Business Security Weekly (Video) – Details, episodes & analysis

What's the biggest attack vector for breaches besides all of the human related ones (i.e., social engineering, phishing, compromised credentials, etc.)? You might think vulnerabilities, but it's actually misconfiguration. The top breach attack vectors are stolen or compromised credentials, phishing, and misconfigurations, which often work together. So why is it so hard to properly configure your systems?

Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss Defense Against Configurations and how ThreatLocker can automatically identify misconfigurations and map them to your environment's compliance and security requirements. Rob will discuss how ThreatLocker Defense Against Configurations dashboard can:

• Identify misconfigurations before they become exploited vulnerabilities
• Monitor configuration compliance with major frameworks

• Receive clear, actionable remediation guidance

  and more!

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In the leadership and communications segment, Cybersecurity management for boards: Metrics that matter, The Emotional Architecture of Leadership: Why Energy, Not Strategy, Builds Great Teams, Your Transformation Can't Succeed Without a Talent Strategy, and more!

Show Notes: https://securityweekly.com/bsw-420

Organizations that successfully earn and keep the trust of their customers, employees, and partners experience better business outcomes, more engagement, and competitive differentiation. But what does that trust look like and who's responsible for building and maintaining that trust?

Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to discuss the emergence of the Chief Trust Officer. For organizations that refuse to leave trust to chance, chief trust officers have emerged as the role responsible for shaping their firm's destiny. Jeff will explain why the role has emerged and details its responsibilities, organizational structures, and measures for success.

In the leadership and communications segment, Why must CISOs slay a cyber dragon to earn business respect?, Simon Sinek says the most successful people in the world 'hit zero' or came close to it: Failure is 'the gift', The Remote Leadership Paradox: Why Your Team Feels Micromanaged AND Abandoned (And How to Fix It), and more!

Show Notes: https://securityweekly.com/bsw-419

Securing top-tier cybersecurity leadership is not just a necessity but a significant challenge, especially when working within budget constraints. Should you hire a full-time CISO or outsource to a vCISO provider?

Brian Haugli, CEO at SideChannel, joins BSW to discuss how organizations can hire a Virtual CISO (vCISO) to benefit from their expertise without the costs and resource requirements of a full-time hire. Brian will share:

• Current vCISO trends
• What to look for in vCISO services
• Who fits/doesn't fit as a vCISO

vCISOs can be an effective solution for organizations that need to enhance their security program or respond to a breach, but know what to look for. If you're in the market for vCISO services or want to become a vCISO, don't miss this interview.

In the leadership and communications segment, Boards should bear ultimate responsibility for cybersecurity, From WannaCry to AI: How CISOs Became Strategic Leaders, The Best Leaders Edit What They Say Before They Say It, and more!

Show Notes: https://securityweekly.com/bsw-410

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022.

As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.

Show Notes: https://securityweekly.com/vault-bsw-12

In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies:

• CSOs/CISOs for their focus on security
• CTOs for their focus on innovation
• CIOs for their focus on operational efficiency

Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results.

Segment Resources: 

www.okta.com/resources/whitepaper-ai-at-work-report/

www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

Show Notes: https://securityweekly.com/bsw-354

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy.

This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!

Show Notes: https://securityweekly.com/bsw-354

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022.

Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren't even security products — are saying they enable Zero Trust. The problem is this: you can't buy zero trust. It's an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.

Show Notes: https://securityweekly.com/vault-bsw-11

The recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this interview, Deep Instinct CIO Carl Froggett will explain why Deep Learning is the most superior form of AI, and the technology's role in powering predictive prevention.

This segment is sponsored by Deep Instinct. Visit https://securityweekly.com/deepinstinctrsac to learn more about them!

Attackers are targeting enterprise users when they are online via attacks like spear phishing, malicious docs infected with malware/ransomware.

Today SASE/SSE's Secure Web Gateway (SWG) component is touted as the solution to this problem. These SWGs look at traffic between the enterprise users and websites and try to infer attacks.

Unfortunately, attackers are subverting these SWGs and breaking into enterprises. There is an urgent need to stop this and the solution seems to be to have a browser native security agent which can detect-mitigate attacks happening on the users browser and allow enterprises to threat hunt web attacks company wide.

Segment Resources: Why Browser Native Solutions are better than Cloud Based Proxies: https://drive.google.com/file/d/1cItXj1KEm45ZNklASFmcvprbPqZChcMn/view?usp=sharing

Data Sheet: https://drive.google.com/file/d/1tv3q2iTFROJPceq2b9SJtzkdHD9J6mvC/view?usp=sharing

Blog on the Many Failures of Secure Web Gateways: https://labs.sqrx.com/the-unspoken-challenges-of-secure-web-gateways-c516bc287a6d

Latest Press Release: Forbes: Critical Security Flaws Found In Email Top 4—Apple, Gmail, Outlook & Yahoo: https://www.forbes.com/sites/daveywinder/2024/04/04/critical-security-flaw-in-apple-icloud-google-gmail-microsoft-outlook-yahoo-mail-aol-mail-email/

This segment is sponsored by Square X. Visit https://securityweekly.com/squarexrsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-353

Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including:

• Artificial Intelligence(AI)
• Continuous Threat Exposure Management(CTEM)
• Identity & Access Management (IAM)
• Cyber Risk

Padraic will also discuss the changing role of the CISO, at least in the eyes of Gartner. Don't miss this recap.

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

Show Notes: https://securityweekly.com/bsw-353

Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company's most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization's infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners.

Segment Resources:

Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/

Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!

With new industry regulations, like the SEC's Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals.

Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management

https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f

This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them!

Show Notes: https://securityweekly.com/bsw-352