POPULARITY
Categories
Organizations pour millions into protecting running applications—yet attackers are targeting the delivery path itself.This episode of AppSec Contradictions reveals why CI/CD and cloud pipelines are becoming the new frontline in cybersecurity.
To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »
For Cybersecurity Awareness Month, in a new Actuary Voices podcast episode, Committee on Cyber Risk member Bobby Jaegers discusses building a strong U.S. cybersecurity infrastructure and cyber resilience at the personal level.
Cyber Risk Unfiltered: Behind the Scenes of Mid-Market Attacks by IB Talk
Send us a textCybersecurity is a core business risk that can impact the entire organisation. Boards are challenged to understand how cyber threats impact financial performance, reputation, and regulatory obligations. Boards need to build awareness of their organisation's cyber security posture, protection measures, and incident response protocols. In this podcast, Dr Sabine Dembkowski, Founder and Managing Partner of Better Boards, is joined by Beatrice Devillon-Cohen. Beatrice has over 25 years of investment banking experience, having led traders' teams across the UK, Europe, Asia, and the US. She has now developed a portfolio of non-executive positions, having recently served on the Audit Committee of the European Investment Bank and the Finance Committee at King's College, London. “The Rule of Three is important when it comes to cybersecurity.”As Boards seek to manage and survive cyber threats, the Rule of Three comes into play. On average, in a cyber event, there are three days of chaos, three weeks of systems rebuilding, and three months of constant IT problems. “What has been changing over time is the cyber-criminal groups. They are now running their operation as a business, selling cyber attacks as a service.”The criminal ecosystem has gone professional. While there will always be bored teenagers or disgruntled employees, the more serious players run their operations like business ventures. They sell cyberattacks as a service, backed by deep resources, skilled talent, and vast networks.“You need to work on mitigation, responding to an attack, and recovering. That's your battleground.” While cyber threats can't be entirely avoided, Beatrice counsels Boards not to despair. There is plenty that can be done. It begins by understanding how threats work.A primary attack path is through links in emails. One-click installs malware that hackers can use for access. Caution and education can help prevent this.Another primary attack path is third-party providers. External suppliers are compromised and used as a bridge into your own internal system. “Never hope for the best when it comes to cybersecurity, because hope will not be a strategy.”Boards are accountable for cyber risk oversight (see the UK Cyber Governance Code of Practice). They need to make it a strategic priority. Build relationships with IT heads, show curiosity, and build trust. Get a strong dialogue going. Educate within the organisation and with third-party partners. Create a no-blame culture so that if something happens, it is escalated immediately, which can limit its impact.“It's our own duty to upskill, stay current, and think around the corner on that subject, like any other subject in the boardroom.”Cyber culture starts at the top. It is not “too complicated” to pick up basic cyber safety skills or understand risk. Plus, with AI and quantum computing on the horizon, any actions Boards can take—and lead their companies to take—will help prepare for future risks.The three top takeaways from our conversation for effective boards are:1. Cyber risk is a business risk. Own it as such. 2. Don't hide, as a Board member, behind “it's too technical and not for me”. Upskill, be curious, and engage with executives.3. Prepare for it. Run exercises and test regulIf you would like to become part of the Better Boards community, learn about our distinctive approach and explore opportunities to work with us or contribute to The Better Boards podcast series, get in touch at info@better-boards.com. We love to hear from you.
Small and medium-sized enterprises in Canada may be dangerously underestimating their exposure to cyber risk, leaving many without adequate defences or insurance coverage, according to a new survey commissioned by the Insurance Bureau of Canada, or the IBC. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss. To learn more about today's stories, visit https://cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com.
Link to episode page This week's Cyber Security Headlines - Week in Review is hosted by Rich Stroffolino with guests Mike Lockhart, CISO Eagleview, and Dustin Sachs, chief technologist at CyberRisk collaborative, and author of Behavioral Insights in Cybersecurity Thanks to our show sponsor, ThreatLocker Cybercriminals don't knock — they sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker” All links and the video of this episode can be found on CISO Series.com
Cybersecurity is evolving faster than many community banks and credit unions can keep pace with. With the retirement of the FFIEC Cybersecurity Assessment Tool (CAT) on August 31, 2025, financial institutions are left wondering how best to measure, track, and manage cyber risk without a regulator-endorsed standard. In this episode of the Banking on Data podcast, host Ed Vincent sits down with Cathy Jackson to unpack what comes next for institutions in this post-CAT world. Together, they explore how banks can leverage the Cyber Risk Institute's Profile 2.1, why the seven functional areas of cyber risk matter, and how moving beyond spreadsheets to an integrated risk suite can give leaders a holistic, regulator-ready view of their risk posture.Follow us to stay in the know!
