The New CISO Podcast Episode 65: Cybersecurity Trends and Practices
Podcast Transcript | Air Date October 8, 2021
Listen to the Podcast | Read the Blog Post
Who are Chuck and Sean? (2:23)
Chuck and Sean explain their current roles at Paccar and BEC U respectively, as well as the backgrounds that led them there.
Political Influence (4:32)
Steve, Chuck, and Sean touch on the increasing presence of politics in cybersecurity. Sean weighs in on how relationships to law enforcement are altering, as well as how perceptions on cybersecurity have evolved and changed.
The Perception of the Hacker (9:57)
As the government becomes more involved, the blame on organizations for being attacked has now shifted to the attacker, rightfully so. No longer are hackers a kid in basement; hackers are real and dangerous threats that need to be stopped. This greater understanding of cyber warfare has better informed the public and organizations of what could truly happen.
Investment and Involvement (14:22)
With this increasing awareness of cybercrimes, boards and executes are more willing to invest in CISOs and their teams. It’s better to invest in preventative tools than to pay a bigger price after an attack. Steve, Chuck, and Sean also discuss what changes when the FBI gets involved and when organizations have to wait to fix problems.
Tabletops (21:30)
When simulating a breech, Chuck and Sean urge any leaders to really mimic the chaos that would naturally happen at that time. Be sure to include executives in this simulation, so they can gain practice and understanding of what will be a stressful situation in the future. In doing so, you’ll also be able to identify who is making what decisions before an event occurs.
Cyber Insurance (24:20)
Cyber insurance is becoming more common. CISOs need to educate themselves on policies and the language of cyber insurance. This brings up other questions such as, should individuals have coverage? Should CISOs and board members? Additionally, insurance forces companies and leadership to define what an incident and breech are. This helps in determining what to report externally.
A Third Party (34:43)
With a third party involved, like vendors, your risk level increases. From there, you need to assess how important that third party is and the level of risk with which you’re comfortable. It is part of the CISO’s job to help navigate those relationships and dynamics, and to make sure the organization is still protected.
The New CISO (45:27)
Before wrapping up, Sean touches on the importance of connecting and having conversations with other CISOs. If listeners have any questions, they can contact him via LinkedIn.
Links mentioned: