Podcasts about cyber risk

In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory Touhill, director of the SEI CERT Division, sits down with Matthew Butkovic, technical director of Cyber Risk and Resilience at CERT, to discuss ways in which CERT researchers and technologists are working to deliver rapid capability to warfighters in the Department of Defense. 

Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region? The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments? Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination? M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages? Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions? Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare? Resources: EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive EP191 Why Aren't More Defenders Winning? Defender's Advantage and How to Gain it!  

In this compelling episode of Public Key, Eitan Danon (Content Marketing Manager, Chainalysis) speaks with Yaya Fanusie (Director of Policy for AML & Cyber Risk, Crypto Council for Innovation) to discuss the multifaceted dynamics of cryptocurrencies and their implications for national security, illicit finance and global policymaking. Yaya leverages his rich background in intelligence analysis to emphasize the widespread impact of blockchain technology on economic security and policy, including the response of various governments to blockchain and illicit finance and the integration of innovative technologies in mitigating financial crime.  Listeners will gain an in-depth understanding of strategies from countries like Iran and China and how digital assets are reshaping the geopolitical landscape and creating modern day conflict zones. Minute-by-minute episode breakdown 2 | Yaya's journey From CIA analyst to crypto and illicit finance expert 6 | How crypto has evolved in the world of National Security and illicit finance 13 | Balancing innovation and regulation in crypto ecosystem 18 | China's digital currency strategy and Its geopolitical implications 23 | Data as the new electricity and currency in a digital economy 26 | Crypto's impact on traditional finance and regulatory challenges 29 | Digital Asset's dual role in conflict zones: Aid and illicit use 34 |  Exploring financial crime and spy thrillers podcasts Related resources Check out more resources provided by Chainalysis that perfectly complement this episode of the Public Key. Website: The Premier Global Alliance Advancing Crypto Innovation Guide: Crypto Council for Innovation: Crypto Illicit Finance Risk Management Guide Podcast: The Jabbari Lincoln Files: A Spy Thriller Podcast Created by a Former CIA Officer Podcast: Illicit Edge: Breaking News for Financial Crime Professionals Report: The Chainalysis 2025 Crypto Crime Report (Download Your Copy Today) Blog: United States DOJ and FBI Seize Cryptocurrency in Major Disruption of Hamas Terrorist Financing Scheme Blog: What is Authorized Push Payment (APP) Fraud? Understanding Crypto-Related Scams & Prevention YouTube: Chainalysis YouTube page Twitter: Chainalysis Twitter: Building trust in blockchain Speakers on today's episode Eitan Danon *Host*  (Content Marketing Manager, Chainalysis) Yaya Fanusie (Director of Policy for AML & Cyber Risk, Crypto Council for Innovation) This website may contain links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein. Our podcasts are for informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material. Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in any particular podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.  Unless stated otherwise, reference to any specific product or entity does not constitute an endorsement or recommendation by Chainalysis. The views expressed by guests are their own and their appearance on the program does not imply an endorsement of them or any entity they represent. Views and opinions expressed by Chainalysis employees are those of the employees and do not necessarily reflect the views of the company.   

Richard Counsell from CyberRisk Alliance joins Kevin on Pathmonk Presents to reveal how this data-driven, community-focused company empowers cybersecurity marketing teams. Based in Florida, CyberRisk Alliance connects professionals through events like InfoSec World and solutions like CRA Connect, offering tailored campaigns and actionable insights. Richard shares strategies for leveraging organic traffic, optimizing websites, and navigating MarTech challenges to drive conversions. Learn how they support CISOs and marketers alike, fostering a thriving cybersecurity ecosystem with integrity and expertise—perfect for anyone aiming to elevate their marketing game!

Understanding a company’s cyber risk starts with identifying potential losses, evaluating security measures, and ensuring executive commitment to data protection. Watch this excerpt from the latest cyber webinar … Read More » The post Assessing Cyber Risk: Key Factors Insurers Must Consider appeared first on Insurance Journal TV.

In this episode, Melissa Ventrone of law firm Clark Hill and Arthur Armstrong of law firm Reed Smith joined The Insuring Cyber Podcast to unpack the Trump administration's … Read More » The post EP. 101: Insuring Cyber Risk in a Shifting Political Landscape appeared first on Insurance Journal TV.

In this episode, Melissa Ventrone of law firm Clark Hill and Arthur Armstrong of law firm Reed Smith joined The Insuring Cyber Podcast to unpack the Trump administration's … Read More » The post EP. 101: Insuring Cyber Risk in a Shifting Political Landscape appeared first on Insurance Journal TV.

In this episode, Melissa Ventrone of law firm Clark Hill and Arthur Armstrong of law firm Reed Smith joined The Insuring Cyber Podcast to unpack the Trump administration's … Read More » The post EP. 101: Insuring Cyber Risk in a Shifting Political Landscape appeared first on Insurance Journal TV.

