Embrace Common Business Language, Strategic Impact of DBIR, and Playing Favorites – BSW #271
In the leadership and communications section,CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
Matt Alderman
Chief Product Officer at CyberSaint
- 1. CISOs: Embrace a common business language to report on cybersecurityDespite the elevation of cybersecurity as a top board priority and concern, businesses need to address the “elephant in the room” — the failure of communication and common understanding between the CISOs, security programs, and their boards’ understanding of SPM. Organizations are recognizing that only a small percentage of their security teams are being effective when communicating security program strategies and risks to the board, according to a Ponemon study.
- 2. TIPS FROM A CISO: HOW TO CREATE A SECURITY PROGRAMHow to Develop a Sustainable and Adaptable Security Program? Security executives should focus their strategies on some specific perspectives: 1. Business awareness 2. Strategic positioning 3. Engagement 4. Build a strong team 5. Communication
- 3. The Upside of Playing FavoritesWhile managers should strive to treat their employees fairly, it’s only natural for them to develop stronger relationships with some people than with others. The good news is, new research suggests that this sort of favoritism doesn’t have to be destructive. Specifically, if the “boss’s favorite” is perceived as expressing authentic rather than hubristic pride, researchers found that witnessing favoritism could actually motivate other employees to improve and build stronger relationships themselves. With the right approach, employees, managers, and leaders can build an organizational culture that celebrates positive workplace relationships and gives everyone the tools they need to grow and succeed.
- 4. The Strategic Impact of Verizon’s 2022 Data Breach Investigations ReportLook no further than Verizon's Data Breach Investigations Report for data about the operational side of security — especially incidents and breaches. Now in its 15th (!!!) year, the report is one of the deepest and most comprehensive sources of information about the threats we face as an industry. The recurring themes are: - Data compromises result from external attacks. - The primary motive behind cybercrime is financial gain. - Most breaches are caused by stolen credentials, ransomware, and phishing. - Servers are attacked far more than any other asset. - Credentials and personal data are the most frequently targeted data types.
- 5. Cyber security training ‘boring’ and largely ignoredTwo-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them. With three-quarters of UK and US organisations having experienced some kind of cyber incident in the past year, a significant proportion of employees seem to regard training exercises as something to be endured, rather than engaged with.
- 6. Make Shy Employees Part of Your Cybersecurity StrategyIntroverts aren't as antisocial as is commonly believed. But they do benefit from an environment that makes them feel comfortable. So how can we do that in a collaborative setting? Here are some strategies: - Keep groups small - Yet another meeting? - Offer a variety of communication channels - Respect boundaries (even if you don't fully understand them) - Allow appropriate time