Sign up to save your podcasts
Or
Share Inherently Vulnerable By Design
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Inherently Vulnerable By Design
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/)
Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5.
Thanks to this week's podcast sponsor, F5.
External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.
On this episode of Defense in Depth, you’ll learn:
- The mere act of conducting business requires you to have certain procedures that would make you vulnerable. Simple things like taking customer information to create user accounts and processing credit cards. That's inherent to doing business, and by opening that up, it makes you vulnerable.
- A lot of this inherent vulnerability comes down to having users or customers and needing to authenticate them.
- When you start a business you're also accepting the inherent vulnerability and you have to ask yourself to what level can the business function having that vulnerability abused? It's all about risk appetite.
- Two factor authentication sure is nice, but there has to be multiple "behind the scenes" authentications going on to verify identity continuously.
- As you're collecting all these additional data points you can use that information to ask the user to verify.
- Provide discounts to customers and users for good security practices. Insurance companies do this with people who prove safe driving practices. It could be a win-win for everybody. For example, with Mailchimp, they give you a discount if you enable 2FA. Why not offer a discount for a really long and complicated password?
- One of the major issues is the password reset process happens through email. Email wasn't designed for critical authentication. Many hacks happen through the reset process via email.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/)
Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5.
Thanks to this week's podcast sponsor, F5.
External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.
On this episode of Defense in Depth, you’ll learn:
- The mere act of conducting business requires you to have certain procedures that would make you vulnerable. Simple things like taking customer information to create user accounts and processing credit cards. That's inherent to doing business, and by opening that up, it makes you vulnerable.
- A lot of this inherent vulnerability comes down to having users or customers and needing to authenticate them.
- When you start a business you're also accepting the inherent vulnerability and you have to ask yourself to what level can the business function having that vulnerability abused? It's all about risk appetite.
- Two factor authentication sure is nice, but there has to be multiple "behind the scenes" authentications going on to verify identity continuously.
- As you're collecting all these additional data points you can use that information to ask the user to verify.
- Provide discounts to customers and users for good security practices. Insurance companies do this with people who prove safe driving practices. It could be a win-win for everybody. For example, with Mailchimp, they give you a discount if you enable 2FA. Why not offer a discount for a really long and complicated password?
- One of the major issues is the password reset process happens through email. Email wasn't designed for critical authentication. Many hacks happen through the reset process via email.
More shows like Defense in Depth
View all
Security Now (Audio)
1,974 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
176 Listeners
CyberWire Daily
1,006 Listeners
Smashing Security
312 Listeners
Click Here
408 Listeners
Darknet Diaries
7,876 Listeners
Cybersecurity Today
166 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Cyber Security Headlines
127 Listeners
Risky Bulletin
43 Listeners
Hacker And The Fed
158 Listeners