Intercast Staffing – July 2022 Newsletter

Welcome to the July edition of Intercast’s monthly newsletter for cybersecurity professionals. As always we’ll bring you the latest news and views to make you a better-informed consultant.

In this edition:

  • Client Insights
  • Cybersecurity In The Bigger Picture
  • Privacy In Perspective
  • Sanctions Bring Challenges And Opportunities
  • The Human Touch

Client Insights- DEI in Cyber

DEI or Diversity Equity and Inclusion in Cyber is an important topic and was a key theme at RSAC 2022 this past June. Crafting inclusive policies and building diverse teams in infosec is only going to make security departments stronger. The threat landscape rarely mirrors enterprise cyber security departments and as leaders in the industry, we need to be having these conversations  and building these policies with our clients.

Look out for an Intercast DEI whitepaper being released later this summer.

 

The Intercast Team at RSAC 2022 in San Francisco.

The Intercast Team at RSAC 2022 in San Francisco.


Privacy In Perspective

Security and privacy often go hand-in-hand in the tech world and some big names have come under fire. Companies collecting excessive personal data isn’t just about them exploiting the information, but about the increased risk to customer privacy after any security breach.

Among several lawsuits pitting states against Google, the latest from Texas takes aim at the Chrome browser’s Incognito mode. It says Google misleads users by implying the mode doesn’t track search history or location activity. Google counters that it gives clear information and lets users control what data is collected.

Meanwhile Canadian coffee chain Tim Hortons is facing four lawsuits and investigations from provincial and federal privacy regulators over its app. Critics claim the company didn’t give enough warning that the app could track user location even when the app wasn’t in active use (a feature the company has since deactivated.)

One lawsuit points to knock-on effects such as the company — or anyone accessing the collected data without permission — being able to infer health conditions based on users visiting particular medical facilities.


Sanctions Bring Challenges and Opportunities

While many of us still work on site, cybersecurity is very much a global marketplace. That means sanctions against Russia and China have contributed to a worldwide labor shortage. One estimate cited by Thomson Reuters put the number of cybersecurity vacancies above three million.

One of the main challenges is Western governments putting more pressure on businesses to make cybersecurity a priority issue. That creates an unfortunate irony: businesses need to recruit staff to protect cybersecurity, but also need to take extra steps to make sure recruits aren’t themselves a threat.

Historically Russia and China have been hotbeds for security talent but recruiting from those countries is becoming trickier with both political and bureaucratic problems slowing background checks.

The problem is particularly acute in higher-level positions where experience counts and it’s not a viable option to simply recruit and train more staff locally. On the upside, experienced professionals already based in countries with unfulfilled cybersecurity needs may be in a great position.


The Human Touch

We often think of cybersecurity as being about machines and systems, but that’s not necessarily the right mindset when it comes to training. A British company has raised US$28 million in funding for its “behavioral science” approach to staff security awareness.

The logic behind CybSafe’s platform is that training is too often focused on the security risks and safeguards and not enough on the humans themselves. Its owners argue that different employees behave in different ways, so the lessons they need to learn will also vary.

CybSafe integrates with software such as Microsoft 365 and Okta and builds up a picture of each employees “cyber habits.” It will then give them personalised advice on what they need to do differently to mitigate risks and what threats they’ll face. It can even create tailored social engineering simulations to make sure the training is working.


Best Of The Rest

Here’s your round-up of the other cybersecurity news and views that caught our attention this month:

Anthony Green of FoxTech explores a big question: Is a “Bring Your Own Device” policy ever a good idea in business:

https://www.securingindustry.com/security-documents-and-it/viewpoint-bring-your-own-device-to-work-is-it-ever-a-good-/s110/a14508/

Dark Reading explores a flurry of mergers and acquisitions in the cyberspace world. It’s not necessarily bad news for professionals however, with one analyst suggesting that it’s security software products rather than experts that will be the likely casualties of any streamlining:

https://www.darkreading.com/cloud/no-slowdown-in-cybersecurity-m-a-activity

A survey of 1,000 cybersecurity professionals suggest almost one-in-three plans to change profession in the coming years, with burnout, a lack of career path and limitations on developing skills all playing a part:

https://www.zdnet.com/article/bad-news-the-cybersecurity-skills-crisis-is-about-to-get-even-worse/

The off-beat take of the month comes from SinWave Ventures’ Pat Muoio in the Wall Street Journal. She argues its time to stop using military and warfighting metaphors in cybersecurity and instead talk about keeping systems healthy. It’s not about political correctness but making the most of a “home-field advantage”:

https://www.wsj.com/articles/its-time-to-change-the-cybersecurity-metaphors-we-use-11654607575