A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.
…
continue reading
Cyberrisk Podcasts
If you're a managed security provider (MSP), managed security service provider (MSSP), virtual CISO, or a cybersecurity professional looking for insights and advice on ways to build bridges with your clients (or vice versa), look no further than Cyber for Hire | The Managed Security Podcast! Presented in partnership with MSSP Alert and ChannelE2E, Cyber for Hire, is a weekly 60-minute podcast (in two 30-minute segments) hosted by Ryan Morris, Principal Consultant at Morris Management Partner ...
…
continue reading
If you're a managed security provider (MSP), managed security service provider (MSSP), virtual CISO, or a cybersecurity professional looking for insights and advice on ways to build bridges with your clients (or vice versa), look no further than Cyber for Hire | The Managed Security Podcast! Presented in partnership with MSSP Alert and ChannelE2E, Cyber for Hire, is a weekly 60-minute podcast (in two 30-minute segments) hosted by Ryan Morris, Principal Consultant at Morris Management Partner ...
…
continue reading
The ISACA Podcast gives you insight into the latest regulations, trends and threats experienced by information systems auditors and governance and security professionals. Whether you are beginning your career or have decades of experience, the ISACA Podcast can help you be better equipped to address industry challenges and embrace opportunities.
…
continue reading
1
Preserving Uptime in the Face of Evolving Attacks
31:38
31:38
Play later
Play later
Lists
Like
Liked
31:38
Send us a text Uptime. It’s the lifeblood of manufacturing and the precise target of industrial sector hackers. By knocking systems offline, stealing credentials, holding data for ransom, or crippling supply chains, the bad guys know their ultimate goals of disruption or extortion will be realized. And as we’ve discussed numerous times here on Secu…
…
continue reading
1
New Patching Strategies for Old Vulnerabilities
26:45
26:45
Play later
Play later
Lists
Like
Liked
26:45
Send us a text While there are plenty to pick from, one of the biggest challenges for cybersecurity professionals in the industrial realm can be getting financial support. In manufacturing there are always a number of viable spending options, and working to make cybersecurity a priority can be tough, especially when enterprises are faced with initi…
…
continue reading
1
The Wild & Weird of Industrial Cybersecurity
31:06
31:06
Play later
Play later
Lists
Like
Liked
31:06
Send us a text When talking to the experts and leading authorities that have participated in the 140+ episodes of Security Breach, there’s always a slight pause when directing their attention specifically to the industrial sector. That’s because, well, we’re special. There’s the unique juxtaposition of old and bleeding edge technology. There’s the …
…
continue reading
Send us a text I know that we’re constantly talking about artificial intelligence - the best ways to use it, the ways hackers are using it, and the overall good, bad and ugly of implementing AI into your security infrastructure. But what if we took a little different route. In this episode we're going to explore how AI can help make your people bet…
…
continue reading
Send us a text Discussing the ever-expanding threat landscape is something we do a lot on Security Breach, but this episode is dedicated exclusively to topics like zero-day vulnerabilities, nation-state threats, phishing schemes, ransomware, and of course, the role artificial intelligence continues to play in making the good guys smarter and the ba…
…
continue reading
Lauren Hasson is the Founder of DevelopHer, an award-winning career development platform. In this podcast, she'll share a bit about her background and give a sneak peek at her upcoming CPE-eligible event.By ISACA Podcast
…
continue reading
1
Cure Me or Kill Me - The Little Things That Escalate Attacks
43:51
43:51
Play later
Play later
Lists
Like
Liked
43:51
Send us a text As loyal listeners of this podcast know, I’m a big believer in paying close attention to the little things, the blocking and tackling, the basics, the fundamentals. All those elementary elements that comprise the building blocks of stronger cybersecurity plans and successful defensive strategies. Spoiler alert – that comes through ag…
…
continue reading
1
Being 'Proactively Paranoid, Not Paralyzed'
37:27
37:27
Play later
Play later
Lists
Like
Liked
37:27