Cybersecurity in Italy: ITASEC 2025 Recap & Future Outlook with Professor Alessandro ArmandoCybersecurity is no longer a niche topic—it's a fundamental pillar of modern society. And in Italy, ITASEC has become the go-to event for bringing together researchers, government officials, and industry leaders to tackle the biggest security challenges of our time.Although we weren't there in person this year, we're diving into everything that happened at ITASEC 2025 in this special On Location recap with Professor Alessandro Armando. As Deputy Director of the Cybersecurity National Laboratory at CINI and Chairman of the Scientific Committee of the SERICS Foundation, Alessandro has a front-row seat to the evolution of cybersecurity in Italy.This year's event, held in Bologna, showcased the growing maturity of Italy's cybersecurity landscape, featuring keynotes, technical sessions, and even hands-on experiences for the next generation of security professionals. From government regulations like DORA (Digital Operational Resilience Act) to the challenges of AI security, ITASEC 2025 covered a vast range of topics shaping the future of digital defense.One major theme? Cybersecurity as an investment, not just a cost. Italian companies are increasingly recognizing security as a competitive advantage—something that enhances trust and reputation rather than just a compliance checkbox.We also discuss the critical role of education in cybersecurity, from university initiatives to national competitions that are training the next wave of security experts. With programs like Cyber Challenge.IT, Italy is making significant strides in developing a strong cybersecurity workforce, ensuring that organizations are prepared for the evolving threat landscape.And of course, Alessandro shares a big reveal: ITASEC 2026 is heading to Sardinia! A stunning location for what promises to be another exciting edition of the conference.Join us for this insightful discussion as we reflect on where cybersecurity in Italy is today, where it's headed, and why events like ITASEC matter now more than ever.

Today on the Social-Engineer Podcast: The Security Awareness Series, Chris is joined by Roy Luongo. Roy is the Chief Information Security Officer for the United States Secret Service. He leads a team in the defense and information assurance of all USSS information systems and solutions. Prior to his current role he was the Director, Joint Mission Operations Center for Cyber Command, providing oversight of mission critical Cyber Operations infrastructures. He has also served as Chief, NSA Red Team and Technical Director for Interactive Operations for the NSA. Roy is a retired Army soldier with 20 years' service within the Intelligence and Cyber career fields. [March 17, 2025]   00:00 - Intro 00:17 - Intro Links: -          Social-Engineer.com - http://www.social-engineer.com/ -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/ -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/ -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/ -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb -          CLUTCH - http://www.pro-rock.com/ -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/                                                01:55 - Roy Luongo Intro 02:44 - The Path to CISO of the Secret Service 04:58 - Cybersecurity in Early Education 07:50 - The Entry Level Catch-22 12:24 - Quantifying Risk 14:27 - The Best Way Forward 16:51 - The Effects and Future of AI 20:06 - Understanding Your Needs 22:11 - Advise to Young Roy 24:56 - The Cost of Training 29:01 - Mentors -          Ed Skoudis -          Brigadier General Brian D. Vile -          Shawn Turskey 29:55 - Lollipop Moments -          TEDxToronto - Drew Dudley "Leading with Lollipops" 31:33 - Book Recommendations -          Cybersecurity Canon - Rick Howard -          Kingpin - Kevin Poulsen -          Turn the Ship Around! - L. David Marquet 33:49 - Wrap Up & Outro -          www.social-engineer.com -          www.innocentlivesfoundation.org

What's making supply chain risk the fastest-growing cyber-risk categoryHow to galvanise your internal and external peers to develop a shared responsibility for supply chain cyber-risksDesigning and implementing effective key controls to mitigate supply chain cyber-risks This episode is hosted by Jonathan Craven:https://www.linkedin.com/in/jonathanbcraven/Mike Johnson, Global Cyber Threat & Incident Response Manager, Verifonehttps://www.linkedin.com/in/mike---johnson/Jean Carlos, Group Head of Cyber Architecture & Engineering, TP ICAP https://www.linkedin.com/in/jeanpc/Richard Marcus, CISO, AuditBoardhttps://www.linkedin.com/in/richard-marcus-b3192261/

Rinki Sethi is the VP & CISO at BILL. In this episode, she joins host Scott Schober to discuss the topic of CISOs and cyber risk, including how the core responsibilities of a CISO have shifted over the years, what security leaders should be doing to build resilience against the many growing risks, and more. SecurityScorecard is the leading security rating company, used by more than 2,500 top companies. To learn more about our sponsor, visit https://securityscorecard.com

In this episode of AI, Government, and the Future, host Marc Leh is joined by Candy Alexander, a prominent cybersecurity leader with over 35 years of experience and current Chief Information Security Officer at NeuEon. As a two-time President of the Information Systems Security Association (ISSA) International and founding President of the ISSA Education and Research Foundation, Candy brings her extensive expertise to discuss AI trustworthiness, data governance, and enterprise security challenges.

