Shoving Money Down Security's Bottomless Pit

<p>No matter how much money we shove into security, it never seems to fill up. That's good for vendors. Not so good for buyers of security who don't have a bottomless pit of money to fill the bottomless pit of security.</p> <p> </p> <p><img class="aligncenter size-full wp-image-1544" src= "https://cisoseries.com/wp-content/uploads/2019/01/Red-Canary-Logo.png" alt="" width="600" height="178" /></p> <p><em>This week's episode is sponsored by Red Canary. </em><em>Red Canary is a security operations ally to organizations of all sizes. They arm customers with outcome-focused solutions that can be deployed in minutes to quickly identify and shut down adversaries. <a href= "https://www.redcanary.com/blog/">Follow their blog</a> for access to educational tools and other resources that can help you improve your security program.</em></p> <p><strong>Got feedback? Join the conversation on LinkedIn</strong></p> <p><strong>On this episode</strong></p> <h2>How CISOs are digesting the latest security news</h2> <p>Wayne Rash of eWEEK wrote a piece on what to expect in cybersecurity in 2019. Most of the stuff is more of the same, such as nation state attacks, ransomware, phishing, and assume you're going to get attacked. But, he did bring up some issues that don't get nearly as much discussion. One was cryptomining which is hijacking your cloud instances, encrypting ALL data, moving away from usernames/passwords, and getting a third-party audit. So what's on CISOs' radar in 2019</p> <h2>Why is everybody talking about this now?</h2> <p>Dutch Schwartz of Forcepoint brought up the issue of collaboration. This is not a new topic and we all know that if we don't share information the attackers who do share information will always have leverage. There are obvious privacy and competitive reasons why companies don't share information, but I proposed that if the industry believes collaboration is so important, then it should be a requirement (think GDPR) or we should build incentives (think energy incentives) with a time limit. Is this th