Send us a text As all of you know, there are no silver bullets when it comes to cybersecurity success in the industrial sector. Every enterprise has its own unique characteristics, each plant floor its different connectivity elements, and each business is comprised of diverse human dynamics that fuel its culture. However, regardless of the environm…
…
continue reading
1
Why More Hackers Are Logging On Than Breaking In
33:00
33:00
Play later
Play later
Lists
Like
Liked
33:00
Send us a text We’ve heard it before – hacker tactics are not changing, but the hackers are getting a lot smarter in how they deploy their time-tested attacks. Additionally, honing in on the human element of cybersecurity is nothing new. We’ve spoken with numerous guests about getting buy-in, improving training, and how creating a cyber-receptive c…
…
continue reading
Send us a text Who are you? This episode dives into one of the most challenging cybersecurity topics currently on the docket – identity management. My conversation with Brandon Traffanstedt, Sr. Director and Global Technology Officer at CyberArk, took us in two equally important directions. The first deals with individuals and how to properly manag…
…
continue reading
Send us a text I’m always tempted to start out each episode by talking about a problem, and then setting up our guest as the solution to that problem. It’s formulaic and a bit redundant, but it’s also effective. So I’ll apologize in advance because I’m about to do that very thing again. The difference is that Howard Grimes, the CEO of the Cybersecu…
…
continue reading
1
Cyberrisk Quantification: Strengthening Financial Resilience
35:33
35:33
Play later
Play later
Lists
Like
Liked
35:33
In this episode, ISACA's Lisa Cook engages with Yakir Golan, Executive Officer (CEO) and Co-Founder of Kovrr, to explore the critical role of Cyberrisk Quantification (CRQ) in enhancing organizational financial resilience. They discuss how CRQ solutions provide objective assessments of an organization's cybersecurity posture, enabling leaders to ma…
…
continue reading
Send us a text Insider threats are creating new attack vectors, but old-school solutions could rise to the challenge. Regardless of the situation or dynamic, everyone likes to think that they’re special. However, with experience we learn that appreciating both the shared similarities, as well as some of those unique traits, are how we can best solv…
…
continue reading
Send us a text In many instances the biggest challenge facing OT cybersecurity practitioners is knowing where to focus resources, especially their time. In other words, what are the priorities for the enterprise, facility and people? I recently sat down with Securin's Lead Threat Intelligence Analyst - Aviral Verma. And while I anticipated a conver…
…
continue reading
1
Securing Desktops and Data from Ransomware Attacks
39:30
39:30
Play later
Play later
Lists
Like
Liked
39:30
Ransomware remains one of the most formidable cybersecurity threats facing organizations worldwide. In this episode of the ISACA Podcast, host Chris McGowan speaks with Netwrix endpoint protection expert Jeremy Moskowitz, who explains how ransomware infiltrates and cripples desktop environments. He explains cybercriminals' tactics to exploit social…
…
continue reading
1
Why Ransomware, Credential Theft and Phishing Schemes Persist
39:55
39:55
Play later
Play later
Lists
Like
Liked
39:55
Send us a text One of the great things about covering industrial cybersecurity is the number of reports, studies and white papers being produced right now to help provide intelligence on threats, research on new tools, and data on leading trends. The tough part is sorting through all this data and, at some point, prioritizing it in order to get the…
…
continue reading
1
Unsecure Webcam Was All a Ransomware Group Needed
31:56
31:56
Play later
Play later
Lists
Like
Liked
31:56
Send us a text Endpoint security tools worked, but the hackers worked harder for their payday. While everyone likes to know how someone else might have screwed up and what the fallout looks like, the more import elements of episodes like this one come from the in-depth conversations about new tactics and strategies that are being used by the bad gu…
…
continue reading
Send us a text We talk a lot about the growing complexity of hacking groups and how their tools and tactics continue to evolve. One such evolution is the ongoing specialization that runs rampant throughout the black hat community – especially when it comes to ransomware. The rise of initial access brokers, affiliate programs, spoofing domain creato…
…
continue reading
Send us a text Breaking down silos while securing the cloud and leveraging secure-by-design advancements. The challenges facing the industrial OT landscape that emanate from external sources are … varied, complex and constantly evolving. Smarter hacking groups, AI-driven phishing schemes and deceptive malware viruses head the list of concerns. And …
…
continue reading
Cybersecurity and the role of internal audit, an urgent call to action: The forces driving business growth and efficiency contribute to a broad attack surface for cyber assaults. How is the end user protected with good service while not being compromised? First Line includes internet, cloud, mobile, and social technologies, now mainstream, are plat…
…
continue reading
1
Observations of an Ethical Hacking Researcher
36:08
36:08
Play later
Play later
Lists
Like
Liked
36:08
Send us a text One of the goals of the show is to help you better understand all the threats facing your OT assets, your data and your people. In order to do that, we work to identify those individuals with a feel and in-depth understanding of these threats and the evolving network of threat actors. And I can’t think of anyone better to break down …
…
continue reading
Send us a text When we talk about the threat landscape for the industrial sector, the eye-catching, headline-grabbing hacking groups with nefarious names typically lead the list of concerns. And while understanding their well-publicized exploits are important, what is often overlooked are all the little things these groups were able to do before dr…
…
continue reading
Send us a text While we’re still in the infancy of 2025, the New Year has proven to have no issues in welcoming in a number of pre-existing challenges – whether we’re talking about cybersecurity or … other social topics. So, in continuing this trend, we tapped into a unique collection of voices to discuss a topic that has, and will continue to be, …
…
continue reading
Send us a text The continued evolution of the CyberAv3ngers hacking group and its IIoT-focused malware. We talk a lot about change on Security Breach. Some of it’s good and obviously some of it makes us want to tear our hair out. Well, this episode, surprisingly, should go easy on the scalp, even though it will focus on the IOCONTROL malware strand…
…
continue reading
The prevalence of ransomware and the security concerns associated with AI have made the role of cybersecurity professionals vital for enterprise success. The complex security landscape can make cybersecurity jobs stressful, but enterprises can take steps to retain cybersecurity talent and ensure enterprise assets are protected. In this podcast, Jus…
…
continue reading
Send us a text Winston Churchill famously stated that, “Those who fail to learn from history are doomed to repeat it.” His concerns about applying lessons learned to post WWII foreign policy initiatives rings just as true in the current cybersecurity climate. So, in an effort to ensure we repeat as few of 2024’s mistakes in 2025, we’re going to tak…
…
continue reading
Send us a text As we begin to close out 2024 and look ahead to 2025, I couldn’t resist the urge to revisit some of my favorite guests from the last couple of months. While I’m grateful for everyone we’ve had on the show, and all the support we continue to receive from the industrial cybersecurity community, I felt these comments were worth another …
…
continue reading
1
Examining Authentication in the Deepfake Era with Dr. Chase Cunningham
38:28
38:28
Play later
Play later
Lists
Like
Liked
38:28
Given the dynamic nature of cyberthreats and the ever-expanding digital ecosystem, authentication is more critical than ever. In this episode, ISACA director of professional practices and innovation discusses a new content piece titled, "Examining Authentication in the Deepfake Era" with author Dr. Chase Cunningham. Their conversation of the paper …
…
continue reading
1
AI Is Exposing Your Most Vulnerable Attack Surface
35:50
35:50
Play later
Play later
Lists
Like
Liked
35:50
Send us a text According to Fortinet’s 2024 State of Operational Technology and Cybersecurity Report, 43 percent of those surveyed reported a loss of business critical data or intellectual property so far in 2024– a number this is up nearly 10 percent from last year. And we all know what happens with this hijacked data. Per the World Economic Forum…
…
continue reading
1
Safely and Responsibly Using Emerging Health Technology
