12-17-20 - Join us tomorrow for "Hacking the Crown Jewels"

View this email in your browser

TOMORROW! Last Video Chat of 2020 Friday [12-18-20] We're "Hacking the Crown Jewels"

Please join us tomorrow, Friday, December 18th, 2020 at 10 AM PT/1 PM ET for our LAST VIDEO CHAT of 2020: “Hacking the Crown Jewels: An hour of understanding what data you have, what's REALLY important, where it resides, and who's accessing it and when”.I'll be leading this discussion with Kate Kuehn, svp, vArmour and Ramy Houssaini, chief cyber and technology risk officer and group privacy officer, BNP ParibasREGISTER

STICK AROUND FOR THE CYBERSECURITY SPEED DATING!

Immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to our meetup where we'll match everyone who shows up with another cybersecurity professional. And we'll do it five times in less than 30 minutes.

Thanks to our sponsors vArmour and OKERA

This week's episode of Defense in Depth

Inherently Vulnerable By Design

This week's episode

is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5. All three of us discussed:

• The mere act of conducting business requires you to have certain procedures that would make you vulnerable. Simple things like taking customer information to create user accounts and processing credit cards. That's inherent to doing business, and by opening that up, it makes you vulnerable.

• A lot of this inherent vulnerability comes down to having users or customers and needing to authenticate them.

• When you start a business you're also accepting the inherent vulnerability and you have to ask yourself to what level can the business function having that vulnerability abused? It's all about risk appetite.

• Two factor authentication sure is nice, but there has to be multiple "behind the scenes" authentications going on to verify identity continuously.

• As you're collecting all these additional data points you can use that information to ask the user to verify.

• Provide discounts to customers and users for good security practices. Insurance companies do this with people who prove safe driving practices. It could be a win-win for everybody. For example, with Mailchimp, they give you a discount if you enable 2FA. Why not offer a discount for a really long and complicated password?

• One of the major issues is the password reset process happens through email. Email wasn't designed for critical authentication. Many hacks happen through the reset process via email.

Special thanks to this week's podcast sponsor, F5.

External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.

Cyber Security Headlines

This week's sponsor of

Cyber Security Headlines

is ReversingLabs.

Best Moments from "Hacking SaaS Security"

Here's a six minute highlights video of last week's CISO Series Video Chat: “Hacking SaaS Security: An hour of critical thinking on on cloud application policy, monitoring, detection, and response”.

Joining me in this discussion were Elena Kvochko, chief trust officer, SAP and Ben Johnson, co-founder and CTO, Obsidian.Check out the blog post to watch the video, read the "Best Bad Ideas" and the best quotes from the chat room, and to get access to the full one-hour recording.

Huge thanks to our sponsor, Obsidian.

Subscribe to all our podcasts

Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!