In this episode of On Aon, Joe Peiser, CEO of Commercial Risk, and Richard Waterer, Global Risk Consulting Leader, unpack the major findings from Aon's 2025 Global Risk Management Survey — and what Risk Management leaders can do to remain resilient in the face of increasingly systemic and interconnected risks.They explore the critical role of analytics in understanding evolving threats and highlight three traits that distinguish highly resilient organizations: insight, agility and collaboration. Key Takeaways:Many of the top risks in Aon's Global Risk Management Survey are broad and interconnected, impacting multiple areas of business.Cyber Risk remains the top concern globally. The rapid adoption of AI is intensifying risk complexity. Artificial Intelligence is itself a top 10 future risk.A persistent gap exists between risk awareness and action. Organizations, need better data and analytics to build accurate risk profiles.Resilient organizations are those that can quantify exposures, optimize capital allocation and embed risk strategy into decision making. Experts in this episode:(Host) Joe Peiser, CEO, Commercial Risk at AonRichard Waterer, Global Risk Consulting Leader at Aon Key moments: (1:12) The top 10 risks in our 2025 Global Risk Management Survey had some surprising and not-so-surprising results. Cyber Risk and Increasing Competition continue to rank highly, while Geopolitical Volatility made a significant jump. (4:14) The risks cited are systemic and interconnected. Their impact is widespread and can be felt across the company. (8:37) Highly resilient companies need three things to set themselves apart — insight, agility and collaboration. Additional Resources:Findings from Aon's Global Risk Management Survey5 Ways to Position Risk Capital as a Value DriverAI and Workforce Skills: Who Should Act and Why Now?5 Top Trends for Risk Capital in 2025 Soundbites:Joe Peiser:“Business leaders can't simply manage more risk by intuition. They really need the tools and the insights from those tools to interpret today's landscape and make decisions that help them survive and thrive.” Richard Waterer:“We were surprised to see Attracting and Retaining Top Talent fall out of this year's top 10. When you consider the challenges being brought about by workforces today, for example, healthcare costs in North America, new legislation on pay transparency in EMEA, you can understand why talent is a complex and costly issue for leaders.
As artificial intelligence reshapes workplaces and business strategies, firms increasingly depend on AI providers, making AI a tool of geopolitical influence. We'll discuss the impact across industries, as digital currencies affect monetary control and cyber threats challenge operational resilience. Host: William Foster, Senior Vice President, Sovereign Risk Group, Moody's Ratings Guests: Vincent Gusdorf, Associate Managing Director, Digital Finance and AI Analytics, Moody's Ratings; Leroy Terrelonge, Vice President-Analyst, Cyber Credit Risk, Moody's Ratings Related research:Artificial Intelligence – Global – Nations push for AI sovereignty to capture economic, geopolitical gains 30 September 2025 Sovereigns - Global – Digital currency growth, inconsistent regulation amplify countries' financial risks 25 September 2025Artificial Intelligence – Corporates – Pace of AI advances, regional disparities will steer credit trends across industries 23 September 2025 Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Organizations continue to face an increasingly complex cyber threat landscape. Amid ongoing geopolitical and geoeconomic tensions and supply chain disruptions, a robust and comprehensive cyber risk management strategy can help businesses mitigate risks and improve resiliency. In this episode of Risk in Context, Marsh McLennan's Dan Bowden speaks with Marsh's Helen Nuttall and Matt Berninger about the importance of reviewing and reinforcing cyber controls to help minimize cyber exposures and uncertainty and better protecting their people, finances, and operations from cyber threats. You can access a transcript of the episode here. Read Cybersecurity Signals, Connecting Controls and Incident Outcomes and The 2025 OT Security Financial Risk Report. For more insights and insurance and risk management solutions, follow Marsh on LinkedIn and X and visit marsh.com.
Artificial intelligence (AI) is a transformational technology, but it has limitations in challenging operational settings. Researchers in the AI Division of the Carnegie Mellon University Software Engineering Institute (SEI) work to deliver reliable and secure AI capabilities to warfighters in mission-critical environments. In our latest podcast, Matt Gaston, director of the SEI's AI Division, sits down with Matt Butkovic, technical director of the SEI CERT Division's Cyber Risk and Resilience program, to discuss the SEI's ongoing and future work in AI, including test and evaluation, the importance of gaining hands-on experience with AI systems, and why government needs to continue partnering with industry to spur innovation in national defense.
CyberCube is delivering the world's leading cyber risk modeling and analytics. With best-in-class data access and advanced multi-disciplinary analytics, the company's cloud-based platform helps insurance organizations quantify cyber risk to facilitate placing insurance, underwriting cyber risk and managing cyber risk aggregation. CyberCube's enterprise intelligence layer provides insights on millions of companies globally and includes modeling on thousands of points of technology failure. The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company exclusively focused on the insurance industry, with access to an unparalleled ecosystem of data partners. It is backed by Morgan Stanley Tactical Value, Forgepoint Capital, HSCM Bermuda, MTech Capital, individuals from Stone Point Capital and Scott G. Stephenson. For more information, please visit www.cybcube.com or email info@cybcube.com. Focusing exclusively on risk management and insurance professional development, the Risk & Insurance Education Alliance provides a practical advantage at every career stage, positioning our participants and their clients for confidence and success.
