Guest article By Ewen O’Brien, VP of Enterprise, EMEA at BitSight No one wants to talk about their failures, especially in the cybersecurity realm where the stakes are high. But new insight from Symantec and Goldsmiths, University of London, finds that security professionals who have lived through a cybersecurity attack or breach could be the answer to protecting your organisation against future threats.
The report reveals that just over half of the 3,000 CISOs surveyed believe that learning from failure is incredibly valuable and a vital part of improving corporate cybersecurity postures. Indeed, these professionals may very well be your company’s best line of defence in the face of a potential cyberattack.
The Value of “Cybersecurity Breach Survivors” Security professionals who have lived through an avoidable breach possess a unique mindset. They are less likely to experience burnout, are less indifferent to their work, less likely to think about quitting their job, feel less personally responsible for an incident, and are more likely to share their learning experiences. Cybersecurity breach survivors also have the first-hand experience of what works on the frontlines of security performance management and what doesn’t and are well versed in crisis management, recovery procedures, and team focus.
Furthermore, cyberattack veterans have unique perspectives on cybersecurity risk management. They understand that risk mitigation requires more than the right tools and technology. Unless an organisation takes a risk-based view of security, where all stakeholders (not just IT) understand the inherent threat of doing business in a digital world, then all the firewalls, endpoint protection, and other security measures won’t help.
Sharing Insights About Cybersecurity Breaches: The Best Defence Unfortunately, while many businesses tend to extol the virtues of openness and information-sharing, cybersecurity remains a taboo subject for many. Cyber breaches are treated like a scarlet letter, and security teams are often hesitant to share information or discuss vulnerabilities that led to breaches and lessons learned from those incidents.
That might be why security professionals who’ve “been there and done it” remain unfortunately tight-lipped about their experiences. The Symantec/Goldsmiths study shows that 54% of respondents don’t discuss breaches or attacks with their industry peers, with 36% fearing that sharing this information could impact their professional reputation and career prospects.
This new report flips that thinking on its head, and boldly asserts several best practices: that these learnings should be shared, that company boards should foster a more open learning culture for security teams, and that data breach survivors should be at the top of your company’s list of hiring priorities.
Indeed, sharing experiences is critically important, especially since everyone in the company must be involved in protecting the organisation. The cybersecurity skills shortage mandates that everyone, from the CEO on down, needs to take responsibility.
Not adhering to this policy can yield some sobering results. The average cost of a cyber breach has now reached $4.6 million per incident. But the impact extends beyond potential financial and reputational ruin. Security teams are also feeling the burn with 51% of tech executives experiencing cybersecurity burnout and stress-related illnesses as a result of cyberattacks, breaches, and outages.
Experience with Vulnerabilities Can Strengthen Security Performance Management We’re all vulnerable about our vulnerabilities. But cybersecurity professionals who have witnessed an attack first-hand should be applauded, not vilified. And they should feel confident that their experience can help their organisations be better prepared for the future. Their experiences–and the knowledge they’ve gained from those experiences–can be used to bolster security performance management and create a formidable front against potential threats.
*** This is a Security Bloggers Network syndicated blog from IT Security Expert Blog authored by SecurityExpert. Read the original post at: http://feedproxy.google.com/~r/securityexpert/~3/88E-fynPB4M/why-cybersecurity-breach-survivors-are.html
A study from Frost & Sullivan and Microsoft revealed that more than half of the organizations in the Philippines have either experienced a cybersecurity incident or are not sure if they had one as they have not performed proper actions or data breach assessment. With Filipinos’ increasingly internet-savvy population, cybersecurity and data protection must be a top priority for small to medium enterprises as much as it is for large scale businesses.
In 2017, around 99 percent of the more than 920,000 registered businesses in the Philippines are considered small and micro enterprises (SMEs). These SMEs employ less than 100 workers and have assets of P15 million or less, excluding the value of the land.
Their exponential growth over the years also calls for these small organizations to quickly adapt to digital transformation, as well as adopting cybersecurity practices that would protect their businesses along the way.
As we celebrate the National Cybersecurity Awareness Month, Microsoft shares valuable tips that would allow SMEs to recognize the dangers and risks of cyberattacks and help organizations better prepare for data breaches. Below are some of the best practices that one’s company could consider in improving its defense against cybersecurity threats:
Beware of phishing
It takes a hacker only four minutes long to get into a network and 99 days for businesses to discover that they’ve been breached. Refrain from opening suggested links or never reveal confidential information unless you are certain that the person you are talking to is genuine. Even when you know the person asking, gauge if they are entitled to sensitive information about yourself.
Beef up your password
Customize your password by making your password longer. The longer the password, the harder it is to crack. Strong and complex passwords should include a combination of letters, numbers and special characters.
It is important for all, and that includes all employees’ phones, laptops, tablets and files, to set up their accounts with the multi-factor authentication for added security. Multifactor authentication is a security system that verifies a user’s identity by requiring multiple credentials such as, code from the user’s smartphone, answering security questions, a fingerprint or facial recognition. Keep your data safe in the cloud
No one likes to lose their data. Back-up all your files to keep and transfer everything behind firewalls into the cloud. Patch everything and keep your systems up to date.