25:10
25:10
Play later
Play later
Lists
Like
Liked
25:10
Emerging healthcare technologies have the potential to revolutionize healthcare and accessibility-related concerns, but these advancements are not without risk. To maximize the value and minimize the harms associated with emerging health technologies, it is critical to address ethical, privacy, and societal concerns to ensure that these technologie…
…
continue reading
Send us a text Next to artificial intelligence, one of the biggest buzz terms in industrial cybersecurity right now might be SBOM, or software bill of materials. The term generates equal parts concern and eye roll as those entrusted with enterprise defense look to ensure that there are no embedded vulnerabilities amongst the data platforms they are…
…
continue reading
1
What Cybersecurity Can Learn from Tom Brady
53:13
53:13
Play later
Play later
Lists
Like
Liked
53:13
Send us a text We assembled some "nerds from the basement" to cover a key strategy in combatting evolving threats. Today’s episode is going to take on a little different flavor, as we’re going to show you one particular tool that can impact a number of your security planning, training and discovery strategies. While table top exercises are nothing …
…
continue reading
Send us a text For this episode, instead of tapping into one source for feedback and updates on industrial cybersecurity, we’re going to look at some of the key insights previous guests have offered on the evolving threat landscape – from increased risks emanating from technological integrations and an uptick in automation, to the more traditional …
…
continue reading
Send us a text While there are plenty of unknowns when it comes to protecting the OT attack surface, there are some things that are undeniably true. We know that the frequency of attacks will continue to increase. We know that it’s not if your ICS will be probed, but when. And we also know that asset and connection visibility is an ongoing challeng…
…
continue reading
1
Phishing Attack Defense 'Not Rocket Science'
22:22
22:22
Play later
Play later
Lists
Like
Liked
22:22
Send us a text Maybe you’re sick of hearing about phishing schemes and the way hackers are using this strategy to infiltrate your networks, access intellectual data, shut down production, or hold your assets for ransom. If that’s the case, then you’ve made a lot of hackers very happy. And based on Proofpoint’s 2024 State of Phish report, protecting…
…
continue reading
1
Legacy Mindsets Are Helping Hackers Weaponize Networks
42:42
42:42
Play later
Play later
Lists
Like
Liked
42:42
Send us a text So, my daughters like to give me a hard time about growing old. Said another way, I’m a legacy asset - just like most of the devices many of you observe, manage and secure every day. Your machines are still in place because they work. While the technology around these assets has evolved, their core functionality and value to the prod…
…
continue reading
1
Using Force Multipliers to Protect Against Next-Gen Stuxnet
40:16
40:16
Play later
Play later
Lists
Like
Liked
40:16
Send us a text While the justifications for additional cybersecurity spending is easy to explain, getting buy-in at the C-level can be difficult. However, some recent research might help you win over those controlling the purse strings. SonicWall’s Mid-Year Cyber Threat Report found that their firewalls were under attack 125 percent of the time dur…
…
continue reading
Send us a text One of the most common topics we explore here on Security Breach is the ongoing challenge of asset visibility in the OT landscape. It's frustrating because it would seem that the solution starts with basic inventory management approaches, i.e. the first step in developing frameworks and plans for everything from tool selection to att…
…
continue reading
Send us a text According to Veeam’s 2024 Ransomware Trends Report, cyber victims stated that they were unable to restore 43 percent of whatever data was affected by ransomware attacks. This reaffirms what a number of Security Breach guests have stated about trusting hackers after paying their extortion demands. Another finding shows that 63 percent…
…
continue reading
Send us a text The ongoing theme in industrial cybersecurity centers on two competing dynamics – the desire to expand our implementation of automation and Industry 4.0 technologies with the goal of using more and faster connections, along with the decision-making data each generates to improve the efficiency and quality of production. However, thes…
