What Can the Cyber Haves Do for the Cyber Have Nots?
Check out?this post ?for the discussion that is the basis of our conversation on this week’s episode co-hosted by me,? David Spark , producer of? CISO Series , and? Geoff Belknap , CISO,? LinkedIn . We welcome our sponsored guest, Jason Kikta , CISO, Automox . Please pipe up with your thoughts on this discussion of how to deal with those organizations that are below the security poverty line (tip of the hat to Wendy Nather for coining the term), and why it’s so critical for everyone’s security that we do something.
Use your influence and leadership to make a change for smaller organizations and for everyone. The haves vs. have nots usually are cases of those who know security and those who don’t. Some organizations are trying, but working on the wrong things, wasting already tight budgets, noted Casey Cammilleri of Sprocket Security . They need guidance on priorities. For example, Jason Ozin of PIB Group suggested helping businesses turn on two-factor authentication. They may not realize it’s free or they’re scared to use it. Lastly, Andy Steingruebl , CSO of Pinterest , said, "For those with more influence, resources, and clout - use it to make sure that widely used tools, services, etc. are more secure by default and that those things that aren't default are easy to turn on and don't need experts.”
Push vendors to provide solutions to less valuable customers that don’t deliver the same profit margins. Some vendors have become very successful only selling to larger organizations that can afford to always buy a minimum number of seats, noted Duane Gran of Converge Technology Solutions Corp. . Gran suggests pushing back a little on these vendors requiring them to have a certain number of exceptions each year to sell to smaller accounts. Some vendors, such as GitGuardian , offer a free tier of their solution. As ???? Guillaume Charpiat ???? noted, "Giving [our dev tool on a free tier] to upcoming innovative companies is actually in our best interest. It allows them to show they have some security controls in place when they try to sell their own solutions to their target customers, which allows them to grow so that in the end they can finally afford to pay for our solutions. Win-Win."
Push back against bad security. We have so many ways to fight bad security behavior, and Haroon Meer of Thinkst Applied Research has been fighting this cause by exposing poor marketing by security companies. The most notorious bad security practice by vendors is charging customers to deploy single sign-on (SSO). TC Niedzialkowski , CISO, Nextdoor pointed to the SSO.tax wall of shame as exposing companies charging for what should be free by default. And Harrison Yager of Yagershots would like to see some type of visible third-party score, kind of like restaurants get a food safety score. That way people can vote with their wallets as to whether they want to give their money to a business that doesn’t protect their security and privacy.
Volunteer to help cyber underprivileged businesses. Jessica B. of Blue Cross & Blue Shield of Rhode Island would volunteer when she was attending a trade school. “This not only helps those below poverty security line but gives actual experiences to those who need it to be employable," she said. Also, be public about how you’re helping. Jorge G. Lopez of Peloton Interactive suggested an ‘adopt a highway’ for cybersecurity. It may entice others to get involved and it could help your brand image.
You can listen to this week’s episode here or over on our blog where you can read the full transcript. If you aren’t already subscribed to Defense in Depth on your favorite podcast app, please go ahead and do that right now.?
HUGE thanks to our sponsor, Automox
Cyber Security Headlines - Week in Review
Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter? Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Our guest will be Kathleen M. , CISO, Cancer Treatment Centers of America (acquired by City of Hope) .
Thanks to our Cyber Security Headlines sponsor, SafeBase
Join us tomorrow for "Hacking Cloud Forensics"
It's happening tomorrow (Friday, January 27th, 2023), our weekly Super Cyber Friday. Guaranteed fun as we discuss “Hacking Cloud Forensics: An hour of critical thinking about conducting incident response in complex and transient data environments.” Joining me in this discussion will be James Campbell , CEO/co-founder, Cado Security and J.R. Tietsort , CISO, Aura .
REGISTER here .
领英推荐
Huge thanks to our Super Cyber Friday sponsor, Cado Security
Jump in on these conversations
"Do Threat Actors know when they are being hunted? (Enterprise)"?(More here )
"Do you think websites like Hack the Box and TryHackMe are good ways to learn cybersecurity topics?"?(More here )
"Who is responsible for resolving vulnerabilities"?(More here )
Coming up in the weeks ahead on Super Cyber Friday we have:
[01-27-23] Hacking Cloud Forensics
[02-03-23] Hacking People and Process
[02-10-23] Hacking Your Security Program?
[02-17-23] NO SHOW
[02-24-23] Hacking Vulnerability Remediation
Save your spot and register for them all now!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com .
Interested in sponsorship,?contact me,? David Spark .
Communications Professional | Expert in Marketing, Writing & Content Creation | Passionate About Driving Engagement and Brand Growth for SaaS and Tech companies
1 年We wish more companies would share their expertise with others too. Thanks for raising this issue David Spark! As part of our Pledge 1% commitment at Ostendio, we offer our integrated risk management platform either free or at a reduced rate, for non-profit organizations.
Global Executive ? Security Advisor ? Founder ? Board Member ? CISO & CIO
1 年Love the "security poverty line" David.