In this episode of Friday Fiduciary Five, Eric Dyson talks about a common and easily fixable cybersecurity risk in retirement plans: participants who have not set up user IDs and passwords for their accounts. This oversight is the most frequent cause of cyber breaches, not the fault of plan sponsors or record keepers. Eric shares an anecdote about an employee discovering unauthorized 401(k) loan deductions, highlighting the importance of security measures like user IDs, passwords, and two-factor authentication. He urges plan sponsors and advisors to communicate the necessity of these security steps to participants to prevent cyber breaches.Connect with Eric Dyson: Website: https://90northllc.com/Phone: 940-248-4800Email: contact@90northllc.com LinkedIn: https://www.linkedin.com/in/401kguy/ The information contained herein is general in nature and is provided solely for educational and informational purposes.It is not intended to provide a specific recommendation of any type of product or service discussed in this presentation or to provide any warranties, financial advice, or legal advice.The specific facts and circumstances of all qualified plans can vary, and the information contained in this podcast may or may not apply to your individual circumstances or to your plan or client plan's specific circumstances.
In this special episode of The Lawyers Weekly Show, produced in partnership with Cybertify, we unpack why legal practices are increasingly such attractive targets for cyber criminals, the ways they get past defences, and what firms can do to ensure that the “doors are locked”. Host Jerome Doraisamy speaks with William Welch, the principal solutions architect for the legal sector and AI security at Cybertify, about who the company is and the work he does, why the risks inherent with cyber security are so much more prominent for Australian law firms at present, why every business is a potential target, the need for “locked doors”, why law firm owners aren't fully across the dangers, and the lessons and takeaways from recent breaches in the legal space. Welch also delves into what BigLaw practices need to be doing right now, ensuring systems are talking to each other properly and having the right point people, what SMEs must be doing at present, the questions those smaller firms need to be asking, overcoming concerns about being time-poor, understanding the changing landscape, and how best Cybertify can help. To learn more about Cybertify, click here.
In our latest Mishcon Academy: Digital Sessions podcast, Joe Hancock, Partner in Cyber Risk and Complex Investigations at Mishcon de Reya, is joined by Emeric Bernard-Jones, Intelligence Manager in the same team. They discuss cybercrime and digital investigations - and covering issues from cyber-enabled fraud and blackmail to the real-world impact of online exposure and how threats are reshaping what it means to be safe online.They discussed:Why are cyber incidents — from hacks to hoaxes — becoming more frequent?How is the privacy and security landscape shifting for individuals as well as businesses?And what's the human cost for directors, staff, and high-profile individuals when things go wrong?
Come listen to John Riggi and Scott Gee, the American Hospital Association's National Advisor and Deputy National Advisor for Cybersecurity and Risk, give their thoughts on what risk professionals needs to know about cybersecurity and how risk professionals can help protect their organization before a cyber-attack occurs.
Jonathan Trull is the Chief Security Officer at Qualys. In this episode, he speaks to Cybercrime Magazine from Black Hat 2025, where the company left the conference with two Pwnie Awards, which celebrate groundbreaking achievements in cybersecurity. Listen to hear his thoughts on navigating cyber risk, including fighting today's threat actors and more. • For more on cybersecurity, visit us at https://cybersecurityventures.com
Recorded live at Black Hat 2025, this episode takes you straight to the frontlines of cybersecurity innovation. Host, Raghu Nandakumara first sits down with Bennett Moe, a cartographer turned N2K CyberWire VP, reveals how mapping skills can turn massive data into actionable cyber insights and why fundamentals still matter in an AI-driven world. Then, Jim Reavis, CEO of the Cloud Security Alliance and ISSA Hall of Famer, shares his urgent warning on cloud risks, the impact of generative AI, and why security leaders must rethink old playbooks.We discussed:How cartography principles help prioritize and visualize cybersecurity data The evolution of AI in security and where it's moving beyond buzzwords Why fundamentals like security hygiene and the right people in the right roles are still critical Systemic risks in cloud environments and why old security playbooks may no longer suffice How security leaders can become their company's most informed voices on AI The importance of actionable insights over overwhelming data for decision-makingThe role of cloud as a foundation for AI innovations like ChatGPT Distinguishing between securing AI and defending against AI-powered attacks How continuous learning, communication, and community collaboration are essential in cybersecurity The CSA's mission and legacy as a navigator for the cybersecurity community Stay Connected with our host, Raghu on LinkedInFor more information about Illumio, check out our website at illumio.com
How does one crypto transaction spiral into a $1.5 billion cybercrime? The Bybit heist.This wasn't just the largest crypto theft in history—it was a criminal feat of deception that exposed how even sophisticated systems can be breached when fraud, cybersecurity, and human oversight don't align. In this episode, we are excited to welcome returning guest Geoff White, investigative journalist and creator of The Lazarus Heist podcast, to join host, Alex Pillow, in examining one of the most audacious crypto thefts to-date. How did hackers executed the largest crypto theft in history while making operations seem normal from the inside?Tactics used in the heist and the broader implications of money laundering in the crypto space The impact of remote work on verifying employee legitimacy and protecting organizational value What the aftermath of money laundering looks like for victims—can stolen crypto ever be recovered? How companies can map where value resides across departments—and identify weak links before attackers do For more information, check out the resources below: Cyber Siege: From Russia to RedcarThe Lazarus Heist podcastTo learn more about Moody's, please visit our website or get in touch—we would love to hear from you.
Cosmic Building, a construction technology company, uses AI-driven end-to-end software to run mobile robotic microfactories. At the heart of its newest microfactory in Pacific Palisades are ABB's IRB 6710 robots and RobotStudio digital twin software. Both of which are integrated into Cosmic's Workstation Cell and AI-driven Building Information Model (BIM). #ai #california #wildfire #losangeles #robot #fire
Today, we're going to go deeper into the world of cyber attacks than we have ever done before. We'll be looking at the insurance claims that they produce as well as the longer-term consequences for their victims Often as journalists covering cyber insurance we focus on the big hacks, the headline numbers, and gloss over the detail of the personal stories and the real hard yards that have to be run to recover from an attack and the potential long-term consequences for a business, its directors, its customers and all other stakeholders. As the immediate damage and business interruption triggers potential regulatory, statutory and other serious third-party consequences, these hard yards often have to be run down multiple different paths simultaneously. The in-depth interviews that follow will deepen your understanding of the more complex and long-tail nature of this peril. I'd like to put you right in the room in the shoes of the Directors of a company as an attack unfolds. We're going behind the scenes to uncover what it's really like when a business becomes the target of a digital assault, from the immediate shock to the long-term repercussions that are often ignored by boards. We're also going to go into detail on how the nature of the cyber threat and the tactics of cyber criminals are evolving. To help me in this task my guests are: Magnus Jelen, (pictured top) Director of Incident Response EMEA for Coveware, a firm that helps victims of cyber extortion recover their data; and three senior executives at Beazley: Raf Sanchez (pictured 2nd from top), Beazley's Head of Cyber Services, Cyber Risks. Melissa Collins, (pictured 2nd from bottom) Head of Third Party Cyber & Tech Claims, and Wayne Imrie, (pictured bottom) Head of London Market Wholesale Executive Risks. Magnus and Raf are right on the front line, dealing with the immediate consequences of a hack. Magnus even deals with the hackers themselves. Melissa deals with the external insurance claims that result and Wayne is a Directors and Officers (D&O) specialist who has a deep understanding of how the D&O and Cyber insurance products interact. LINKS: As promised, here is the link to Beazley's latest Risk and Resilience Survey Spotlight on Tech Transformation & Cyber Risk 2025: https://www.beazley.com/en-001/news-and-events/spotlight-on-tech-transformation-cyber-risk-2025/
In today's digital world, artificial intelligence, data storage and cybersecurity are a critical triumvirate, intersecting to form a dynamic ecosystem that underpins modern technological infrastructure. They are strategic pillars that drive innovation, operational efficiency and risk management. Thus their interaction and integration is key to building resilient and secure digital systems capable of supporting the demands of our digitally dependent future. In this episode Charlie Giancarlo, CEO, Pure Storage discusses how important it is for an organisation where your data is, and how to correctly, safely and securely store it ready for our AI future. Nicole Carignan, SVP of Security and AI Strategy at Darktrace and Anthony Ferrante, Global Head of Cybersecurity at FTI Consulting, further extol why data is the backbone of AI, the importance of securing your data, as well as the vulnerabilites organisations face in a modern digitial world.Sources: FT Resources, WEF, PWC, Allianz, National Cyber Security Centre, McKinsey, UK GovThis content is paid for by Pure Storage and is produced in partnership with the Financial Times' Commercial Department. Hosted on Acast. See acast.com/privacy for more information.