Emily Perry Short is currently the National Director of Cyber Product at The Baldwin Group regularly consulting on cyber risk management and insurance solutions across a variety of industries with a particular focus on technology, venture capital, and private equity risks. Emily has been in insurance in a variety of forms since 2014, originally as a lawyer focusing on professional liability insurance defense. Her experience as both a defense attorney and a cyber and technology broker gives her a unique perspective when it comes to analyzing cyber risks for clients. In addition to her Juris Doctor, Emily holds the Certified Information Privacy Professional (CIPP/US) designation, Cyber COPE designation from Carnegie Mellon, and the Registered Professional Liability Underwriter (RPLU) designation. In January, after a number of years on the Executive Committee, Emily stepped into the role of Chairwoman for TechAssure, an international association of insurance brokers specializing in technology-related risks. She regularly speaks on panels as a subject matter expert on cyber and technology risks. She is licensed to practice law in Kansas and Missouri.In this episode, Eric and Emily Short discuss:Four basic principles of risk management Working with a broker that can give appropriate coverage The risk of cyberattack incidents Cybersecurity is the responsibility of the whole organizationKey Takeaways:Cyber risk management, like any risk management, involves 4 main concepts - accept the risk, avoid the risk altogether, transfer the risk, and mitigate the risk. Organizations should utilize a combination of these strategies.Cyber insurance policies are not standardized, so it's important to work with a broker who understands the nuances between different carrier policies and can help analyze the appropriate coverage.Cyber incidents can have significant financial and reputational impacts on organizations, so having an incident response plan that is regularly tested is crucial for being able to respond effectively.Cybersecurity is everyone's responsibility within an organization, not just the IT department's. Educating and training employees on cyber risks and best practices is essential for prevention.“Humans are the weak link. Here we are the ones who click on the phishing email. We reuse passwords when we shouldn't.” - Emily ShortConnect with Emily Short:Website: https://baldwin.com/ LinkedIn: https://www.linkedin.com/in/emilyperryshort/ Connect with Eric Dyson: Website: https://90northllc.com/Phone: 940-248-4800Email: contact@90northllc.com LinkedIn: https://www.linkedin.com/in/401kguy/ The information and content of this podcast is general in nature and is provided solely for educational and informational purposes. It is believed to be accurate and reliable as of the posting date but may be subject to changeIt is not intended to provide a specific recommendation for any type of product or service discussed in this presentation or to provide any warranties, investment advice, financial advice, tax, plan design or legal advice (unless otherwise specifically indicated). Please consult your own independent advisor as to any investment, tax, or legal statements made.The specific facts and circumstances of all qualified plans can vary and the information contained in this podcast may or may not apply to your individual circumstances or to your plan or client plan-specific circumstances.

We talk to Sandip Wadje of BNP Paribas about the risks of digital technology, and how banks are balancing innovation and digital transformation against their security and compliance needs.Speakers: Sandip Wadje, Managing Director – Global Head of Emerging Technology Risks, BNP Paribas; Lucas Viegas, VP-Senior Analyst, Moody's RatingsHost: Danielle Reed, VP – Senior Research Writer, Moody's Ratings

Brandon Daniels is the CEO at Exiger. In this episode, he joins host Scott Schober and Cassie Crossley, author of the book “Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware,” and VP, Supply Chain Security, Cybersecurity & Product Security Office at Schneider Electric. Together, they discuss all things OT – key issues, recent events, and cyber risk overall. Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers through its software and tech-enabled solutions. To learn more about our sponsor, visit https://exiger.com.

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

In this Brand Story episode, Theresa Lanowitz, recently joined Sean Martin to share valuable insights drawn from LevelBlue's comprehensive 2024 Futures Report, a global study involving over 1,050 executives from C-suite levels across industries. The report offers a unique lens into the critical alignment between innovation, cybersecurity, and resilience. By examining seven key industry verticals—healthcare, retail, finance, manufacturing, transportation, energy, and state/local/higher education—LevelBlue highlights actionable strategies for building a resilient business ecosystem.Cyber Resilience: Beyond TechnologyLanowitz emphasizes that cyber resilience extends far beyond IT and cybersecurity; it represents the organization's ability to withstand and recover from disruptions affecting its entire digital and operational footprint. For instance, industries like manufacturing illustrate how sensors and IoT devices on production lines are now vital to efficiency. A single cyber event disrupting these systems could halt production, leading to cascading impacts. Lanowitz underscores the importance of cross-functional collaboration—between cybersecurity, application development, and operations teams—to ensure systems are brought back online effectively and seamlessly.Innovation vs. Security: A Delicate BalanceOne of the most striking findings from the report is that 73% of organizations prioritize innovation over mitigating risk, and 85% are willing to accept security risks in the pursuit of innovation. This trend spans industries, with examples ranging from healthcare's increased use of robotics in surgeries to transportation companies leveraging AI for optimizing fleet routes. Yet, Lanowitz points out a concerning disconnect: cybersecurity teams are often brought into projects late, treated as an afterthought rather than an integral part of the innovation process. This fragmented approach weakens resilience, leaving organizations vulnerable to threats.The Case for Secure by DesignLanowitz stresses the importance of adopting a “secure by design” approach, where security is integrated from the start. Treating security as a core architectural requirement prevents costly redesigns later and supports operational and performance goals. She draws a parallel between neglecting security during development and building a house without planning for heating or cooling systems—essential but often deprioritized elements.Trusted Advisors and Cybersecurity as a ServiceLanowitz also highlights the growing reliance on cybersecurity-as-a-service (CSaaS) and trusted advisors to bridge gaps in skills and resources. From setting up Security Operations Centers (SOCs) to conducting tabletop exercises and securing IoT networks, organizations increasingly turn to external partners like LevelBlue to fast-track initiatives. By leveraging these advisors, businesses gain industry-specific expertise, enabling tailored and scalable solutions that align security with innovation.Looking Ahead to 2025As LevelBlue prepares for its 2025 research, Lanowitz notes an increased focus on software supply chain security and the convergence of IT and operational technology (OT). These areas, coupled with a deeper exploration of how cybersecurity and business functions must align, will shape the next wave of insights into resilience and innovation.Theresa Lanowitz's expertise and LevelBlue's research underscore that building resilience requires more than just technical fixes—it demands an integrated approach where innovation, security, and business goals coexist seamlessly.Learn more about LevelBlue: https://itspm.ag/levelblue266f6cNote: This story contains promotional content. Learn more.Guest: Theresa Lanowitz, Chief Evangelist of AT&T Cybersecurity / LevelBlue [@LevelBlueCyber]On LinkedIn | https://www.linkedin.com/in/theresalanowitz/ResourcesTo learn more, download the complete findings of the 2024 LevelBlue Futures Report: Cyber Resilience in Retail here:https://itspm.ag/levelbjk57Learn more and catch more stories from LevelBlue: https://www.itspmagazine.com/directory/levelblueLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

