Repeatedly returning to and questioning existing procedures allows organizations to be agile in the face of unexpected change. Yes, the threat landscape is constantly evolving, yet no singular event will force security teams to make drastic changes to their existing policies, procedures and strategies. However, some global, large-scale events could mandate abrupt changes. That’s why we continue to ask our RSA Conference 2020 speakers what they would do differently if they delivered their presentations today. With good reason, some would not change a thing. Others would shift emphasis from one point to another. Take a look at this week’s Top 5 RSA Conference Resources to see if you find a nugget of wisdom that you could use right now.
“During the lockdown, we saw an increase in people making online purchases and ordering take-away food because they could no longer go to the stores like they used to,” said Candid Wüest, VP of Cyber Protection Research at Acronis. “Unfortunately, this has led to an increase in fake shops, and stores infected with formjacking, as cybercriminals want to profit from this new online behavior. Therefore, it is more important than ever for online shop owners to check their websites for possible compromises with formjacking. Users, on the other hand, should as always remain vigilant when entering details into web forms, in order to stay cyber-fit during the pandemic.”
“Our current health crisis and the results of its impact have further cemented my main points during my talk,” said Deidre Diamond, Founder and CEO of CyberSN and Secure Diversity. “ ‘A talent retention strategy is your hiring strategy’ has shown to be a valuable strategy in these times. Organizations that have a plan for their security professionals to grow and develop are not losing their talent, and now more than ever, talent is being recruited. Attacks are at an all-time high and many organizations are urgently hiring for cyber professionals during these times. Those organizations who weren't taking care of their people are losing them faster than before.”
These experts from Good Harbor and Aflac talked about the benefits of taking a public-private approach to addressing cyberthreats, a topic Tim Callahan, SVP and Global Chief Security Officer at Aflac, said is “germane to any situation, how the government and private industry cooperate. Not sure I would change it.”
“We discussed a framework for thinking about DevSecOps—the MEASURE framework—and it helps find a new way for DevOps and security to join together. There is one key element that seems even more relevant in today's environment. It is the ‘E’ in MEASURE, which stands for our commitment to learning through experimentation in complex socio-technical systems, where we face unpredictable threats, which we can all relate with today,” said James Wickett, Senior Security Engineer at Verica. “In the just-released book, Chaos Engineering, there is a very informative approach to doing experimentation at scale, it is Continuous Verification (CV). This is an evolution from continuous integration and continuous delivery (CI/CD) practices. By applying CV practices, we learn how our systems handle adversity through experimentation and are able to respond to threats, external and internal, with confidence.”
5. Making the Leap: Transforming from Techie to Security Leader
“If I was looking to move to a leadership role, I would be taking this time to demonstrate those leadership skills and get involved in leading solutions for issues users are having at home working remotely during the pandemic. I would also be volunteering for efforts on how to return to (work for) the new normal,” said Todd Fitzgerald, CISO and Cybersecurity Leadership Author at CISO SPOTLIGHT, LLC.