The Bitwarden Blog

NFL & CISA at the Open Source Security Summit 2024

SB
geschreven door:Samantha Berlant
gepost:
Link Copied!
  1. Blog
  2. NFL & CISA at the Open Source Security Summit 2024

Learn more about the annual Open Source Security Summit.

In September 2024, the fifth annual Open Source Security Summit brought together participants from around the globe for engaging discussions led by industry experts on how open source strengthens trust and security through collaboration and transparency. Highlights from this year included a fireside chat with the CISO at NFL, Tomás Maldonado, and executive assistant director of the cybersecurity division at CISA, Jeff Greene. 

To explore past summits, many session recordings are available for 2023, 2022, 2021, and 2020 at opensourcesecuritysummit.com or on the Bitwarden YouTube channel

NFL & CISA: Addressing security vulnerabilities to improve security posture

Tomás Maldonado, CISO at the NFL, and Jeff Greene, executive assistant director of the cybersecurity division at CISA, joined Bitwarden CEO, Michael Crandell, for a fireside chat to delve into best practices, common mistakes, and the breadth of resources available to organizations.

Top cause of security vulnerabilities: human error

Human error remains one of the top causes of breaches. According to the Verizon Data Breach Report, 68% of breaches relate back to social engineering or human error. For example, one simple password was responsible for the SolarWinds security incident.

In the wake of rising phishing scams (e.g., a CEO suddenly sending a message requesting gift cards), Maldonado advises, “We need to educate individuals to be more aware of the types of psychological attacks used on them because people are very forthcoming, giving, and want to do the right thing - those are the things adversaries know how to abuse.” 

Empowered employees lead to a stronger security posture

Maldonado and Greene spoke on the importance and impact of empowering your workforce through security training with skills that cross-function between work and personal life because “If you help people understand how to apply security controls in their personal life - how to protect their bank account, social media - they can transfer those skills and knowledge almost unthinkingly to work” (Greene).

“Most people will say, ‘our staff are our weakest links.’ I like to think of it as ‘our staff are our greatest assets.’ If I have 15,000 people in my organization, I potentially have 15,000 security people. If I can reach them and make them a little bit more educated in cybersecurity.

They may be good canaries, good advocates for implementing controls, or evangelists spreading the word and being that first line of defense because they're the ones interacting with systems. They're the ones creating data. They're the ones logging in. They're the ones sending and manipulating information.” ~ Tomás Maldonado, CISO at NFL

Free services to improve security posture

To support organizations, Greene detailed the wide range of free services offered by CISA, from vulnerability scanning to the ransomware pre-notification initiative, “cyber performance goals with baseline security measures that any entity with a public-facing business should take,” says Greene.

Regularly reviewing vulnerability databases to identify known vulnerabilities is crucial in this process. In the wake of SolarWinds, CISA has made significant progress in deploying endpoint detection and response technology across 60+ federal agencies and entities, which has prevented what Greene refers to as “next-generation attacks.”

The main takeaway: regardless of whether you want to protect yourself, your family, or your business, there are simple, effective steps you can take to stay secure from most attacks.

We are all empowered to improve the security of our own life, our own digital life, and our companies. As scary as it seems, most of the attacks out there are not that sophisticated. Most malicious actors are lazy; they did not go into crime to work hard. They're taking advantage of known exploits and vulnerabilities.

If you, as an individual or small business, do the simple things - patch, software update, install security tools, use multifactor authentication - you will be ahead of most attackers.” ~ Jeff Greene, CISA

Watch the replay

Open source solutions

Ready to take the next step toward protecting your business and yourself online? Get started with a free individual account or start a business trial.

Connect with the Bitwarden community to stay informed about future events and additional cybersecurity resources!

See you at the Open Source Security Summit in 2025!

EventsSecurity Tips
Link Copied!
Terug naar Blog

Get started with Bitwarden today.

Maak uw gratis account aan

Vergroot uw kennis op het gebied van cyberbeveiliging.

Meld je aan voor de nieuwsbrief.


© 2024 Bitwarden, Inc. Voorwaarden Privacy Cookie-instellingen Sitemap

Go to EnglishStay Here