All links and images for this episode can be found on CISO Series (https://cisoseries.com/why-dont-cybercriminals-attack-when-its-convenient-for-me/)
Hey cybercrooks, I've got a really great weekend planned, so could you do us all a favor and cool it this Friday and just let all of us enjoy the weekend?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Margarita Rivera, vp of information security, LMC.
Thanks to our sponsor, Netskope.
The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.
On this week’s episode
Is this the best solution?
Geoff Belknap, CISO, LinkedIn asks, "If you could only buy one off the shelf security tool / product. What would it be and why?"
Here’s some surprising research
We've discussed a lot of how COVID is changing security. Well Eli Migdal, CEO of Boardish sent me some interesting research his company conducted regarding the last six months since the start of COVID. According to Boardish's report the top three threats now are:
Immobility (not being able to work remotely) Ransomware Accidental Sharing
And the top 3 solutions now are:
User Awareness training Remote conferencing IAM (identity access management) Solutions
Does this track with your current threats and solutions?
What's Worse?!
Two guaranteed bad things will happen. But one will cost far more damage. Which one?
Pay attention. It’s security awareness training time.
Jackson Muhiwre, deputy CISO at UC Davis said his cyber team "Are now extra vigilant on Fridays or call it the new Monday for cyber folks." The reason for this increased awareness is the number of cyber incidents that happen on a Friday or just before a holiday seems to go up. Past cyber incidents seem to show that pattern said Muhiwre who believes that malicious hackers know that users have their guard down at these times and it's the easiest time to attack.
Are our CISOs of similar thinking and if so how do they prepare/warn/keep staff vigilant? What can be done on top of your existing protections if your staff lets its guard down?
What’s the best way to handle this?
On LinkedIn, Caitlin Oriel, wrote a very emotional post about her being unemployed for six months and how the non-stop stream of rejection has become overwhelming. The community response was equally overwhelming with nearly 80,000 reactions and 7,500 comments. Caitlin works in tech, not cyber, but the post was universal. The feelings she expressed about being rejected continuously and ghosted by companies left her sobbing in her car. All of this rejection made her question if she's doing the right thing and where she belongs. I have been in this position myself, as have my friends and family. I wish I knew the right things to say to someone or how to keep them moving. What are positive ways to combat ongoing rejection and get a sense you're still heading in the right direction?