Plan for the worst
Every small business owner could put an affordable, actionable plan in place to mitigate risk to save time and money. Prevention is just as important as a response plan. Develop action plans with your staff in case something goes wrong.
Your organization should be in a continuous state of compliance. These practices should not just be tool-sets, but also a training for your company. Continue to invest in good technology solutions and hardwares. Leverage technology advancements by acquiring top-quality protection and not underestimating cyberthreats.
“It is imperative for small to medium enterprises to embrace 21st-century technology in order to survive in the competitive business landscape today,” said Microsoft Country Manager Andres Ortola. “We, at Microsoft, are committed not only to bring these organizations the right solutions but also the best cybersecurity tips and practices one should take note of when running a business.”
Investing in digital tools is one thing and applying these best practices is another. Filipino SMEs must realize the need to be aware of all potential cyberthreats and the steps to prevent them. It is never too late to safeguard their businesses accordingly and further grow the company to its full potential without any fear and doubts along the way.
Another day, another validation that Internet isolation really is the best cybersecurity protection out there.
Last week, Google released an urgent Chrome update to patch an actively exploited zero-day known as CVE-2019-13720, a memory corruption bug that uses a use-after-free vulnerability in audio that allows a threat actor to access memory after it has been freed. This allows anyone to cause a program to crash, execute arbitrary code, or even enable full remote code execution scenarios. Pretty serious stuff that should worry even the most secure enterprises.
Everyone, that is, except enterprises protected by the Menlo Cloud Security Platform powered by Internet isolation. You see, even though the exploit was only recently discovered and patched by Google, organizations that isolate web traffic in our Cloud Security Platform have always been protected, simply by our isolate-or block-approach.
But wait, isn’t Menlo’s isolated browser Chromium based? And doesn’t that mean the audio API is vulnerable in Menlo’s isolated browser as well?
Enterprises that continue to rely solely on a detect-and-respond approach to cybersecurity are pressing their luck. In the time it took Google to identify and patch the vulnerability, threat actors could have penetrated their defenses and done real damage. Why wait for exploits to be found and patched? Why not simply assume that all web content is risky and isolate it in the cloud far from your users’ devices?
Why take the risk? Especially when there’s already a solution that protects enterprises from unknown vulnerabilities—the Menlo Cloud Security Platform.
In September, former Irish rugby international Jamie Heaslip posed a question on Twitter: “Should I start a podcast?” He asked his followers to vote yes or no. Unfortunately for Heaslip, the poll was hijacked by voters with less than sincere intentions and the result was a resounding no. However, the whole exercise demonstrated one incontrovertible truth: podcasting has hit the mainstream in Ireland and anyone who is anyone has a podcast.
It wasn’t always this way. When the medium first started to take off in Ireland, the charts were still dominated by prestige podcasts like Serial or This American Life. But as more Irish listeners have incorporated podcasts into their media diets, there has been a surge in the number of home-produced podcasts.
Flick through the Apple podcast charts on any given day and you will see that Irish podcasts are among the most popular in the country. The Good Glow, The Blindboy Podcast, The 2 Johnnies Podcast, The David McWilliams Podcast, The Laughs of Your Life, and The Stand with Eamon Dunphy are regular fixtures in the top 10.
Ireland is home to a number of podcasting studios and networks. There is Headstuff Podcast Network, Tall Tales, The Warren, Castaway Media, and Collaborative Studios, to name but a few. Likewise, Irish media organisations are investing heavily in original podcast series – and with good reason. Earlier this year, a Reuters report showed that 37 per cent of Irish people had listened to a podcast in the last month, suggesting that podcasts are stealing a march on traditional media.
Ireland’s newfound love affair with podcasts comes as no surprise to Alan Bennett, founder of the Headstuff Podcast Network. “If you look at it in hindsight, it seems like it was always going to be big here,” says Bennett. “People always talk about the whole storytelling thing and how Irish people love to talk. We’re always fairly high up on the radio listenership. It was always going to happen here.”
Bennett founded the Headstuff Podcast Network in 2014. It has since grown to be one of the largest networks in the country with about 20 active podcasts on its slate, including The Alison Spittle Show and Motherfoclóir. When I speak to him, Bennett and his team are in the midst of opening a new intimate live venue for podcast recordings. That such a venue is needed speaks to the ever growing popularity of podcasts.
A few years ago, Bennett came up with the idea of the Dublin Podcast Festival, a showcase for the best in both Irish and international podcasts. Not only did he want to curate an event for fellow podcast fans, but he wanted to increase awareness of the form.
“Part of my idea with starting the festival was to have the word ‘podcast’ all over the city and to have people who didn’t know what a podcast was see the word and ask what it was,” he recalls. “It was partially educational and to get the idea out there.”