On this episode of The Cybersecurity Defenders Podcast we speak with Sharon Florentine, Senior Managing Editor at CyberRisk Alliance, about the MSSP Alert 2024 Pricing Benchmark Report.Sharon is a master technology storyteller and editor with over two decades of experience in shaping the way we understand and engage with technology. Sharon's career spans an impressive range of platforms, from books and print magazines to podcasts, live events, and digital media. She's covered everything from AI and cybersecurity to career development and diversity in tech.Currently, Sharon is the Senior Managing Editor for CyberRisk Alliance's channel brands, ChannelE2E and MSSP Alert, where she's helping to expand the reach of these vital resources for the IT and cybersecurity communities. Sharon has a rich history of editorial leadership, including her previous role as Managing Editor at Techstrong Group, overseeing Cloud Native Now, DevOps.com, and Security Boulevard.She joins us to discuss the inaugural 2024 MSSP Pricing Benchmark Report—a critical resource for understanding the evolving managed security services market. You can get a copy of the report here: https://www.msspalert.com/whitepaper/mssp-alert-2024-pricing-benchmark

In this episode of the Risk Management Show, we explore how AI is revolutionizing compliance and risk management as we look ahead to 2025. Our guest, Jag Lamba, founder and CEO of Certa.ai, shares his expertise on leveraging AI and automation to enhance third-party risk management, sustainability, and compliance programs. With a background as a Wharton alumnus and ex-McKinsey, Jab leads a company that's raised over $50 million to transform how organizations manage procurement and ESG requirements. We discussed upcoming regulatory challenges like supply chain resilience, sustainability mandates, and the evolving enforcement of anti-bribery and corruption laws. Jab also provided practical steps for organizations to prepare for new compliance requirements and demonstrated how AI tools can streamline operations, improve scalability, and ensure accuracy in managing third-party relationships. This episode is packed with insights on the productivity revolution driven by AI and its impact on roles in risk and compliance. If you want to be our guest or suggest someone for the Risk Management Show, send your email to info@globalriskconsult.com with the subject line “Guest Proposal.” Stay ahead in the world of Risk Management, Cyber Security, and Sustainability by subscribing to our channel today!

We discuss the outlooks for digital finance and cybersecurity. Tokenization and digital assets will gain traction. Meanwhile, cyberattacks will likely be more frequent and more personalized.Speakers: Cristiano Ventricelli, VP-Senior Analyst, Moody's Ratings; Leroy Terrelonge, VP-Analyst, Moody's RatingsHosts: Danielle Reed, VP – Senior Research Writer, Moody's Ratings; Carolyn Henson, VP – Senior Research Writer, Moody's RatingsRelated research:Digital Economy – Global: 2025 Outlook – Institutions to edge further into digital finance, focus on risk mitigationCybersecurity – Global: 2025 Outlook - Credit risk set to rise as cyber attackers target larger companies

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware.   Listen to how you can harden your organization's network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod's background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney's Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney's Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney's Office in Pittsburgh, need to have some aspect of an organization's criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital's network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It's an unusual non-profit organization working 100% in operations. It works in three core areas. First, it's the world's largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation's work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver's data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren't timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that's unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra's GoAnywhere software. That continued in May, with them exploiting Progress Software's MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio's file transfer platform that breached victims' networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:17] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [18:08] Let's Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury's Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It's been going on for many years and it's going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don't seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it's now a concern for all of society. There's the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It's not going away. One thing we're seeing is bypassing data encryption and focusing on data theft. It's easier and less time-consuming for the threat actors because they don't have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers.  [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver's very talented team collects the data. It's free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn't scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won't be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies' due diligence, with the insurance applicant's consent. [32:20] It's important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode's show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We've got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That's going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024)   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail' | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Tod Eberle, Shadowserver Foundation   Production and engineering provided by Podfly.  

About the CISO Circuit SeriesSean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Heather Hinton, CISO-in-Residence, Professional Association of CISOsOn LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMichael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Episode NotesIn this episode of the CISO Circuit Series, part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton, seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally.This episode addressed three critical questions shaping the modern CISO role:How can CISOs build trust within their organizations?What is PAC doing to elevate cybersecurity as a recognized profession?How can CISOs prepare for increasing scrutiny and legal risks?Building Trust: A CISO's Key ResponsibilityHeather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO's success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives.The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one.Elevating Cybersecurity as a Recognized ProfessionMichael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series, emphasizes PAC's role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC's ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers.This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC's advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats.Preparing for Legal Risks and Industry ChallengesThe conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence.Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society.Looking AheadWith goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals.For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

About the CISO Circuit SeriesSean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Heather Hinton, CISO-in-Residence, Professional Association of CISOsOn LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMichael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Episode NotesIn this episode of the CISO Circuit Series, part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton, seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally.This episode addressed three critical questions shaping the modern CISO role:How can CISOs build trust within their organizations?What is PAC doing to elevate cybersecurity as a recognized profession?How can CISOs prepare for increasing scrutiny and legal risks?Building Trust: A CISO's Key ResponsibilityHeather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO's success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives.The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one.Elevating Cybersecurity as a Recognized ProfessionMichael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series, emphasizes PAC's role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC's ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers.This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC's advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats.Preparing for Legal Risks and Industry ChallengesThe conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence.Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society.Looking AheadWith goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals.For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Matt Webb, head of cyber clients and strategy at Howden Re, joins Double Take to discuss the evolution and current state of cyber insurance, focusing on the impacts of ransomware, reputational harm and business interruption. 

