Business Security Weekly (Audio)

This week, it's time for Security Money. We recap Q1 2023 with the latest financial results, funding announcements, and layoffs. Don't miss this quarterly update. At the market close on April 28th 2023: - SW25 Index is 1,404.31, which is an increase of 40.43% (up from last Q) since inception. - NASDAQ Index is 12,226.58, which is an increase of 84.27% (up from last Q) during the same period. CISOs face the complex challenge of protecting organizations against an expanding array of cybersecurity risks. While the role requires constant adaptation to protect against new threats, CISOs often bear the blame when defenses are breached. In this segment Kunal Anand, CTO & CISO, Imperva, discusses the evolution of the role and what aspiring professionals need to know if they want to hold the title. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Today's security products are evolving to meet the changing attack surface, each one targeting a specific set of risks. For organizations, this typically means that to increase security maturity, they need to implement a number of different solutions, and as the attack surface continues to expand, their tech stack quickly becomes difficult to manage. It's time for the industry to help security teams achieve a better balance and reduce this operational burden. Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011766&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=video&utm_campaign=ft-rsa-conference This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw304

We talk a lot about closing the skills gap, but it's harder said than done. So we thought we'd tackle the problem in our 2nd episode os Say Easy, Do Hard. Part 1 will discuss the skills needed, the requirements of the position, and the real qualifications for cybersecurity jobs. We will discuss the practical, realistic expectations of working in cybersecurity, not the hyped stereotypical positions. After discussing the requirements for working in cybersecurity, part 2 will tackle where to find the talent. We will explore education, apprenticeships, mentorships, and training. We will also identify areas within the business that have resources with skills that are very complementary with cybersecurity that also make great recruiting areas. Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw303

Securing the business can often come at a cost of employee productivity, but it doesn't have to be this way. Especially in today's economic climate, the security team cannot be seen as a blocker to business. Aviv discusses how to find that balance in today's episode. This segment is sponsored by Votiro. Visit https://securityweekly.com/votiro to learn more about them! In the leadership and communications segment, Security Is a Revenue Booster, Not a Cost Center, How cybersecurity leaders can tackle the skills shortage, Engaged Employees Create Better Customer Experiences, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw302

Barracuda just released a report on Ransomware findings, here: https://assets.barracuda.com/assets/docs/dms/2023 -Ransomware-insights-report.pdf. Here are a few of the highlighted stats: Barracuda international survey finds 73% of organizations experienced a successful ransomware attack in 2022 — 38% were hit more than once. 42% of those hit three times or more paid the ransom to restore encrypted data — compared to 31% of victims hit just once. 69% of ransomware attacks began with an email. 27% of organizations feel underprepared to tackle ransomware. Fleming Shi joins Business Security Weekly to discuss the findings and ways to better prepare for these attacks. In the leadership and communications segment, How to Succeed As a New Chief Information Security Officer, Lead by Example: What Army Special Forces Can Teach You About Leadership, How to Take Risks & Conquer Fears, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw301

Why 300? 300 is a perfect game in bowling, a milestone few have achieved (unless you're Brendan Alderman who has done it twice before the age of 20). 300 podcast episodes is almost 7 years of recording, a milestone most podcasts haven't achieved. So we thought is was worth celebrating! Join current and former BSW hosts to get a brief history of Business Security Weekly, including: Paul's resignation from Tenable in 2016 to expand the Security Weekly podcast Michael and Paul launching Start-up Security Weekly in 2016 The switch to Business Security Weekly in 2018 Matt's first episode (105) in 2018 as the new CEO of Security Weekly The premier episode of Security Money (113) in 2019 Jason's first episode (101) in 2018 The sale of Security Weekly to CyberRisk Alliance in 2020 Ben's first episode (231) in 2021 The premier episode of Say Easy, Do Hard (289) in 2023 You ask, we respond. This Ask Me Anything (AMA) segment allows the audience to ask the BSW hosts anything. From leadership skills to career advice or even why Alderman keeps moving, this segment answers the questions you want to know. Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw300

We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase. This includes: Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Active engagement with real-time feedback from the user base and technical teams Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time). This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the leadership and communications section, CISO, The Board, and Cybersecurity, How CISOs Can Work With the CFO to Get the Best Security Budget, Building Effective and Skilled Teams Through Networking, Connectivity, and Communication, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw299

When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO. Segment Resources: https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos In the leadership and communications section, CISO: A Job in Search of a Description, The Rise of the BISO in Contemporary Cybersecurity, When More is Less: The Dangers of Over-Communication in Teams, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw298

Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these. ​ This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity. Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw297

From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! In the leadership and communications section, Your Biggest Cybersecurity Risks Could Be Inside Your Organization, Subtracting: The Simplest Path to Effective Leadership, How to Be a Good Interviewer, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw296

Lots of press lately regarding ChatGPT and its impact on cybesecurity. Some say it will help us fight adversaries, while others say it will only make adversaries more sophisticated. Lot's of FUD on both sides of the discussion. BSW hosts debate the pros and cons of ChatGPT (and other AI) to truly understand its impact and what we, as security leaders, need to know. In the leadership and communications section, Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape, Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025, How to Empower Teams, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw295