Last week, I joined Ryan Naraine, Chief Marketing Officer at Bishop Fox. Ryan has worked as an award-winning security journalist and has been featured in a variety of well-respected security publications, such as eWeek, PC Magazine, ZDNet, SecurityWeek, and ThreatPost.
We discussed a number of current security issues, from bug bounty programs to user awareness training. All of which are ongoing headaches for security admins. Here’s the podcast – it’s worth a listen:
Or, looking for a snippet or two from the conversation? Here’s a preview of some of these burning issues in cybersecurity:
On Bug Bounties:
This is a key debate in the industry right now, and there are certainly some risks that come with even the best bug bounty programs. On one hand, you’ve opened yourself up to some external risk and brought more attention to yourself. On the other, you’ve got to be prepared if you’re welcoming this program and be ready to address them.
On Awareness Training:
This might be controversial, but If you look at the studies that have been done, it’s just not effective. Hackers target the human element by targeting them at times they believe they are the most busy. I’ve seen emails targeted at sales teams at the end of quarter because they know they’re busy and if they get a PDF labeled, “deal closed” or “need your signature”, more times than not, they’ll likely open the file. You have to create a culture where security is top of mind for all employees and it needs to start with the leadership. It can’t just be lip service.
On the Role of Leadership:
You have to take a risk based approach and ask yourself, “what are my business applications, or what are the applications are my employees using outside of ITs control that contain sensitive data, or any kind of regulated data?” and figure out how to shut them down and control where the data is being used. Protecting the devices isn’t good enough anymore, it’s time we start protecting the data. Once you know where and how your data is being used, you can start putting policies in place to help mitigate risks.
To hear the full sit down with Tom and Ryan, click above, or visit the soundcloud link below: https://soundcloud.com/securityconversations/episode-10-tom-conklin