Send us a textForget the magic numbers. Cyber risk appetite isn't about finding a one-size-fits-all percentage of revenue. It's about protecting your company's dreams. In this episode, we dive deep into the WHY behind cyber risk appetite. We explore how a strong understanding of risk tolerance can safeguard your mission, reputation, and customer trust.Discover:The crucial factors that shape your cyber risk appetite (hint: it's more than just revenue!).Why a mission-driven approach to cybersecurity is essential in today's threat landscape.How to build a robust risk management plan that aligns with your business goals.Don't just mitigate threats - empower your vision. Watch now and learn how to own your cyber risk appetite truly.

Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and neuroscience reshape how we approach security awareness, reducing risks in ways tech alone never could. In this episode, Ron and David examine why people, not technology, are at the core of effective cybersecurity. David teaches us about the SCARF model, warns us about the dangers of overconfidence in training, and explains how gamification can drive meaningful behavior change when it comes to cybersecurity awareness and risk reduction.    Impactful Moments: 00:00 – Introduction 02:00 – David Shipley's journey from journalist to cybersecurity leader 06:10 – Why motivation outshines knowledge in security training 08:20 – The Dunning-Kruger effect: Overconfidence in cybersecurity 11:17 – How overreliance on tech increases click rates 17:03 – Cybercriminals' evolving tactics and emotional manipulation 25:00 – Gamification in cybersecurity: Changing security behaviors 30:56 – Using the SCARF model to enhance security culture 39:45 – Emotional intelligence as a defense against AI threats Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: www.beauceronsecurity.com/partner   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

In this year's final “On Aon” episode, we take a closer look at one of the four key megatrends impacting organizations around the world: Technology. AI is driving new exposures that leaders need to identify and address. Our experts discuss the human risk in AI and the steps organizations should be taking. Experts in this episode: Spencer Lynch, Global Security Consulting Leader, Cyber SolutionsAdam Peckman, Head of Risk Consulting and Cyber Solutions, Asia Pacific[1:35] AI's increasing risk in cyber exposure[3:02] Regulatory challenges with AI[3:25] The human element of cybersecurity[4:50] Strategies for managing increasing risk exposureAdditional Resources:Evolving Technologies Are Driving Firms to Harness Opportunities and Defend Against Threats2024 Client Trends Report: Better Decisions in Trade, Technology, Weather and WorkforceOn Aon Special Edition: 2024 Business Decision Maker Survey2024 Business Decision Maker SurveySpecial Edition: Global Trade and its Impact on Supply ChainTweetables:“Gen AI will help businesses productivity and allow employees to be more engaged in stimulative work activities.” — Adam Peckman“The human element remains the weakest link in defending against cyber attacks.” — Adam Peckman“Risk leaders cannot afford to wait until these new technology initiatives go live before investigating the risk and insurance implications.” — Adam Peckman

In this episode of (Re)thinking Insurance, our host Anand Patel is joined by Dr Kennet Otto and Georgy Matov who share their insights on the challenges and opportunities within the growing European cyber insurance market.

In episode 113 of Cybersecurity Where You Are, Tony Sager is joined by Phyllis Lee, VP of SBP Content Development at the Center for Internet Security® (CIS®); Adam Bobrow, Co-Founder and President of Veribo Analytics; and Sridevi Joshi, Co-Founder and CEO of Veribo Analytics. Together, they discuss how the Business Impact Analysis tool created by CIS and Veribo Analytics empowers individuals and organizations to use cyber risk prioritization as a basis for their ransomware defense strategy.Here are some highlights from our episode:04:35. Background on the impetus for the tool's development07:57. How our understanding of cybersecurity risk differs from other areas of risk12:21. Insight into Sridevi's learning process about cyber risk prioritization as a technologist18:23. How the development process of the Business Impact Analysis tool got underway21:05. What went into the process of translating the goal into tooling31:34. Reflections on the tool's reception and what's nextResourcesCIS Critical Security Controls Implementation GroupsCIS Community Defense Model 2.0CIS Controls Self Assessment Tool (CIS CSAT)SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies4.3 Establish a Bureau of Cyber StatisticsFAIR: A Framework for Revolutionizing Your Risk AnalysisReasonable CybersecurityHow to Measure Anything in CybersecurityEpisode 107: Continuous Improvement via Secure by DesignEpisode 105: Context in Cyber Risk QuantificationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