…
continue reading
SAP systems are treated differently than many other enterprise applications from a cybersecurity perspective. Most SAP security teams are siloed and left to meet security objectives on their own. Since SAP is so integral to organizations, it is unusual for SAP security objectives to not be on the radar of an existing 24/7 cybersecurity team executi…
…
continue reading
1
Inside the Growing Complexity of Ransomware Hacking Groups
32:35
32:35
Play later
Play later
Lists
Like
Liked
32:35
Send us a text We’re back to discuss an all-too-familiar topic – ransomware. Ironically enough, it seems the topics we describe in this manner become so familiar because we can’t figure out viable, long-term solutions. I think part of the challenge for industrial organizations dealing with ransomware is that we have to divide our energy and resourc…
…
continue reading
1
Time to 'Rip off the Band-Aid' to Ensure Security
39:45
39:45
Play later
Play later
Lists
Like
Liked
39:45
Send us a text A smarter, well-funded hacker community means embracing basic, yet daunting cyber challenges. In manufacturing, regardless of your role, avoiding downtime is an obvious priority, and one of the motivating factors driving investments in cybersecurity. In working to mitigate potential DDoS attacks or malware drops, manufacturers are ta…
…
continue reading
1
Combating the 20th Century Mafia with a Stronger Human Firewall
46:40
46:40
Play later
Play later
Lists
Like
Liked
46:40
Send us a text Sophos recently reported that 65 percent of manufacturing and production organizations were hit by ransomware last year, which, unlike other sectors, is an increase. Overall, these attacks have increased by 41 percent for manufacturing since 2020. Additionally, the cybersecurity firm found that 44 percent of computers used in manufac…
…
continue reading
1
Tearing Down the 'Set It and Forget It' Mindset
42:27
42:27
Play later
Play later
Lists
Like
Liked
42:27
Send us a text I recently watched an interesting documentary called Turning Point: The Bomb and the Cold War on Netflix. Great watch – I’d highly recommend it. Essentially it positioned nearly every prominent geo-political event since World War II as fallout from the U.S. dropping the nuclear bomb on Japan to end World War II. Similarly, we can loo…
…
continue reading
Send us a text When I was a kid, we always looked forward to my dad’s work picnic. He was a tool and dye maker for a leading caster manufacturer that would rent out a local park, make a ton of food and put on various games and activities for the families. One of the highlights of this day was a softball game pitting the office versus the shop. The …
…
continue reading
1
'There's No Bulletproof Vest' in Cybersecurity
52:02
52:02
Play later
Play later
Lists
Like
Liked
52:02
Send us a text An ethical cyber researcher breaks down the 'tsunami of exposed data' he continues to uncover. When it comes to solving industrial cybersecurity's biggest challenges, I think we have to continue to ask questions that simultaneously tackle basic blocking and tackling concerns, as well as those that lead to bad news. Both prevent us fr…
…
continue reading
Send us a text The landscape of industrial cybersecurity continues to change and evolve, and demands a vigilant monitoring of the next threat, vulnerability or potential soft spot in our defenses. That’s why we continue to produce Security Breach, and, by the way, continue to be so appreciative of the growth and support we’ve received from each of …
…
continue reading
1
The $25M 'Wake-Up Call' Supply Chain Hack
31:15
31:15
Play later
Play later
Lists
Like
Liked
31:15
Send us a text According to IBM’s Cost of a Data Breach Report, nearly 20 percent of the organizations surveyed stated that they have experienced a breach stemming from a compromise in their supply chain, or a vulnerability related to it. The average cost of these breaches was estimated at just under $4.5 million. Their data also found that attacks…
…
continue reading
1
What Enterprises Need to Know About ChatGPT and Cybersecurity
21:44
21:44
Play later
Play later
Lists
Like
Liked
21:44
Many people are pondering whether generative artificial intelligence (AI) tool ChatGPT is a friend or a foe. In this ISACA podcast episode, Camelot Secure Director of Solutions Engineering Zachary Folks discusses not only his view of how ChatGPT can be considered an evolution of the encyclopedia, but importantly how it is aiding cybersecurity profe…
…
continue reading