Podcast: Industrial Cybersecurity InsiderEpisode: Plant-Level Cyber Risk: Who's Actually Responsible?Pub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle one of the most overlooked threats in cybersecurity: the number of industrial vendors and system integrators in manufacturing environments. The conversation addresses the relationship and communication gap between IT and the teams responsible for designing and supporting industrial control systems. They emphasize the need for improved governance, enhanced vendor accountability, and clear ownership of cyber risk. Whether you're a CISO, CIO, or VP of Engineering, this episode offers actionable insight into bridging the IT/OT divide, securing plant floors, and building a cybersecurity strategy that works at the edge of your business.Chapters:00:00:00 - Kicking Off: Why Transparency in Cyber Matters00:00:43 - Who's Talking? Meet Craig & Dino00:01:05 - The Big Question: What's IT's Role in Industrial Security?00:01:35 - When Too Many Vendors = Chaos00:02:37 - How to Actually Secure OT Environments00:03:46 - Choosing the Right Partners (and Asking the Right Questions)00:12:37 - Why Cyber Teams Need Plant Floor Time00:14:24 - Getting Smarter: Use External Experts & Vendor Summits00:18:22 - IT Meets OT: Closing the Culture Gap00:30:03 - What Now? Practical Next Steps for CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
This week, we are pleased to be joined by George Glass, Associate Managing Director of Kroll's Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual audience survey before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are pleased to be joined by George Glass, Associate Managing Director of Kroll's Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual audience survey before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of On Aon, our cyber experts explore the escalating scale and complexity of cyber threats, from AI-driven attacks to systemic third-party risks. Hosted by Nancy Eaves, product leader for Cyber Solutions, and featuring insights from Brent Rieth, global cyber leader, and David Molony, EMEA head of cyber solutions, the conversation explores the evolving regulatory landscape, the strategic use of cyber insurance and the critical role of executive engagement in managing cyber risk. Key Takeaways:Threat actors are using AI to scale attacks like phishing and ransomware, while organizations are deploying AI to improve detection, response and risk quantification. Cybersecurity has become a board-level priority, with executives embedding it into enterprise risk management due to its material impact. Global regulatory developments are encouraging greater transparency in cyber incident reporting, reducing reputational stigma and enhancing collective defense. Despite rising claims, cyber insurance pricing has declined thanks to market maturity, improved risk modeling and diversified underwriting strategies.Experts in this episode:Nancy Eaves — Product Leader, Cyber Solutions, Aon (Host)Brent Rieth — Global Cyber Leader, Cyber Solutions, AonDavid Molony — Head of Cyber Solutions EMEA, Aon Key moments:(0:55) The increase in frequency of reported cyber incidents, including AI-driven threats, ransomware and cloud and identity-based intrusions. (3:50) The reputational impact of cyber incidents on organizations. (13:30) The factors contributing to the buyer-friendly market for cyber insurance Additional Resources:2025 Global Cyber Risk Report Soundbites:David Molony: “Ultimately, we are seeing threat actors leveraging generative AI to create highly personalized phishing campaigns and deepfake content, making social engineering more effective.” Brent Rieth: “I'd add it's important to continue to drive a holistic approach to navigating cyber risk. It's incredibly complex. It can't be managed in isolation by any individual stakeholder.”
Quantifying cyber risk is now a necessity for businesses navigating the evolving threat landscape. In this episode of the Risk Management Show, we discussed why quantifying cyber risk is the new imperative for businesses. Our guest, Asdrúbal Pichardo, CEO of Squalify—a cyber risk quantification platform backed by Munich Reinsurance—shares how their top-down approach to cyber risk quantification is transforming the way companies prioritize cybersecurity investments and communicate with boards. We explored real-world examples, common pitfalls in cybersecurity investment, and how benchmarking cyber posture can elevate your strategy. If you're a Chief Risk Officer, CISO, or CFO looking to align strategies and speak the same language about cyber security and risk management, this episode provides the insights you need. Plus, learn about Squalify's CRQ readiness assessment tool and how it supports organizations in making informed decisions. Please check the Squalify's CRQ Readiness Assessment https://squalify.fillout.com/t/5dGf2f8tmcus If you want to be our guest or suggest a guest, send your email to info@globalriskconsult.com with the subject line "Guest Proposal."
Software enables our way of life, but market forces have sidelined security concerns leaving systems vulnerable to attack. Fixing this problem will require the software industry to develop an initial standard for creating software that is secure by design. These are the findings of a recently released paper coauthored by Greg Touhill, director of the Software Engineering Institute (SEI) CERT Division. In this latest SEI podcast, Touhill and Matthew Butkovic, director of Cyber Risk and Resilience at CERT, discuss the paper including its recommendations for making software secure by design.
