Who Do You Trust? – BSW #230
Full Audio
View Show IndexSegments
1. Staff Attrition Is Rising, Retaining Women in Tech, & Growing Privacy Concerns – BSW #230
In the Leadership and Communications section, Executives in tech say staff attrition is rising, 7 in 10 Facility Managers Consider OT Cybersecurity a Major Concern, Consumers Concerned About Personal Data Collection, and more!
Announcements
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Hosts
- 1. Executives in tech say staff attrition is risingMore than nine in 10 executives in technology, media and telecom are seeing higher-than-usual attrition in their ranks, according to a PwC survey. Executives in these industry sectors say salaries, career advancement opportunities and improved relationships with managers drive staff departures. The trio of factors are more impactful in tech, media and telecom than in other industries.
- 2. Intellectual property protection: 10 tips to keep IP safeYour company's intellectual property—whether that's patents, trade secrets or just employee know-how—may be more valuable than your physical assets. Here's how to establish basic policies and procedures for IP protection: 1. Know what intellectual property you've got 2. Know where your intellectual property is 3. Prioritize your intellectual property 4. Label valuable intellectual property 5. Secure your intellectual property both physically and digitally 6. Educate employees about intellectual property 7. Know your tools to protect intellectual property 8. Take a big picture view 9. Apply a counter-intelligence mindset 10. Think globally
- 3. Consumers Concerned About Personal Data Collection: KPMGData collection is rising, with 70% of the business leaders surveyed reporting that their companies have increased collection of consumer personal data over the last year. General population respondents are worried about how organizations use their data, and many of these concerns are grounded in a fundamental lack of trust. Key Findings include: - 83% would not willingly share their data to help businesses make better products and services - 64% say companies are not doing enough to protect consumer data - 47% believe their smart devices are listening to their conversations - 40% say they don’t trust companies to use their personal data ethically - 13% don’t trust their own employer to use their personal data ethically
- 4. Security Think Tank: Steps to a solid data privacy practiceHow to build, or rebuild, a solid business data privacy practice in a post-Covid-19 world: 1. You need to know where data is being stored and used, because if you do not know, you cannot control it. 2. The data owner is key in identifying and controlling who or what process can access and use the data. 3. Understanding the value of data and understanding how different security techniques can protect data is key to developing a risk assessment and, ultimately, the chosen security architecture. 4. User and process access controls must be based on a strict “need to know” basis. Just because a person is a senior manager does not mean they need access to every file or data item within their company, organisation unit or department. 5. Access controls should ideally take into account a user’s or process’s origination point and possibly time of day. 2FA for users is a valuable way to enhance network security and data privacy by significantly improving access to a company’s infrastructure. 6. Sensitive and secret information must be held separately from other data and ideally in a separate physical store. Access to this type of data must also be restricted to known origination points, for example authorisation down to not just a department, but appropriately authorised users or group of users within a department. Additionally, an authorised point of origin might be required, such as known IP addresses.
- 5. 7 in 10 Facility Managers Consider OT Cybersecurity a Major ConcernHoneywell research has revealed that 7 in 10 facility managers consider OT cybersecurity as a severe security concern. Nearly 33% plan to invest in OT cybersecurity products over the next 12 to 18 months. Key Findings include: - 27% of facility managers have experienced a security breach in their OT systems in 12 months. - Around 66% of respondents view managing OT cybersecurity as one of their most challenging responsibilities. - Over 56% of respondents are currently more willing to invest in safety-focused solutions (including OT cybersecurity) than they were before the onset of the pandemic.
- 6. Security blind spots persist as companies cross-breed security with devopsDevops has become common in software-development organizations around the world, but many companies are still struggling with cultural issues that are dampening security practitioners’ influence in the devsecops practices crucial for next-generation cloud application development.
- 7. Retraining women in tech for the post-pandemic workforceThe trend of women leaving the workforce mid-career to take on family obligations or other responsibilities is not new. However, the COVID-19 pandemic greatly exacerbated this exodus. In fact, nearly three million women left the U.S. workforce during the pandemic, as many have had to make tough choices between careers and families. The good news is that this is a solvable problem. We should explore ways to ensure that women — specifically technical women — have the necessary resources, tools, and opportunities to successfully transition back to work. Here are some recommendations to consider: 1. The rise of the 'returnship' 2. The bootcamp, reimagined 3. Attracting diversity through flexibility
2. State of Cyber Threats: Tenfold Increase in Ransomware – Derek Manky – BSW #230
Looking into the first half of 2021, there are important indicators of what cyber adversaries are planning next. This will be a conversation about cyberthreat trends and looking into takeaways from big name attacks so far this year.
Segment Resources:
https://www.fortinet.com/fortiguard/labs https://www.fortinet.com/blog/threat-research
This segment is sponsored by Fortinet.
Visit https://securityweekly.com/fortinet to learn more about them!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Guest
Derek Manky is chief security strategist and global vice president of threat intelligence at FortiGuard Labs. Derek formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. He provides thought leadership to industry, and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work includes meetings with leading political figures and key policy stakeholders, including law enforcement. He is actively involved with several global threat intelligence initiatives including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST – all in effort to shape the future of actionable threat intelligence and proactive security strategy.