This is a summary of the Senior Security Leader cohort discussion during the Peer Roundtable on June 18, 2024. This executive summary captures the essence of the discussion, focusing on the major topics, challenges, and potential solutions discussed by the participants.
Eighteen Cyber Security leaders participated actively in to the round table conversation about the following topics:
1. How to enable other teams to follow the security practices systemically
2. Quantum cryptography and experienced around it and
3. Human behavior improvement, how to enable people with Cyber skills
Flipbook View
a. Build a process that is integrated with the development process
b. Make the process transparent and easy to understand
c. Be clear about the business risk
d. Avoid Fear, Uncertainty and Doubt (FUD)
e. Gamify and use positive leaderboards instead of hall of shame´s (Giant carrot was mentioned)
The conversation was relatively short as the team did not have that many real life experiences about the topic yet. Here's a brief summary:
• There are product companies that do already actually develop Quantum resistant algorithms, but they are not necessarily extremely vocal about this.
o NXP as a security solution focused semiconductor was mentioned as one example: PostQuantum Cryptography | NXP Semiconductors
o SSH Communications was another example: Quantum Safe Cryptography (QSC) Security Solutions | SSH
• The worry Petri shared with the group was related to the fact old encryption algorithms are usually not decommissioned in time at Enterprises. This relates to the fact that the Active Directory team cannot usually enforce the usage of the attack resistant algorithms to a vast eld of applications, which are sometimes hard coded to use age old algorithms.
o As an example of this: Petri referred to the Nation state case example of this: Petri referred to the Nation state case study (Click to Access On-demand), where the attacker was able to open 25-char encrypted password in 81 seconds. This was due to the usage of NTLMv1 and RC4 algorithms.
• The question to you is: How do I enable all of the applications in your company to be capable to use the latest encryption and hashing algorithms. If you want to discuss this with Petri…just book a time.
• As with the first topic the positive approach was considered the king and tricking people to fail for phishing scams was considered as trust destroying approach.
• Using a common enemy, is it AI or an imaginary villain dog or anything else makes the stories more memorable and encourages people to talk about Cyber in the Coffee corners.
• Giving positive feedback to people who behave correctly, creates dopamine, which leads to behavior change. This expects obviously lots of repetition, which must be done in a way that people stay engaged. The feedback should also be instant to create the behavior conditionalization impact (reference to Dr. BJ Fogg books about behavior change)
• AI can be your asset of providing people individualize simulations and learning, avoiding the gossiping at the corridors about the latest simulation.
• As a reference: Qualcomm won the CSO50 award recently because they transformed their worst performers to the best performers.
Learn as Petri Kuivala walks you through a real-life cyberattack case involving a nation state called Panda, which was related to a larger M&A case between two large companies. See the several-year hacking timeline and a high-level overview of how it happened and mistakes that could have been avoided.
Learn:
How to be prepared when the “s” hits the fan
How to be the successful CISO at the time of the storm
The most important things to do to prevent a cyberattack in the first place
Ask Petri Kuivala about the Cyberthreat Case Study or any of the resources available. He's also open to discuss your current challenges beyond what's provided. Click the button to go to Petri's calendar.
Copyright © 2020- Peer Roundtables. All Rights Reserved