High-tech tools alone can't manage today's evolving cyber threats—human insight remains essential.In this episode, host Anthony Hess welcomes Ann Irvine, Chief Data and Analytics Officer at Resilience, who shares why cyber risk management requires more than just the latest tech. Ann explains how Resilience combines technology with hands-on expertise to address complex cyber threats. She emphasizes the value of continuous client partnerships and highlights why a high-touch approach is crucial for mitigating cyber risk in an environment where attackers constantly adapt.You'll learn:1. Why human insight is essential to effective cyber risk management, beyond what tech can offer2. How data hygiene and diligence in data collection empower informed risk assessments3. Why ongoing partnerships create resilience against cyber threats4. How cyber insurance policies can drive best practices, ensuring organizations meet critical cybersecurity standards5. Why a collective approach to cybersecurity could reduce systemic risks across the industry___________Get in touch with Ann Irvine on LinkedIn: https://www.linkedin.com/in/ann-irvine-b5b39677/___________Details about Resilience:Website: https://www.cyberresilience.comIndustry: Computer and Network SecurityCompany size: 201-500 employeesFounded: 2016___________About the host Anthony Hess:Anthony is passionate about cyber insurance. He is the CEO of Asceris, which supports clients to respond to cyber incidents quickly and effectively. Originally from the US, Anthony now lives in Europe with his wife and two children.Get in touch with Anthony on LinkedIn: https://www.linkedin.com/in/anthonyhess/ or email: ahess@asceris.com.___________Thanks to our friends at SAWOO for producing this episode with us!

In this episode, VSBA Executive Director Gina Patterson is joined by Mike Rezac, Member Experience Manager at VAcorp. During the episode, Gina and Mike discuss VAcorp's Cyber Risk Services and how they can help school divisions that experience cyber incidents like ransomware attacks and business email compromises.

David Mauro and Ryan Leirvik (CEO of Neuvik) discuss why we must measure cyber risk, effective ways to protect business from cybercrime and how business measures cyber risk.The discussion also highlights why businesses need incident response plan today and  the impact of social engineering.Send us a textGet peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That's NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning. Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466. A word from our Sponsor-Kiteworks. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors. Visit kiteworks.com to get started.

Isabelle McCullough, a member of Academy's Committee on Cyber Risk, joins Actuary Voices host David Nolan for a conversation about the committee's work, trends they're seeing, and what drew her to working in this area.

In episode 105 of Cybersecurity Where You Are, Sean Atkinson discusses the importance of context in maturing how you use cyber risk quantification to build cases for risk treatment strategies.Here are some highlights from our episode:01:56. The inspiration for an episode on cyber risk quantification02:38. How to situate risk quantification in your business processes08:56. Traps to avoid when quantifying cyber risks12:12. How the quantification process relates to controls implementation16:50. Why the right people and data can help you build something sustainable23:19. Three lenses for examining cyber risk26:50. Different means for communicating risk to stakeholdersResourcesQuantitative Risk Analysis: Its Importance and ImplicationsFAIR: A Framework for Revolutionizing Your Risk AnalysisCIS Critical Security Controls®CIS Risk Assessment Method6 Truths of Cyber Risk QuantificationSociety of Information Risk AnalystsIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Please tune in to this episode of The Building BITE Podcast, as we hear from industry experts about key topics to help you be successful. The Building BITE hosts Chris Epps, LEED AP, and Mike Diercksen, CRIS, welcome Chris Mortifoglio, CPA,CFE, Principal & Founder at Rockland Consulting Group. We begin the episode hearing about the various experiences that ultimately lead Chris to starting his own firm with a focus on helping insureds package insurance claims. Chris shares some growing trends he has seen in the market, with Cyber Insurance becoming a key player as it touches so many commercial verticals. Chris shares some key examples of how Cyber losses are an increased area of concern for the Construction Industry leaving our audience three key takeaways. 1. Cyber Risk is Growing: As the Construction Industry continues to grow and advance through technology, cyber risks are going to become a more significant concern. As the risks continue to evolve in the years ahead, be sure to stay vigilant and plan for the upcoming challenges. 2. Be Mindful of Your Technology Partners: It is imperative that you choose your technology partners wisely, as their IT infrastructure adds another element of risk to your business. Make sure you are proactive when addressing data integration and protecting not only your business but partnering with firms that have taken similar precautions with theirs. 3. Cyber Insurance: a Must Have: Although not always at the front of mind for many in the Construction Industry, it is important to secure and utilize Cyber Insurance. This is an important tool, like many other lines of insurance, that allows for the transfer of risk and can help mitigate and educate insureds looking to protect against cyber occurrences. To learn more about how you can better prepare your firm for the opportunities ahead, listen to our full podcast episode with Chris on “Cyber Insurance, a growing need for the Construction Industry.” Please like, share, and subscribe to this podcast!

Prof. Leslie Wilcox, Professor at London School of Economics, talks to Peter Warren about the problem with digitalisation, and the importance of balancing cost-efficiency and cyber resilience. This podcast is for informational purposes only and is not intended to replace professional legal, financial or insurance advice. We are not responsible for any losses, damages, or liabilities that may arise from the use of this podcast. The content and views expressed are those of the host and guests.

Electric vehicles are becoming more popular and if you can't afford a Tesla, a cheaper Chinese made car could be the answer.But in the United States, the Biden administration wants to ban all Chinese developed software from cars on American roads because of security concerns. The US government already charges a big tariff on imports of Chinese EVs. Today, Adam Tong from the Center for a New American Security on whether the cyber security risk cited by US officials is really something to be concerned about. Mr. Tong explains that the interconnected nature of modern EVs increases their vulnerability to cyber attacks. He highlights that malware could potentially be embedded in the software deeply embedded in the vehicles, posing risks to both personal data and physical safety. Mr. Tong notes that while no major attacks have occurred yet, the proactive measures by the US aim to prevent future threats. He also discusses the economic implications of the ban, suggesting it also serves to protect the US EV industry from Chinese competition.Featured: Adam Tong, associate fellow at the Center for a New American Security Key Topics:Electric vehiclesChinese EVsCybersecurity risksBiden administration US-China trade relationsEV industry Tariffs on Chinese importsNational security concerns

If the TikTok fits, you post it. A powerful hour of Wisconsin's Morning News that begins with Mark Shapiro of the JCC, and Moshe Katz talking on the one year mark of the Hamas attack on Israel. Also we have Tina Cheng from SysLogic to talk Cyber Security and how security efforts are growing because the volume of attacks are increasing

Ron Borys and Ryan Farnsworth, Alliant Financial Institutions, speak with Adam Rauf and CJ Dietzman, Alliant Cyber, on their integrated approach to helping clients navigate cyber threats and highlight trends and precautions that businesses should consider to mitigate risks when managing third party service providers.

