Many companies grapple with integrating cybersecurity awareness into the organizational culture. After many years as a CISO and cybersecurity consultant, I believe the answer to this perennial problem is to encourage the organization to “own” security. The first step towards this goal is to establish a cybersecurity council composed of representatives from various business units. Some organizations already have…
Companies need to embed cybersecurity into the DNA of their organizations to combat potentially disastrous cyber threats by state actors and individuals. This is the message that Richard Clarke, former National Coordinator for Security, Infrastructure Protection and Counter-Terrorism for the United States, gave cybersecurity executives at CISOs Connect San Diego 2019. Clarke told CISOs attending the conference about the chilling…
A Vulnerability Management Program is made up of a complex matrix of policies, processes and tools that enable security professionals to turn a detective control into an ongoing risk-management operation. Effective risk management is a function of the organization’s ability to manage vulnerabilities. That makes managing vulnerabilities a particularly crucial part of the CISO role.…
Passwords as a means of authentication have been around for a long time. Their existence is based on the fundamental premise that it is only the consumer or user who has the secret. And in these past 60 years, passwords have served us well. But the premise is becoming less and less true. These days,…
Here is a fun exercise if you are bored. Go into any grocery or superstore. If you prefer online shopping, log onto your favorite retailer and find/pick any one category of products. Next, count how many brands there are in that one category. Then, count how many different options or different stock keeping units…
Do CEOs and Boards have any idea what the company’s cybersecurity status is? Cybersecurity and privacy compliance should be a top priority of the Board of Directors and senior management of any publicly traded company, right? Not so fast, kemo sabe. The problem is, everyone thinks that their problems, their issues, their topics should be…
Chief Information Security Officers (CISOs) Laud Baffle for Innovation and Twist & Shout for Ease of Use San Francisco, CA – Security Current announced that CISOs selected advanced data protection firm Baffle and entertaining security awareness training campaign company Twist & Shout as the Security Shark Tank® winners held during the RSA Conference. At the…
It’s no secret that all it takes is the weakest human link to compromise a company’s cybersecurity. To mitigate this risk, companies need to understand their employees’ habits and behaviors; they need to be aware of their people’s self-control levels when implementing security programs. In a study of 6,000 participants in the Netherlands, a team…
I’m sometimes asked if I ever experienced difficulties being a woman in the male-dominated cybersecurity field. My answer: “I could write a book on it!” I remember very clearly an incident that took place in a former role when, as a cybersecurity professional, I had to deliver a presentation to a group of men at…
To better train and prepare their company’s employees for cyber attacks, CISOs need to put themselves in the attackers’ shoes to anticipate their motives, means and actions. In a KnowBe4 webinar last week, hacker turned pentesting professional Kevin Mitnick talked about real-life cases of human vulnerability that threat actors could exploit for their benefit and…
