Barracuda just released a report on Ransomware findings, here: https://assets.barracuda.com/assets/docs/dms/2023 -Ransomware-insights-report.pdf. Here are a few of the highlighted stats: Barracuda international survey finds 73% of organizations experienced a successful ransomware attack in 2022 — 38% were hit more than once. 42% of those hit three times or more paid the ransom to restore encrypted data — compared to 31% of victims hit just once. 69% of ransomware attacks began with an email. 27%...
Apr 11, 2023•1 hr 8 min
Why 300? 300 is a perfect game in bowling, a milestone few have achieved (unless you're Brendan Alderman who has done it twice before the age of 20). 300 podcast episodes is almost 7 years of recording, a milestone most podcasts haven't achieved. So we thought is was worth celebrating! Join current and former BSW hosts to get a brief history of Business Security Weekly, including: Paul's resignation from Tenable in 2016 to expand the Security Weekly podcast Michael and Paul launching Start-up Se...
Apr 04, 2023•1 hr 7 min
We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase. This includes: Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Activ...
Mar 28, 2023•56 min
When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO. Segment Resources: https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos In the leadership and communications section, CISO: A Job in Search of a Description, The Rise of the BISO in Contemporary Cybersecurity, When More is Less: The Dangers of Over-Communication ...
Mar 21, 2023•1 hr 7 min
Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you c...
Mar 14, 2023•1 hr 2 min
From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more ...
Mar 07, 2023•57 min
Lots of press lately regarding ChatGPT and its impact on cybesecurity. Some say it will help us fight adversaries, while others say it will only make adversaries more sophisticated. Lot's of FUD on both sides of the discussion. BSW hosts debate the pros and cons of ChatGPT (and other AI) to truly understand its impact and what we, as security leaders, need to know. In the leadership and communications section, Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape, Gartner Pred...
Feb 28, 2023•1 hr 8 min
It's another holiday week, so enjoy this episode from the BSW archives! This week, we welcome Graeme Payne, President at Cybersecurity4Executives, to discuss Impacts of a Data Breach! During the Equifax 2017 Data Breach, Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identi...
Feb 21, 2023•34 min
How do you manage the human side of cybersecurity? Traditionally, security awareness programs have checked this box from a compliance angle but had minimal impact on cyber risk. Human Risk Management (HRM) is transforming this space by connecting an integrated, data-driven approach with personalized security training to deliver quantifiable results. In this session, we'll define HRM, explore how it is being adopted, and review the business case supporting the change. This segment is sponsored by...
Feb 14, 2023•1 hr
This week, it's Security Money. While the major indexes have improved, the SW25 index has not. Pressures from the macro economic conditions appear to have a greater impact on cybersecurity. We'll dig in and review. In the leadership and communications section, Who Does Your CISO Report To?, 5 CISO Traps to Avoid and Truths to Embrace, How to effectively communicate cybersecurity best practices to staff, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on ...
Feb 07, 2023•1 hr 3 min
What keeps the cyber C-Suite up at night? What are their main priorities, and how do they articulate them to board? In this session, we’ll go behind the screens and find out what CISOs from all over the world really think in terms of making turning cyber risk into business risk. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! In the leadership and communications section, Why CISOs Make Great Board Members, Unlock Your Leadership Potentia...
Jan 31, 2023•56 min
Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. In the leadership and communications section, 8 Qu...
Jan 24, 2023•1 hr 16 min
We're aren't recording this holiday week, so enjoy this BSW throwback episode! Main host Matt Alderman selected this episode to share as it's still relevant to the InfoSec business community today. This week, we welcome Jim Routh, Former CSO, Board member, Advisor at Virsec, to discuss The 3 Mistakes All First Time CISOs Make That No One Tells You! Show Notes: https://securityweekly.com/bsw227 Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://twi...
Jan 17, 2023•38 min
In the leadership and communications section, The CISO Role is Broken, Five Cybersecurity Resolutions CISOs Can Actually Keep In 2023, Are Cyber Attacks at Risk of Becoming ‘Uninsurable’?, and more! SolarWinds has been on the journey of Secure by Design since the Sunburst incident in late 2020. Secure by Design is a practical approach to minimizing risk. It involves advanced build systems, an assumed breach model, proactive testing, audit, increased visibility and sharing lessons externally. Seg...
Jan 10, 2023•1 hr 7 min
With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities. With the current macro economic head winds, 2023 b...
Jan 03, 2023•1 hr 19 min
In the Leadership and Communications section, CISOs of the World, Unite!, 8 things to consider amid cybersecurity vendor layoffs, The Best Public Speakers Put the Audience First, and more! Barracuda just finished an email security survey. We start to dig into the results and the impact for 2023, including: - 86% of respondents in all the countries surveyed said third party email security solutions are essential to keep our Microsoft 365 environment secure - This rises to 92% for respondents in t...
Dec 13, 2022•58 min
In the leadership and communications section, 5 top qualities you need to become a next-gen CISO, Ego Is the Enemy of Good Leadership, How To Explain Things Better, and more! The U.S. is at an inflection point in terms of cyber threats; Critical infrastructure attacks are growing more frequent and consequential, and the White House recently called the cyber talent gap of nearly 770,000 open positions a “national security challenge.” Kelly Rozumalski, SVP at Booz Allen Hamilton leading the firm’s...