Elizabeth Houser, Director of Cyber defense at Defense Storm, discusses her role in cybersecurity and her creation of the Security Intel Bulletin. We discuss what cyber risk means for business leaders today. She emphasizes the importance of translating cybersecurity topics into plain language to increase awareness and understanding among business leaders and the general public. Send us a textGet peace of mind. Get Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com Imagine setting yourself apart from the competition because your organization is always secure, always available, and always ahead of the curve. That's NetGain Technologies – your total one source for cybersecurity, IT support, and technology planning. Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466. A word from our Sponsor-Kiteworks. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with Kiteworks' universal, secure file sharing platform made for every organization, and helpful to defense contractors. Visit kiteworks.com to get started.

Beazley is a carrier that is synonymous with expertise in the Cyber insurance line and today we are going to get a masterclass in the Cyber threat and how to deal with it from all angles. We're going to look at how that cyber threat is evolving, and how Cyber criminals are modifying their methods of attack in the face of an increasingly sophisticated line of defence from companies and Government agencies around the world. We'll look at the new threats coming in the age of Artificial Intelligence and - in a world where the CrowdStrike event has reminded us that not all threats necessarily need to be malicious to have a global impact – more mundane problems A decade ago cyber insurers may have partnered with third party service providers, such as threat monitors and security consultants. These days the best cyber insurers are bringing those services in-house and offering a holistic offering to their customers, one where everyone's interests are fully aligned to the best outcomes for all concerned. In this podcast we will see how this is fundamentally changing the traditional relationship between insurers and their customers. You don't have to be a Cyber expert to benefit from a listen to this podcast – indeed, as the Cyber world encroaches more and more on every aspect of our daily lives and companies become aware that Cyber threats directly affect the core of their businesses in all respects, being an avowed techie is less and less important. These days the best CEOs and CFOs are increasingly aware that a Cyber attack could be an existential threat to their company and that this is clearly not a matter to be left to the IT department to handle alone. To help us cover this subject from all possible angles, I have been lucky enough to interview four diverse experts from within the wider Beazley business: They are: Fran Donoso, Chief Technology Officer of Beazley Security, Sydonie Williams, Beazley's Cyber & Tech Focus Group Leader for the rest of the world, Raf Sanchez – Head of Cyber Services at Beazley Security and Cyber Security Consultant, Alex Creswell.    NOTES: I highly recommend you download Beazley's latest Cyber Tech Risk Report. It's called Spotlight On Cyber & Technology Risk 2024 - Resilience in a Game-changing environment  and it makes a perfect accompaniment to this podcast.

A takeover of the MOBI TLD for $20, configuring an LLM for a CTF, firmware flaw in an SSD, Microsoft talks kernel resilience, six truths of cyber risk quantification, and more! Show Notes: https://securityweekly.com/asw-299

Semperis, a pioneer in identity-driven cyber resilience has published the results of its global ransomware study of nearly 1,000 IT and security professionals at organisations spanning multiple industries across the US, UK, France, and Germany. The study aims to understand the prevalence, frequency and costs of ransomware attacks—in both ransom payments and collateral damage. The results highlight an alarming trend toward multiple, sometimes simultaneous attacks, forcing business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices. Organisations must ensure they have appropriate controls to withstand attacks where possible, however assume a mindset that at some point they will have to recover from a catastrophic outage and therefore have a tried and tested plan to recover business operations. Given the criticality of Active Directory, firms need a dedicated means of backing up and recovering Active Directory to recover from attacks with integrity and at speed. However, according to our survey, just 23% of UK respondents stated that they have dedicated, Active Directory–specific backup systems.Now, more than ever, modernised threats require modernised defences prioritised on the most critical assets – which is the identity platform - and for most organisations this is Active Directory. Semperis is a pioneer in managing and protecting the identity credentials of enterprises' hybrid environments and was purpose-built for securing AD.  Semperis provide a portfolio of products including a free tool - Purple Knight - which organisations use to uncover unknown vulnerabilities, communicate security posture to leaders and other teams, compensate for lack of inhouse AD skills, prepare for other assessments including pen tests, and garner more resources for AD security improvements.The full ransomware study, which includes breakdowns of responses by vertical market and by country, is available at https://itspm.ag/semper6u3wLearn more about Semperis: https://itspm.ag/semperis-1rooNote: This story contains promotional content. Learn more.Guest: Simon Hodgkinson, Strategic Advisor, Semperis [@SemperisTech]On LinkedIn | https://www.linkedin.com/in/simon-hodgkinson-6072623ResourcesLearn more and catch more stories from Semperis: https://www.itspmagazine.com/directory/semperisLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

In this episode, I talk with Siroui Mushegian, Chief Information Officer at Barracuda Networks, to explore the current state of cybersecurity and its growing importance for businesses. With over 20 years of leadership experience spanning organizations like Ralph Lauren, the NBA, and PBS, Siroui shares her valuable perspective on how companies can navigate the complexities of IT security across various industries. We dive into Barracuda's CIO report, "Leading Your Business Through Cyber Risk," which reveals concerning statistics: over half of companies struggle to implement consistent security policies, and only 43% are confident in managing cyber risks effectively. Siroui provides insight into the governance challenges that often hinder organizations, including better policy enforcement, securing third-party access, and addressing vulnerabilities in supply chains. Siroui outlines practical steps businesses can take to better prepare for, respond to, and recover from cyber incidents. From building stronger governance structures to ensuring executive buy-in for security initiatives, she offers actionable strategies to enhance cyber resilience.

