I found the article, “Building a culture of cybersecurity: 3 key takeaways from the 2021 SANS report”, on securitymagazine, trying to stay on theme with our topic of the week, “creating a security aware organization”. Moreover, as the pandemic rages on, several organizations are pivoting their business models to support a hybrid or full-time remote workforce. For IT administrators, the transition has been overwhelming as they now attempt to manage complex devices and personnel with potentially dangerous digital behavior. The article emphasizes that cybersecurity is a shared responsibility and notes that “humans are the biggest cybersecurity risk”. It defines security culture as “a set of norms, beliefs, values, attitudes and assumptions that are inherent in the daily operation of an organization and are reflected by the actions and behaviors of all entities and personnel within the organization.” The SANS Institute in their 2021 research highlighted three main roadblocks to building a security culture being: a) time is the top challenge, not budget, b) awareness program leaders lack soft skills, c) lack of strategic alignment. Furthermore, the following 3 key takeaways for building a mature security culture according to the SANS Institute report are: a) security awareness isn’t only about technology, b) lack of time shouldn’t be your excuse for poor security awareness, c) always highlight the business value of the program. The changing workplace serves as a reminder of the importance of ensuring that organizations remain secure, comply with regulations, and protect their employees/data from cyber threats.
It is interesting to see how this report is highly influenced by the pandemic.
SANS also conducts free virtual summits on their websites, These summits bring together cyber security practitioners and leading experts to share and discuss case studies, lessons learned, new tools, and innovative strategies to improve cyber security and overcome challenges in a particular focus area or industry.
I found this article on how the cybersecurity awareness should be implemented across the entire web supply chain. Epically post pandemic businesses and consumers are becoming warier of ransomware, data breaches and foreign cyber actors than ever before. The article elaborates on how CEOs and legislators must be prepared to address our cybersecurity crisis at the root: an unregulated digital ecosystem that is full of vulnerable code.
The US Federal Communications Commission (FCC) proposed to ban the products of Chinese electronics companies. The FCC states that the products of Chinese electronics companies are not trusted and are excluded from the communication network. The purpose of this rule is to prevent potential threats to the equipment and service supply chain in the United States and to protect the security of the US communications network.
Banned Chinese Companies List:
Huawei Technologies
ZTE Corporation
Hytera Communications Corporation
Hangzhou Hikvision Digital Technology Campany
Dahua Technology Company
Electronic equipment from China is regarded as a national security threat, and the FCC believes that the installation of this equipment or software will threaten network security and national security.
The implementation of this decree will lead some companies to search for new suppliers, and it will take a huge effort to find a new balance between competitive price, quality, and system compatibility. Companies will face differences in price and quality, usually increasing prices or sacrificing reliability to maintain product competitiveness.
Elizabeth Gutierrez says
I found the article, “Building a culture of cybersecurity: 3 key takeaways from the 2021 SANS report”, on securitymagazine, trying to stay on theme with our topic of the week, “creating a security aware organization”. Moreover, as the pandemic rages on, several organizations are pivoting their business models to support a hybrid or full-time remote workforce. For IT administrators, the transition has been overwhelming as they now attempt to manage complex devices and personnel with potentially dangerous digital behavior. The article emphasizes that cybersecurity is a shared responsibility and notes that “humans are the biggest cybersecurity risk”. It defines security culture as “a set of norms, beliefs, values, attitudes and assumptions that are inherent in the daily operation of an organization and are reflected by the actions and behaviors of all entities and personnel within the organization.” The SANS Institute in their 2021 research highlighted three main roadblocks to building a security culture being: a) time is the top challenge, not budget, b) awareness program leaders lack soft skills, c) lack of strategic alignment. Furthermore, the following 3 key takeaways for building a mature security culture according to the SANS Institute report are: a) security awareness isn’t only about technology, b) lack of time shouldn’t be your excuse for poor security awareness, c) always highlight the business value of the program. The changing workplace serves as a reminder of the importance of ensuring that organizations remain secure, comply with regulations, and protect their employees/data from cyber threats.
Link to article: https://www.securitymagazine.com/articles/95568-building-a-culture-of-cybersecurity-3-key-takeaways-from-the-2021-sans-report
Shubham Patil says
Elizabeth,
It is interesting to see how this report is highly influenced by the pandemic.
SANS also conducts free virtual summits on their websites, These summits bring together cyber security practitioners and leading experts to share and discuss case studies, lessons learned, new tools, and innovative strategies to improve cyber security and overcome challenges in a particular focus area or industry.
Shubham Patil says
I found this article on how the cybersecurity awareness should be implemented across the entire web supply chain. Epically post pandemic businesses and consumers are becoming warier of ransomware, data breaches and foreign cyber actors than ever before. The article elaborates on how CEOs and legislators must be prepared to address our cybersecurity crisis at the root: an unregulated digital ecosystem that is full of vulnerable code.
Link: https://www.forbes.com/sites/forbestechcouncil/2021/09/21/why-cybersecurity-awareness-must-include-the-entire-web-supply-chain/
Yangyuan Lin says
The US Federal Communications Commission (FCC) proposed to ban the products of Chinese electronics companies. The FCC states that the products of Chinese electronics companies are not trusted and are excluded from the communication network. The purpose of this rule is to prevent potential threats to the equipment and service supply chain in the United States and to protect the security of the US communications network.
Banned Chinese Companies List:
Huawei Technologies
ZTE Corporation
Hytera Communications Corporation
Hangzhou Hikvision Digital Technology Campany
Dahua Technology Company
Electronic equipment from China is regarded as a national security threat, and the FCC believes that the installation of this equipment or software will threaten network security and national security.
The implementation of this decree will lead some companies to search for new suppliers, and it will take a huge effort to find a new balance between competitive price, quality, and system compatibility. Companies will face differences in price and quality, usually increasing prices or sacrificing reliability to maintain product competitiveness.
Reference: https://www.securitymagazine.com/articles/95982-fccs-proposed-ban-on-chinese-camera-and-video-surveillance-components