For over 15 years, Okta has led the charge in securing digital identities through more sophisticated sign-in solutions. Our latest 2024 Secure Sign-In Trends Report offers insights into the rapidly evolving world of identity security, specifically on how organizations across industries are embracing modern, phishing-resistant methods like Multi-Factor Authentication (MFA) and passwordless sign-ins.
In this year's report, we explore: - The surge in MFA adoption across industries, and what it means for the future of secure authentication. - Phishing-resistant authentication methods gaining traction, signaling that the passwordless future is possible. - Why a seamless user experience and strong security are no longer in opposition. - How industries compare in their adoption of modern authentication, and who's setting the pace.
Segment Resources: Secure Sign-In Trends Full Report: https://www.okta.com/resources/whitepaper-the-secure-sign-in-trends-report/
Todd McKinnon Blog on the Secure Sign-In Trends Report: https://www.okta.com/blog/2024/10/phishing-resistant-mfa-shows-great-momentum/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
In the leadership and communications segment, How Good Leaders Become Great By Never Leading Alone, How Leaders Can Prepare Their Teams For 2025, Nervous About Public Speaking? Here’s How to Use Notes Like a Pro, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-375
This week, it's time for Security Money. Of course Okta should be in the Security Weekly 25 Index, Duh!
Here are all the companies that now comprise the index:
SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc
In the leadership and communications segment, Should the CISO Role Be Split?, CISO's tips for building a culture of cybersecurity, Personal Leadership and Cyber Risk — Top 3 Traits that Deliver Enterprise Level Results, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-374
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023.
Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview.
Show Notes: https://securityweekly.com/vault-bsw-14
The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management.
Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including:
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-373
Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health?
Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health.
In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-372
Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal transaction into a costly headache for the acquiring company post-merger.
So how do you assess the potential cyber risks of the transaction? Craig Davies, Chief Information Security Officer at Gathid, joins Business Security Weekly to review the five crucial cyber questions to ask before finalizing any deal. If you're in a merger or acquisition, or plan to merge or acquire another company, don't miss this episode.
In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-371
In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert’s Proven Method, The Problem with Mandating Office Presence Without Purpose, and more!
Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat landscape, what he’s seeing across Okta and our customers and what security leaders need to know about identity threats to stay one step ahead of threat actors today.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/
Though 75% of cybersecurity professionals say the threat landscape today is the most challenging they’ve seen in the last five years, cutbacks on the cybersecurity workforce and widening skills gaps are creating challenges for the industry. It is becoming harder to find people with the right skills to meet growing and evolving needs. Erin Baudo Felter, Vice President, Social Impact & Sustainability at Okta, joins Security Weekly's Mandy Logan to discuss the widening cybersecurity skills gap and the initiatives Okta has in place to help companies develop, recruit and retain talent within the cybersecurity workforce.
Segment Resources: https://www.okta.com/oktane/
This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-370
Getting C-Suite execs aligned on cyber resilience and cybersecurity can be a challenge. LevelBlue's recent Futures™️ report sought to uncover the barriers that prevent companies from achieving cyber resilience in the enterprise today. The report not only surveyed C-Suite execs (CIOs, CTOs, and CISOs), but non-C-Suite leaders from engineering and architecture roles as well.
Segment Resources:
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
In the leadership and communications section, Joe Sullivan: CEOs must be held accountable for security too, More tech chiefs have success measured by profitability, cost management, Is Your Career Heading in the Right Direction?, and more.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-369
In today’s uncertain macroeconomic environment, security and risk leaders need practical guidance on managing existing spending and new budgetary requests. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to review Forrester's Budget Planning Guide 2025: Security And Risk. This data-driven report provides spending benchmarks, insights, and recommendations that will keep you on budget while still mitigating the most critical risks facing your organization. Jeff will cover which areas to invest, divest, and experiment, but you'll have to listen to get the details.
In the leadership and communications segment, The CEO’s Role in Setting Tone at the Top, CISOs, C-suite remain at odds over corporate cyber resilience, Warren Buffett's Secret To Success? Run It 'Like A Small Family Business,' Says One Of His CEOs, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-368
Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff?
Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO?
In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-367
The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful.
Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by:
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, Underfunding And Leadership Gaps Weaken Cybersecurity Defenses, A Self-Care Checklist for Leaders, Senate bill eyes minimum cybersecurity standards for health care industry, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-366
In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more!
AI is bringing productivity gains like we’ve never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge.
Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity.
Segment Resources: https://developerday.com/ https://www.okta.com/customer-identity/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-365
Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way.
Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including:
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-364
Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start?
Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Business Security Weekly to discuss how to align cybersecurity and the business, including the need to:
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-363
Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This episode was initially published on November 29, 2022.
Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap!
View CISO Stories podcast episodes here: https://www.scmagazine.com/podcast-show/the-ciso-stories-podcast
Show Notes: https://securityweekly.com/vault-bsw-13
How are personal liability and indemnification impacting the CISO role? Darren Shou, Chief Strategy Officer from RSA Conference, describes the current landscape of CISO liability and the challenges facing CISOs today. He discusses the implications of the SEC's recent actions, including the charges against SolarWinds' CISO, and the growing trend of personal liability for security leaders. Darren will also highlight comparisons between the roles of CISOs and CFOs, highlighting what security professionals can learn from their financial counterparts in handling risks and responsibilities. Finally, he explores how to build an effective coalition, both internally with company executives and externally with peers. In this ever changing risk landscape, it takes a village, and Darren shares his vision for how to build that village.
This week we talk a lot about the CISO's relationship with the business and the challenges of being aligned and keeping up. We also talk about budget priorities, the challenge of doing security in small businesses, and the ever-present challenge of burnout. Finally, we discuss what servant leadership actually means.
On this last topic, Ben makes a book recommendation, which you can find here: https://www.amazon.com/Seat-Table-Leadership-Age-Agility/dp/1942788118
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-362
What are the barriers to cyber resilience today? Why is it so difficult? And what is coming next, that will generate resilience challenges further down the line?
After five years of focusing on the short- and medium-term future of cybersecurity and edge, this year, LevelBlue wanted to understand what is preventing cyber resilience—and what business leaders are doing about it. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins us to discuss the results of their research.
Segment Resources: LevelBlue.com/futuresreport
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!
While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs.
Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies. Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support.
This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluebh to learn more about cyber resilience and how to start the conversation in your organization!
Employees spend up to 80% of their working hours in a web browser, and threat actors are increasingly leveraging browsers to target users and initiate attacks. Disrupting the tool employees use for 80% of their job would have massive impact on productivity. Rather than ripping and replacing, enterprises can turn any browser into a secure enterprise browser.
Segment Resources: Menlo homepage: https://resources.menlosecurity.com/videos/browser-security
Menlo research on three new nation state campaigns: https://www.menlosecurity.com/press-releases/menlo-security-exposes-three-new-nation-state-campaigns
Every browser should be a secure enterprise browser: https://www.menlosecurity.com/blog/every-browser-should-be-a-secure-enterprise-browser
Defending against zero-hour phishing attacks: https://www.menlosecurity.com/blog/state-of-browser-security-defending-browsers-against-ever-evolving-zero-hour-phishing-attacks
This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menlobh or schedule a demo to learn more about the role of browser security in eliminating the risk of highly evasive threats!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-361
This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The index is currently made up of the following 25 pure play cybersecurity public companies:
A10 Networks Inc
In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America’s Companies, Judge Rejects SEC’s Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-360
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 1, we discuss the challenges facing the CISO role and it's hiring. As CISOs leave the role, the position is not necessarily being refilled. How will this impact future CISO hiring?
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 2, Jason proposes we blow it all up, while Ben recommends a certification board for CISOs. We have no shortage of suggestions for how to fix the CISO hiring problem.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-359
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why?
Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview.
Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution?
Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights:
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-358
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms.
Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-357
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach provides implementation guidance on the controls required to maximize your coverage, including premium discounts, higher ransomware supplements, and a reduction is deductibles. If you're struggling with cyber insurance, don't miss this interview.
In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-356
On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size?
Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss technology rationalization within cybersecurity. Max will discuss how to inventory your security products, identify overlap, and pick the right products for your organization.
In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-355
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022.
As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.
Show Notes: https://securityweekly.com/vault-bsw-12
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy.
This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!
In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies:
Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results.
Segment Resources:
www.okta.com/resources/whitepaper-ai-at-work-report/
www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-354