the risks of inadequate authentication. Rahul discusses innovative solutions like centralized gateways for securing AI tools and emphasizes the need for guardrails to balance developer velocity with security. The conversation also touches on the potential fallout from replacing entry roles with AI and the importance of mindful leadership in navigating these changes.

Rob Allen, Chief Product Officer at ThreatLocker, shares insights from his 20+ years in IT. He discusses how misconfigurations are a leading breach vector, highlighting the importance of monitoring and remediation. Rob explains how ThreatLocker's tools can automatically identify these issues and ensure compliance. He also emphasizes the need for organizations to elevate misconfiguration awareness to board level. Finally, he touches on metrics that matter for CISOs to demonstrate value through effective risk management.

Jeff Pollard, Vice President and Principal Analyst at Forrester Research, dives into the emerging role of the Chief Trust Officer, highlighting its importance in today's business landscape. He explains how customer demands have driven this role's evolution from traditional CISO responsibilities, now encompassing ESG, resilience, and compliance. Pollard emphasizes the need for metrics that demonstrate trust's contribution to revenue, while discussing ideal CISO personas for this position. The conversation also touches on the balance between AI reliance and core security skills.

Nicole Jiang, Co-founder of Fable Security, and Rinki Sethi, CSO at Upwind Security, delve into the significant challenge of human error in security. They discuss how traditional training fails to change behavior, advocating for personalized, context-driven interventions instead. Jiang explains the power of AI in delivering timely nudges and behavior modification, while Sethi emphasizes embedding security into company culture. Their insights underscore the necessity of adapting security strategies to align with human behavior for lasting change.

Trevor Horwitz, Founder and CISO at TrustNet, brings over 20 years of cybersecurity experience to the table. He delves into how agentic AI can revolutionize compliance and risk management, automating tedious tasks and enhancing efficiency. Trevor highlights the importance of human oversight despite AI’s capabilities, discussing the fine line between automation and human involvement. He also addresses the evolving role of CISOs in navigating organizational challenges and stresses the need for authentic leadership without succumbing to bureaucracy.

Merritt Maxim, VP and Research Director at Forrester, dives into the booming cybersecurity market forecast, predicting a striking $302.5 billion spend by 2029, with software dominating the budget. He discusses that 69% of this spending will focus on key areas like applications and identity. The conversation also explores the rising significance of AI in security, with a staggering 21.2% growth in AI software investments. Furthermore, Merritt highlights regional trends and the nuanced risks surrounding cybersecurity spending in today's landscape.