What do tariffs, AI adoption, and digital readiness have in common? They're all reshaping the future of wholesale distribution.In this episode of Around the Horn in Wholesale Distribution, hosts Kevin Brown and Tom Burton unpack the forces shaping the industry from rising cybersecurity threats to the real reason distributors aren't seeing results from generative AI tools.This episode blends actionable economic insights with digital transformation strategy and is a must-listen for Revenue Leaders in Distribution preparing for what's next.What You'll Learn:Why small interest rate changes have massive implications for national debt and distributor marginsThe hidden danger of weak cybersecurity hygiene in mid-size distributorsWhat's actually holding companies back from successful AI implementation (hint: it's not the tools)How Smart CRM and Sales Co-Pilot platforms help future-proof sales organizationsWhy Collaborative Planning & Forecasting (CPFR) is a strategic advantage in uncertain timesEpisode Highlights:05:20 – What the Fed's hesitation on rate cuts means for distributors12:45 – How tariffs are being used as economic leverage, not just punishment22:10 – Why reshoring is gaining momentum in wholesale distribution35:08 – The untold reasons AI is stalling in sales organizations45:50 – How today's B2B buyers behave before they ever speak to sales57:30 – Aligning AI tools with workflow clarity and CRM data hygiene01:08:15 – Cybersecurity risks for mid-size distributors: real threats and blind spots01:17:40 – Future-proofing your strategy with AI, succession readiness & smarter sales planning
Banking on Fraudology is part of the Fraudology Podcast Network.In this illuminating episode of Banking on Fraudology, host Hailey Windham sits down with Bryan Watkinson, a risk management expert from Affinity Federal Credit Union. Bryan shares his wealth of experience in operational risk, fraud prevention, and the emerging field of cannabis banking. The conversation kicks off with a look at Bryan's popular "Fraud Friday" social media posts, which break down complex fraud threats in an accessible way. Bryan reveals how these posts have become a rallying cry for other departments to embrace risk education.The discussion then dives into the challenges of managing multiple risk verticals in a mid-sized credit union. Bryan offers invaluable insights on prioritizing threats, from cybersecurity concerns stemming from global conflicts to the day-to-day battles against check fraud and account takeovers. He emphasizes the importance of staying vigilant without overreacting, sharing strategies for keeping teams at a steady "level 4 or 5" of alertness. One of the episode's highlights is Bryan's candid take on cannabis banking, detailing how Affinity navigated this complex new terrain.Listeners will come away with practical advice on making risk relatable across an organization, fostering transparency, and building a strong risk culture. Bryan's approach of "showing up" to branches with donuts and real conversations exemplifies his philosophy of hands-on leadership. Whether you're a seasoned risk professional or new to the field, this episode offers a masterclass in balancing vigilance with approachability. Don't miss Bryan's parting words on the power of networking and continuous learning in the fight against fraud. Tune in to gain insights that will elevate your risk management game and protect your institution.Bryan WatkinsonAbout Hailey Windham:As a 2023 CU Rockstar Recipient, Hailey Windham, CFCS (Certified Financial Crimes Specialist) demonstrated unbounding passion for educating her community, organization and credit union membership on scams in the market and best practices to avoid them. She has implemented several programs within her previous organizations that aim at holistically learning about how to prevent and detect fraud targeted at membership and employees. Windham's initiatives to build strong relationships and partnerships throughout the credit union community and industry experts have led to countless success stories. Her applied knowledge of payments system programs combined with her experience in fraud investigations offers practical concepts that are transferable, no matter the organization's size. Connect with Hailey on LinkedIn: https://www.linkedin.com/in/hailey-windham/
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• The GRIP is one year old and to celebrate, we're running an anniversary sale!!• Join the GRIP in July and use promo code HOTJULY2025 to receive a 20% discount!• (TLP:CLEAR) Hostile Nation States Employing Non-State Actors• Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity• ‘Suspended animation': US government upheaval has frayed partnerships with critical infrastructure• Short-term extension of expiring cyber information-sharing law could be on the table• Gate 15 is excited to offer a low-cost ransomware resilience exercise for executives! Contact us today for more information on this great opportunity!Main Topics:Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. CISA, the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors. Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk. At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. Beazley Report: U.S. Executives Misjudge Their Cyber Preparedness. U.S.