He joined forces with Aiken Promotions and brought over the creators of mega podcasts like S-Town, Welcome to Night Vale, and My Dad Wrote a Porno for live recordings and interviews. The festival was a success and is now heading into its third year. In that short space of time, it has become a far easier sell. “There’s much less, ‘What’s a podcast?’ or ‘How would you do a podcast festival?’” says Bennett.
Among the guests at this year’s festival is Jarlath Regan. The comedian is the host of An Irishman Abroad, the long-running series in which he interviews a well-known Irish person about their life, career, and everything in between. Previous guests have included Dara Ó Briain, Brian O’Driscoll and Sharon Horgan.
An Irishman Abroad has been on the go since 2013, meaning Regan was ahead of the curve when it came to embracing the medium. “It wasn’t as barren as people like to think it was when I started out but it was dominated by the national broadcasters,” he recalls. “Like so many things, the barriers and cost of entry into the field dropped and suddenly those of us that were looking for a platform grabbed this one.”
Six years on and he says that Irish listeners are still getting to grips with podcasting.
“The Irish podcast producing community is still growing in tandem with the audience,” he says. “As more people realise that on-demand listening is as easy to consume as on-demand TV, the listenership grows. From what I can see, that’s allowing the variety of podcasts to expand and trust of the listeners to be built. People will take a chance now that they know an indie Irish podcast can be better than a Guardian or NPR production.”
Podcasts offer more flexibility and creative freedom than traditional radio. There are no ads, no time slots, and no broadcasting regulations to contend with, meaning a podcast can take the form of a meandering stream of consciousness or a longform, in-depth interview. “Podcasting… gives the listener the deep, deep dive or niche content that a channel can’t gamble on,” says Regan.
Fionnuala Jones is a freelance writer and podcaster. Along with Bríd Browne, she is the co-host of Bandwagons, a podcast in which they break down everything from the Wagatha Christie debacle to Lizzo’s breakout year. “We wanted to talk about the things that other people were talking about,” she explains. “That’s our tagline.”
Jones says the recent explosion in Irish podcasting can be partially attributed to a general fatigue with Irish media.
“I know a common complaint about the Irish media landscape is that it’s the same five people being asked to contribute to a panel or helm a show,” says Jones. “I think people are just a bit tired of it. People are creating their own spaces of content where they can share their own voice or else they’re actively seeking out other people’s voices.”
This point of view is particularly prevalent among younger Irish audiences, she says. They are craving content and voices that Irish media simply isn’t offering. And so they’re moving the proverbial dial.
“I think for a lot of people my age and for my generation, there was huge dissatisfaction with how certain figures were being platformed who maybe had discriminatory views and seemed to be constantly getting airtime,” she says. “For them, I think it was a case of, ‘I still want to consume media and enjoy media but what is popular and what is mainstream isn’t speaking to me and doesn’t align with my views’. So they went and got it elsewhere or they made it elsewhere.
“I don’t want to say that all young people aren’t listening to radio but I don’t think it’s their first port of call when it comes to news or pop culture,” she adds. “I think they are more likely to turn to the internet or a podcast.”
Between podcast newsletters, podcast festivals and podcast tents at Electric Picnic, it’s safe to say that we are not going to witness a slowdown in growth anytime soon. For would-be podcasters, what is the key to getting it right and ensuring a long lifespan?
“Every podcast is different but for me the key to longevity has been consistency, taking risks and trying to raise the bar week to week,” says Jarlath Regan. “The Irishman Abroad and all our podcast series tries not to shy away from difficult topics and people. We try to improve the quality of the episodes with every release and never let the listeners down – both in terms of content and just simply always releasing an episode on time.
“We haven’t missed a single week in six years. People have very inconsistent lives and being something they can rely upon counts for something.”
Dublin Podcast Festival highlights
A Gay and a Non-Gay: November 10th, The Sugar Club
Fronted by pals James Barr and Dan Hudson, A Gay and a Non-Gay is the UK’s number one LGBTQ+ podcast. Hailed by the Radio Times as “the most fundamentally kind and funny podcast in Britain”, their live show promises to be a balm for the soul.
Words To That Effect + Shedunnit: November 15th, Podcast Studios
Hosted by Caroline Crampton, Shedunnit explores the mysteries behind classic detective stories. Words To That Effect, meanwhile, sees Conor Reid examine the intersection between fiction and popular culture. The two podcasts join forces for a live show at this year’s festival. A must-see for bookworms.
Motherfocloir + The Irish Passport: November 17th, The Button Factory
Two podcasts that explore the essentials of Irish culture. Motherfocloir delves deep into the Irish language while The Irish Passport presents Irish current affairs and history for an international audience. A double header not to be missed.
The Dollop: November 21st, Liberty Hall
The Dollop is one of America’s leading comedy podcasts. The premise is simple: each episode is centred around an obscure or peculiar event in US history. Comedian Dave Anthony relates the details to his co-host Gareth Reynolds and hilarity ensues.
My Favourite Murder: November 24th, 25th, Bord Gais Energy Theatre
The uber-popular true crime comedy podcast is in Dublin for two shows featuring comedians Karen Kilgariff and Georgia Hardstark discuss – what else? – some of their favourite murders. Murderinos assemble!