Improve Your Leadership, Rekindling Community, and Cybersecurity Spending Strategies – BSW #275

Here they are. #1. “Whatever you are doing, do it like you mean it.” #2. “Write a letter and get that mustard!” #3. “Eat spaghetti with a fork.” #4. “Guuuuuuiiiiiiide!” #5. “Get out of your people’s way.” #6. “In 90 years I’ve only met two people that truly couldn’t wait to go to work every day.” #7. “Thank you for being nice to me 27 years ago.”

Here are four critical areas every chief information security officer (CISO) should invest in now to help set their team up for success: 1. Security Staff Training 2. Providing Visibility 3. Keeping up-to-Date With Security Technology 4. Prioritizing Remediation Effectively

Moving forward, all standalone cyberattack policies falling within risk codes “CY” and “CZ” must include a suitable clause excluding liability for losses arising from any state-backed cyberattack in accordance with the requirements set out below, Lloyd’s stated. At a minimum, the state-backed cyberattack exclusion must: - Exclude losses arising from a war (whether declared or not), where the policy does not have a separate war exclusion. - (Subject to 3) exclude losses arising from state-backed cyberattacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state. - Be clear as to whether cover excludes computer systems that are located outside any state which is affected in the manner outlined in 2(a) and (b) above, by the state-backed cyberattack. - Set out a robust basis by which the parties agree on how any state-backed cyberattack will be attributed to one or more states. - Ensure all key terms are clearly defined.

During the pandemic, many of us became more isolated than before. Community, which the authors define as a group of individuals who share a mutual concern for one another’s welfare, has proven challenging to cultivate, especially for those working virtually. To learn more, they conducted a survey with the Conference of Women in which they asked nearly 1,500 participants about their sense of community at work before and since the pandemic and found it has declined 37%. When people had a sense of community at work, they found that they were 58% more likely to thrive at work, 55% more engaged, and 66% more likely to stay with their organization. They experienced significantly less stress and were far more likely to thrive outside of work, too. People can create community in many ways, and preferences may differ depending on their backgrounds and interests. The authors present several ways companies have successfully built a sense of community at work that leaders can consider emulating at their own organizations.

When most companies developed their cyber program, there was a strong emphasis on tools that could help the security team manage its environment. During economic uncertainty, it is a good time to review those tools and apply a total cost of ownership model by considering the following questions: - What was the initial cost of the tool? - What was the cost to install or implement the tool in your environment? - What is the operating cost of the tool? - What are the maintenance costs of the tool? - Is the tool meeting expectations and mitigating the appropriate risk?

Security spending is not expected to slow much next year as organizations look to improve cloud defenses, rely more on MSSPs.