-based executives feel more prepared to counter cyber threats, potentially indicating a false sense of security because many companies lack the ability to be adequately preparedness, according to a new report from specialist insurer Beazley. According to the report, Spotlight on Tech Transformation & Cyber Risk 2025, the perception of cyber resilience rose to 81% from 73% a year ago. Hostile Events:• A violent ambush in Idaho leaves 2 firefighters dead and 1 injured. What to know about the attack• Suspect Identified in Deadly Ambush of Idaho Firefighters• Chilling ‘coincidence' of Idaho shooting sends internet sleuths into overdrive• Gunman started Idaho blaze and then fatally shot 2 firefighters in ambush attack, officials say• Here's a timeline of how the Canfield Mountain ambush shooting unfolded• Multiple firefighters reportedly shot while responding to fire near Coeur d'Alene• Europol: New report - major developments and trends on terrorism in Europe in 2024Quick Hits:• Canadian Centre for Cyber Security - Vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2025-5349, CVE-2025-5777 and CVE-2025-6543 • Over 1,200 Citrix servers unpatched against critical auth bypass flaw• The State of Ransomware 2025• Scattered Spider hackers shift focus to aviation, transportation firms • Scattered Spider's Calculated Path from CFO to Compromise • M&S fashion rivals ‘benefited from its pause on online orders after cyber-attack' • Ransomware attack contributed to patient's death• Canada orders Chinese CCTV biz Hikvision to quit the country ASAP• FBI PSA - Criminals Posing as Legitimate Health Insurers and Fraud Investigators to Commit Health Care Fraud• 50 Customers of French Bank Hit by Insider SIM Swap Scam; An intern at Société Générale is believed to have facilitated the theft of more than EUR1mn (USD1.15mn) from the bank's customers.• State of CPS Security 2025: Building Management System Exposures • H1 2025 Crypto Hacks and Exploits: A New Record Amid Evolving Threats
Cyber threats are not static—and HITRUST knows assurance can't be either. That's why HITRUST's Michael Moore is leading efforts to ensure the HITRUST framework evolves in step with the threat environment, business needs, and the technologies teams are using to respond.In this episode, Moore outlines how the HITRUST Cyber Threat Adaptive (CTA) program transforms traditional assessment models into something far more dynamic. Instead of relying on outdated frameworks or conducting audits that only capture a point-in-time view, HITRUST is using real-time threat intelligence, breach data, and frameworks like MITRE ATT&CK and MITRE ATLAS to continuously evaluate and update its assessment requirements.The E1 and I1 assessments—designed for organizations at different points in their security maturity—serve as flexible baselines that shift with current risk. Moore explains that by leveraging CTA, HITRUST can add or update controls in response to rising attack patterns, such as the resurgence of phishing or the emergence of AI-driven exploits. These updates are informed by a broad ecosystem of signals, including insurance claims data and AI-parsed breach reports, offering both frequency and impact context.One of the key advantages Moore highlights is the ability for security teams to benefit from these updates without having to conduct their own exhaustive analysis. As Moore puts it, “You get it by proxy of using our frameworks.” In addition to streamlining how teams manage and demonstrate compliance, the evolving assessments also support conversations with business leaders and boards—giving them visibility into how well the organization is prepared for the threats that matter most right now.HITRUST is also planning to bring more of this intelligence into its assessment platform and reports, including showing how individual assessments align with the top threats at the time of certification. This not only strengthens third-party assurance but also enables more confident internal decision-making—whether that's about improving phishing defenses or updating incident response playbooks.From AI-enabled moderation of threats to proactive regulatory mapping, HITRUST is building the connective tissue between risk intelligence and real-world action.Note: This story contains promotional content. Learn more.Guest: Michael Moore, Senior Manager, Digital Innovation at HITRUST | On LinkedIn: https://www.linkedin.com/in/mhmoore04/Hosts:Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | https://www.seanmartin.com/Marco Ciappelli, Co-Founder at ITSPmagazine and Host of Redefining Society Podcast & Audio Signals Podcast | https://www.marcociappelli.com/______________________Keywords: sean martin, marco ciappelli, michael moore, hitrust, cybersecurity, threat intelligence, risk management, compliance, assurance, ai security, brand story, brand marketing, marketing podcast, brand story podcast______________________ResourcesVisit the HITRUST Website to learn more: https://itspm.ag/itsphitwebLearn more and catch more stories from HITRUST on ITSPmagazine: https://www.itspmagazine.com/directory/hitrustLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
The Risk Intel podcast welcomed back Josh Magri, CEO of the Cyber Risk Institute (CRI), for a timely Part 2 conversation focused on the evolving cybersecurity regulatory landscape and what it means for community financial institutions. As the FFIEC Cybersecurity Assessment Tool (CAT) is scheduled to sunset on August 31, 2025, Josh offers a roadmap on how financial institutions can move forward and how their CRI Profile offers a strategic, scalable alternative that's gaining traction with regulators and institutions alike. Follow us to stay in the know!
What if everything we've been doing in cybersecurity awareness training is not just outdated — but harmful?In this episode of Reimagining Cyber, Rob Aragao, Chief Security Strategist at OpenText, talks with Craig Taylor, co-founder and CISO at CyberHoot, who makes a bold claim: punishment-based training is not only ineffective — it's counterproductive. Drawing from his background in psychology and years of cybersecurity leadership, Craig explains why we need to ditch outdated tactics and embrace positive reinforcement to reduce human risk.From the failure of fake phishing tests to real-world results from forward-thinking organizations, Craig reveals a smarter, more human-centered way to train. If you're tired of scare tactics and want a strategy that actually builds cyber resilience, this episode is your wake-up call.Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.
