Why Don’t Cybercriminals Attack When It’s Convenient for Me?

Hey cybercrooks, I’ve got a really great weekend planned, so could you do us all a favor and cool it this Friday and just let all of us enjoy the weekend?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Margarita Rivera, vp of information security, LMC.

Thanks to our sponsor, Netskope

The Netskope security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

Got feedback? Join the conversation on LinkedIn.

On this week’s episode

Is this the best solution?

Geoff Belknap, CISO, LinkedIn asks, “If you could only buy one off the shelf security tool / product. What would it be and why?”

Here’s some surprising research

We’ve discussed a lot of how COVID is changing security. Well Eli Migdal, CEO of Boardish sent me some interesting research his company conducted regarding the last six months since the start of COVID. According to Boardish’s report the top three threats now are:

Immobility (not being able to work remotely)
Accidental Sharing

And the top 3 solutions now are:

User Awareness training
Remote conferencing
IAM (identity access management) Solutions

Does this track with your current threats and solutions?

What’s Worse?!

Two guaranteed bad things will happen. But one will cost far more damage. Which one?

Pay attention. It’s security awareness training time.

Jackson Muhirwe, deputy CISO at UC Davis said his cyber team “Are now extra vigilant on Fridays or call it the new Monday for cyber folks.” The reason for this increased awareness is the number of cyber incidents that happen on a Friday or just before a holiday seems to go up. Past cyber incidents seem to show that pattern said Muhirwe who believes that malicious hackers know that users have their guard down at these times and it’s the easiest time to attack.

Are our CISOs of similar thinking and if so how do they prepare/warn/keep staff vigilant? What can be done on top of your existing protections if your staff lets its guard down?

What’s the best way to handle this?

On LinkedIn, Caitlin Oriel, wrote a very emotional post about her being unemployed for six months and how the non-stop stream of rejection has become overwhelming. The community response was equally overwhelming with nearly 80,000 reactions and 7,500 comments. Caitlin works in tech, not cyber, but the post was universal. The feelings she expressed about being rejected continuously and ghosted by companies left her sobbing in her car. All of this rejection made her question if she’s doing the right thing and where she belongs. I have been in this position myself, as have my friends and family. I wish I knew the right things to say to someone or how to keep them moving. What are positive ways to combat ongoing rejection and get a sense you’re still heading in the right direction?

David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.