Business Security Weekly #228

It's one thing to cook up a great new initiative, but making it happen requires powers of persuasion, solid partnerships, and access to genuine technical insight.

A successful CISO/CFO relationship will help ensure an organization has the right resources for its risk profile. Here are some best practices for CISOs when working with the CFO in their organization: 1. Speak the CFO’s language 2. Leverage data-rich economic models to quantify risk 3. Communicate on a regular basis 4. Invest in your own financial literacy 5. Understand the budget process 6. Don’t neglect planning 7. Separate subjective and objective analysis

Today, most software products rely on thousands of prewritten packages produced by vendors or drawn from open source libraries. The most commonly used of these third-party software supply chain components are highly prized targets for cyber criminals. If attackers were to infiltrate them, they could compromise thousands or even millions of companies across industries and around the world. The good news is that firms don’t have to feel helpless; they can rely on others outside the firm to unearth vulnerabilities. Corporate leaders and IT teams can take three steps to prioritize and remediate vulnerabilities and forestall supply chain cyberattacks: 1. IT managers should rely more on automated tools to fix simple vulnerabilities 2. Businesses should conduct cost-benefit analysis for vulnerability patching 3. Procurers should demand that critical technology vendors implement “hot patching”

Follow these tips to help you compose an effective email: 1. Pay Attention to the Subject Line 2. Don’t Forget About Formatting 3. Make Your First Sentence Count 4. Keep Your Email Short 5. Your Email Should Have Only One Call to Action

The shift to remote work ended the traditional 9–5 workday: employees work in bursts, at night, between caregiving tasks, and whenever they can find time between the endless distractions of messages, calls, and emails. New research, however, shows that for many teams, this means people are quite literally working at all hours of the day, which also means that they’re almost never all working at the same time. Is this bad though? Researchers found that it depends on the task. For some tasks, being on at the same time improved productivity; for others, the distractions created by coworkers made it harder to finish the tasks, and productivity went up in what used to be considered off hours. Importantly, employees proved to be good judges of how to manage their time to be most productive. There are still lessons for managers. As a first step, write a team charter to establish norms and expectations, which should include specific times when the majority of the team is on together. That said, don’t force overlap or micromanage people. Finally, make it okay for people to be offline.

You can’t have solid cybersecurity without the right people. You’ve heard that before. Organizations need people with the right skills and they need to pay them commensurate with that skill. Yet, the skills shortage continues driven, according to one new study, by low pay.

Cybersecurity is one of the fastest-growing sectors and cybersecurity skills are in demand across verticals. Let’s learn about the top four in-demand cybersecurity skills in 2021: 1. Application development security 2. Cloud security 3. Risk management 4. Threat intelligence