Dec 06, 2022•55 min
Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap! In the leadership and communications section, The Sacrificial CISO heralds a new age for cybersecurity, To Coach Leaders, Ask the Right Questions, How to Handle Criticism Gracefully: 12 Pro Tips, and more! Visit https://www.se...
Nov 29, 2022•1 hr 5 min
In the leadership and communications section, Is Your Board Prepared for New Cybersecurity Regulations?, 32% of cybersecurity leaders considering quitting their jobs, 40 Jargon Words to Eliminate from Your Workplace Today, and more! Positive change is coming to cybersecurity. In this segment, Mike Devine (CMO) and John Grancarich (EVP of Strategy) at Fortra discuss the business of leading a cybersecurity company, the reasons behind our recent rebrand, and our plans for continuing as a people-fir...
Nov 15, 2022•1 hr 6 min
Threat actors use automation and technology to do evil at scale. Yet, even with cutting edge technology available to them, smaller organizations feel overwhelmed. Analysts struggle from the “alt-tab, swivel-chair” problem, and security products just don’t feel… powerful. So how does a SOC maximize its most valuable asset–the humans–in combination with technology to overachieve? This talk will teach you a new way to model out your team's resources, assets, and capabilities to defend against vario...
Nov 08, 2022•1 hr 5 min
In the leadership and communications section, Is Cybersecurity Leadership Broken?, Cybersecurity career mistakes, 13 Cybersecurity Horror Stories to Give you Sleepless Nights, and more! Cyber risk quantification should be at the center of an enterprise's actions to understand and measure risk posed in the event of a cyberattack. That data should then be used to estimate - financially - cyber risk exposure. To start this process, enterprises need 3 pillars to build a good cyber risk quantificatio...
Nov 01, 2022•1 hr 2 min
Robert Herjavec, CEO of Cyderes, was the keynote speaker at InfoSec World 2022, where he discussed the momentum we continue to see in the cybersecurity industry. Topics included mergers & acquisitions, Robert's outlook on the cyber market, staffing shortages, and nation state threats. Robert joins BSW to expand on his ISW keynote presentation. In the leadership and communications section, Boards looking to CEOs, not CIOs, to lead digital initiatives, Compensation for Cybersecurity Leaders is...
Oct 25, 2022•1 hr 14 min
In the leadership and communications section, So you do not want to become a CISO anymore?, Which cybersecurity metrics matter most to CISOs today?, 15 Effective Tips on How To Talk Less (And Listen More!), and more! One of my favorite segments! We track the top 25 public companies and provide you an update on the overall market. The Security Weekly Index has taken a beating, but so has the broader market. We'll update you on the latest funding, acquisition, and financial news. Visit https://www...
Oct 18, 2022•56 min
As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn. In the leadership and commu...
Oct 11, 2022•1 hr 5 min
In an effort to diversify the cybersecurity talent pool and improve cybersecurity literacy, CYBER.ORG created Project Access, a nationwide effort designed to expand access to cybersecurity education for blind and vision impaired students between the ages of 13-21 who are in pre-employment transition (Pre-ETS). Through the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, CYBER.ORG pioneered a series of camps this past summer...
Oct 04, 2022•1 hr 4 min
New fourth-annual research report analyzes ransomware attack patterns that occurred between August 2021 and July 2022 In the past 12 months, Barracuda researchers identified and analyzed 106 highly publicized ransomware attacks and found the dominant targets are still five key industries: education, municipalities, healthcare, infrastructure, and financial. Researchers also saw a spike in the number of service providers that have been hit with a ransomware attack. The volume of ransomware threat...
Sep 27, 2022•1 hr 1 min
In the leadership and communications section, Cybersecurity’s Too Important To Have A Dysfunctional Team, In a Crisis, Great Leaders Prioritize Listening, White House Announces Stricter Cybersecurity Guidelines and Rules, and more! Paul will discuss a risk-based approach to security that prioritizes fixing the most critical issues that will reduce risk in your organization. He'll walk through a three-step cycle that continuously monitors the threat landscape, enables quick response, and measures...
Sep 20, 2022•58 min
While applications and APIs are developed with cloud in mind, many organizations must rely on a hybrid architecture and edge computing to deliver their services given the high cost of cloud services. However, many organizations lack the right security stack to protect data and applications in these unique environments, or from threats added through reliance on open source code. With today’s attacks coming from automated threats, organizations need to implement tools to mitigate risks that impact...
Sep 14, 2022•1 hr 7 min
In this segment, BARR Advisory founder and president Brad Thies will use real-world examples to discuss how cybersecurity scorecards and KPIs can help organizations measure and manage the effectiveness of their cybersecurity programs. Thies will also reveal which metrics he sees as most valuable in evaluating cybersecurity posture and discuss how to define accountability for security within an organization. This segment is sponsored by BARR Advisory. Visit https://securityweekly.com/barradvisory...
Aug 30, 2022•1 hr 3 min
In the leadership and communications section, CISO salaries balloon, likely spurred by demand, 4 Steps to Being an Authentic Leader, Keeping Your Team Motivated When the Company Is Struggling, and more! In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we n...
Aug 23, 2022•1 hr 6 min
