7-25-19 - When Best Practices Go Bad NOT DONE

When Best Practices Go Bad

July 25, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

When Best Practices Go Bad

Defense in Depth: When Best Practices Go Bad

 On this episode of Defense in Depth:

Co-host Allan Alford and our guest Yaron Levi, CISO, Blue Cross and Blue Shield of Kansas City, discuss:

  • The response of "This is how we've always done it", is not a reason to continue a "best" practice.

  • One of the most universally bad "best" practices is counting the number of people who fall for a phishing test. Both Allan and Yaron told stories of phishing test reports that could swing wildly based on the type of email sent.

  • CISOs argue that a better metric to track is the number of people who report the phishing email.

  • Let employees know that you're going to test them. If you don't it can be seen as a means to discipline them, which you're not.

  • Cybersecurity best practices don't stand the test of time. If a best practice seems off, challenge it by simply asking, "Why?"

  • Awareness training should be measured by testing afterwards, not by the number of people who actually took it.

Special thanks to this week's Defense in Depth podcast sponsor, Endgame.

Endgame

Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit 

.

Will Gregorian, CISO, Addepar on MFA

BsidesLV, Black Hat, Defcon, Oh my!

This month I'll be attending as much of the Las Vegas cybersecurity summer camp I can. I'll be there reporting, but there's no way that I can see and hear every story. So to all my loyal listeners and contributors, keep your eyes and ears out for interesting conversations and stories. Send them my way for a potential appearance on one of our podcasts. BTW, I'll be most visible on August 7th on the trade show floor where I'll be conducting "man on the street"-style video interviews. You'll find me there with a cameraman.

Parry Aftab, founder of StopCyberBullying Global on how to manage cyber harassment

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.