View this email in your browser

CISO Series Podcast
Incident Response Is So Important We Might Try Getting Good At It

If incident response’s mission statement is so clear, why do so many companies struggle when delivering on it? Often the fault lies with communications. The business and its divisions are not aligned with their cybersecurity capabilities, and no one is following the playbook. Or, it’s possible it was never tested. Or worse, there is no playbook.

This week’s episode is hosted by me, David Spark, producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest Amir Khayat, CEO and co-founder, Vorlon Security.

The evolving challenges of incident response

Why do established companies still struggle with incident response? Recent high profile examples found both Block and Zacks Investment delaying breach notification disclosures, noted Neil Weinberg in CSO Online. While transparency and swift remediation define the quality of incident response, organizations need to account for a rapidly evolving threat landscape. The definition of a good response has shifted dramatically over the years, raising expectations. Effective incident response today requires understanding complex IT environments, maintaining constant vigilance, and adapting to new threats. But the key to all of this is transparency—not just within the technical infrastructure but also in communicating with customers.

Repetition isn’t always the mother of automation

What can be automated in cybersecurity? Automation isn’t new, but as a recent post in the cybersecurity subreddit pointed out, there isn’t consensus on what can be automated. Answers varied from database creation to password auditing and ticket creation. While repetitive tasks like phishing email analysis can be automated to save time, complete automation of attack identification and remediation is risky. Automation should not just aim for efficiency but effectiveness in stopping attacks. The human element remains crucial, with automation helping to streamline the decision-making processes..

Third-party APIs, first-party risk

The continuing waves of third-party breaches shines a bright light on the importance of third-party API security. The industry has long acknowledged the problem but lacks the necessary people, processes, and technology to address it effectively. Companies need to be able to see and control what third-party applications access their data, understand real-time API usage, and proactively respond to threats. We’ve been addressing API security for a while and while its usage increases dramatically, that doesn’t mean the problem grows at that rate. You can still manage a higher influx as managing APIs is very programmatic. You just have to do it.

You know what they say when you assume something…

Why aren’t security assumptions rigorously tested? This misalignment creates a situation where organizations think they are far more secure than they actually are. The recent Solarwinds supply chain attack came from a assumption about trust verification that was no long valid, argued Maurice Uenuma in Dark Reading. Testing assumptions must become the standard  mindset for security professionals as part of the foundational model of a proper security program. Success requires automation and be brilliant at the basics. We harp on it, but it often comes down to foundational issues.

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to Aaron Kinder of Livingston International for providing our “What’s Worse” scenario.

Listen to the episode.

Thanks to our podcast sponsor, Vorlon Security

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Cybersecurity Is a Communications Problem…

"If you're talking to all my peers that are other healthcare CISOs, I think a good cyber program that is well-funded, well-staffed, has the tools they need, and a poor one, the difference is going to be how well they communicate to the business why they need what they need." - Jim Bowie, CISO, Tampa General Hospital.

Listen to full episode of "Cybersecurity Is a Communications Problem."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Dennis Pickett, vp, CISO, Westat.

Thanks to our Cyber Security Headlines sponsor, Dropzone AI

Super Cyber Fridays!
Join us NEXT Friday [08-02-24], for "Hackings CISOs"

Join us Friday, August 02, 2024, for “Hackings CISOs: An hour of questions for our CISOs.”

Let us know what you want to ask our CISOs. Whether it's career questions, organizational issues, or technical considerations, our CISOs are game to answer.

It all begins at 1 PM ET/10 AM PT on Friday, August 02, 2024 with guests Steve Zalewski, co-host, Defense in Depth and Bil Harmer, operating partner and CISO, Craft Ventures. We'll have fun conversations and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.