This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behind running in the kernel, the challenges of software quality, and the distinction between a security incident and an IT incident. They also touch on the need to reduce the attack surface and the importance of clear definitions in the cybersecurity industry. The conversation explores the need for a product security revolution and the importance of transparency and trust in security vendors. As development cycles shorten and more responsibilities shift to developers, application security (AppSec) is rapidly evolving. Organizations are increasingly building mature programs that automate and enhance AppSec, moving beyond manual processes. In this discussion, we explore how organizations are adapting their AppSec practices, highlighting the challenges and milestones encountered along the way. Key topics include the integration of security into the development lifecycle, the impact of emerging technologies, and strategies for fostering a security-first culture. Boaz Barzel shares his experiences and offers practical advice on overcoming common obstacles, ensuring that security measures keep pace with rapid technological advancements. This segment serves as a comprehensive guide for organizations striving to enhance their AppSec practices and continuously optimize their posture. This segment is sponsored by OX Security. Visit https://securityweekly.com/oxbh to learn more about them! Given the rapid rise of threat actors utilizing AI for cyber-attacks, security teams need advanced AI capabilities more than ever. Shimon will discuss how Dataminr's Pulse for Cyber Risk uses Dataminr's leading multi-modal AI platform to provide the speed and scale required to build enterprise resilience in the modern cyber threat environment. Dataminr's world-leading AI platform helps companies stay informed - performing trillions of daily computations across billions of public data inputs from more than one million unique public data sources encompassing text, image, video, audio and sensor signals to provide real-time information when you need it most. Segment Resources: https://www.dataminr.com/pulse/cyber-risk/?utmsource=google&utmmedium=paidsearch&utmterm=dataminr%20company&utmcampaign=NORAMDIGIBRG-SearchHDRSMajEntDemo&utmsource=google&utmmedium=paidsearch&hsaacc=8657480186&hsacam=958164645&hsagrp=125093879176&hsaad=654125003504&hsasrc=g&hsatgt=kwd-338332441603&hsakw=dataminr%20company&hsamt=p&hsanet=adwords&hsaver=3&gadsource=1&gclid=CjwKCAjwnqK1BhBvEiwAi7o0XxetJ1k8xcqlYk1Pk5Jsr6Adr2yP-9yhNM7oxISq2-Rbz-UunCxSmhoCYfgQAvD_BwE https://www.dataminr.com/resources/on-demand-webinar/why-cyber-physical-convergence-really-matters This segment is sponsored by Dataminr. Visit https://securityweekly.com/dataminrbh to learn more about their world-leading AI platform perform! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-296

In this episode, host Raghu Nandakumara sits down with Indy Dhami, Partner at KPMG UK, to explore the evolution from traditional InfoSec to cyber resilience. They discuss the strategic implementation of Zero Trust, the impact of regulatory pressures, and the challenges posed by AI. Indy emphasizes the critical role of foundational cybersecurity practices in maintaining business continuity and driving innovation.--------"The way I see it with some of these regulations, it's changing the focus of very siloed-based approaches to addressing regulatory requirements, to as I term, it's turning compliance into a team sport. You need to have your Chief Information Security Officer at the table for DORA. However, you also need to have the person that's responsible for all of your human resources or the person that's responsible for your business operations or for your important business services. And the more mature organizations that I'm working with are approaching it in that way. They have all of those key stakeholders at the table. They've understood that there are certain roles to play for each of these functions and they're working together."--------Time Stamps (01:27) Indy's career journey(07:40) The shift to cyber resilience(10:18) Importance of cybersecurity awareness(13:19) Ransomware ethics and initial client concerns(17:10) Evolution of regulations in cybersecurity(27:58) Understanding Zero Trust(35:54) Adoption and implementation of Zero Trust strategy(48:19) Harmonizing risk, security, and fraud(50:55) Future challenges in cybersecurity(53:05) Impact of AI and quantum computing on cybersecurity(55:03) Indy's vision of the future --------SponsorAssume breach, minimize impact, increase resilience ROI, and save millions in downtime costs — with Illumio, the Zero Trust Segmentation company. Learn more at illumio.com.--------LinksConnect with Indy on LinkedIn

Jeremy Snyder, founder and CEO of FireTail, joins the show to discuss the rising importance of API security in a world where over 80% of internet requests are API calls. Jeremy shares his journey from launching FireTail to becoming a leading voice in cybersecurity, providing insights into how organizations can protect their APIs from increasingly common cyber threats. Learn the strategies to secure your APIs against breaches, understand the critical role of APIs in modern infrastructure, and discover how to mitigate risks that could expose sensitive data. Jeremy also offers advice for tech professionals on how to leverage AI to stay competitive and advance in the evolving job market.