In this edition of Security’s Top 5 from Security magazine, we showcase the top stories and new developments from across the security industry throughout November. This month, we take a look inside the 2023 Security Benchmark Report, fraud charges against SolarWinds Corporation CISO, top cybersecurity trends for the year, and more.
The 2023 Security Benchmark Report is an editorial initiative that collects self-reported data from enterprise security programs across the globe and a wide range of market sectors to determine trends in security roles, responsibilities, technology, training and budget.
The goal with the annual report is to provide a comparison of enterprise security programs across the security field and within market sectors. Each year we release the report, we aim to build a wider picture of how enterprise security programs change, grow and mature year-over-year. Be sure to check out the full report on our website, securitymagazine.com.
The Securities and Exchange Commission (SEC), allege that Austin, Texas-based software company SolarWinds Corporation and its Chief Information Security Officer (CISO), Timothy G. Brown, didn’t disclose known vulnerabilities which led to the historic 2020 cyberattack, and repeatedly violated antifraud disclosure and internal control provisions.
Security leaders shared their thoughts on the recent charges and the implications for the security industry. Jake Williams, former U.S. NSA hacker and faculty member at IANS Research said:
“CISOs, especially those at publicly traded companies, should take stock of their security programs and ensure that what's being communicated to the public is rooted in reality rather than spin and wishful thinking. For those in privately held organizations, the SEC is setting a new standard for security disclosures with this lawsuit.”
As another year comes to a close, cybersecurity leaders look back and share thoughts on the top trends of 2023. Topics top of mind for many in the industry are remote workforce, cyber insurance, generative AI, security awareness training and more.
Dave Gerry, CEO at Bugcrowd, discussed the security challenges facing a remote workforce saying:
“Unlike days in the office, it’s more difficult for employees to get real-time help or information around security tools and processes. Enabling employees to continue to do their jobs, while remaining secure, is a balancing act and one that the modern CISO must overcome.”
When it comes to executive protection, there are a number of skills security professionals should develop to successfully secure VIPs who work for or visit their organizations. In this Ask Me Anything episode, Will Arnell, an executive protection professional, gives an inside look into the executive protection field and offers a perspective on how enterprise security leaders can improve their programs by foregrounding communication, transparency and mentorship.
According to an Akamai Technologies report, organizations experienced an average of 86 ransomware attacks in the past 12 months, up from an average of 43 annual attacks two years ago. Globally, the top obstacles to deploying microsegmentation were a lack of skills/expertise (39%) followed by increased performance bottlenecks (39%) and compliance requirements (38%). Of all respondents, 93% claimed that microsegmentation was critical to help thwart ransomware attacks.