The cybersecurity landscape is changing fast. And for financial institutions, one of the biggest shifts on the horizon is the sunsetting of the FFIEC Cybersecurity Assessment Tool (CAT) in August 2025. In this episode of the Risk Intel podcast, Josh Magri, President and CEO of the Cyber Risk Institute (CRI), joined host Edward Vincent to unpack what this means for banks, credit unions, and other financial players.From emerging threats powered by AI to the evolving regulatory frameworks shaping cybersecurity governance, Josh's insights are a must-hear. Listen to the full episode here!Follow us to stay in the know!
AI-powered cyber-attacks are reshaping the threat landscape, driving new risks and challenges for organizations worldwide. CJ Dietzman, Alliant Cyber, welcomes Daniel Tobok, CEO of Cypfer, to break down the latest cyber trends from Q1 2025 and predictions for the future. They discuss the rise of generative AI in attacks, the ongoing ransomware threat and the increasing role of third-party vendors in breaches. Daniel also offers practical advice on boosting cyber awareness, protecting critical data and preparing incident response plans to stay ahead in this evolving environment.
High net worth individuals often carry public profiles that make them uniquely vulnerable to cyber threats. From executives and celebrities to board members and influencers, their visibility—and the … Read More » The post Why High Net Worth Clients Face Great Cyber Risk appeared first on Insurance Journal TV.
High net worth individuals often carry public profiles that make them uniquely vulnerable to cyber threats. From executives and celebrities to board members and influencers, their visibility—and the … Read More » The post Why High Net Worth Clients Face Great Cyber Risk appeared first on Insurance Journal TV.
In today's episode Lucian Niemeyer, CEO of Building Cybersecurity, joins Stacey Shepard, the President of Shepard Global Strategies to explore how IFMA's new partnership with BCS is helping facility managers better understand and manage cyber risks. Together they discuss Lcuian's background at the United States Department of Defense to developing a 16-step cybersecurity framework that is available for free for facility managers. They highlight how training, collaboration, and proactive strategies are reshaping cyber safety in the built environment to drive safer, smarter facility management practices.This episode is sponsored by ABM! Learn more about ABM here. Connect with Us:LinkedIn: https://www.linkedin.com/company/ifmaFacebook: https://www.facebook.com/InternationalFacilityManagementAssociation/Twitter: https://twitter.com/IFMAInstagram: https://www.instagram.com/ifma_hq/YouTube: https://youtube.com/ifmaglobalVisit us at https://ifma.org
In this episode, ISACA's Lisa Cook engages with Yakir Golan, Executive Officer (CEO) and Co-Founder of Kovrr, to explore the critical role of Cyberrisk Quantification (CRQ) in enhancing organizational financial resilience. They discuss how CRQ solutions provide objective assessments of an organization's cybersecurity posture, enabling leaders to make informed decisions that align risk mitigation strategies with business objectives. The conversation also highlights the importance of translating cyberrisk exposure into monetary terms to facilitate high-level discussions and protect shareholder confidence. Listen & Subscribe Catch this episode—and more—on the ISACA Podcast Library: https://www.isaca.org/resources/news-and-trends/isaca-podcast-library or on your favorite podcast platform.
What if the biggest threat to your cyber claims portfolio isn't ransomware—but a spreadsheet buried in someone's inbox?In this episode, host Anthony Hess chats with John Spiehs, Head of Claims at Converge, about what's shifting in the cyber claims space—and what insurance professionals should have on their radar.John breaks down how Converge is leading efforts to simplify Business Interruption (BI) claims with a cleaner, more intuitive, top-down approach. He also digs into the growing exposure around data privacy, where even small incidents can trigger costly class actions. Finally, he explains what's getting lost as the market softens, why vendor relationships matter more than price tags, and the kind of talent today's claims teams really need.You'll learn:1. Why BI claims are evolving, and how Converge is simplifying the process2. Why data privacy and class actions are emerging as cyber's new frontier3. Why soft market dynamics threaten underwriting discipline4. How poor email habits can explode breach costs overnight5. What defines a strong vendor partnership, beyond cut-rate solutions___________Get in touch with John Spiehs on LinkedIn: https://www.linkedin.com/in/john-s-b981337/___________About the host Anthony Hess:Anthony is passionate about cyber insurance. He is the CEO of Asceris, which supports clients to respond to cyber incidents quickly and effectively. Originally from the US, Anthony now lives in Europe with his wife and two children.Get in touch with Anthony on LinkedIn: https://www.linkedin.com/in/anthonyhess/ or email: ahess@asceris.com.___________Thanks to our friends at SAWOO for producing this episode with us!
This episode features risk management leader Tracey Swift, Editor-in-Chief of a new publication, HigherEdRisk. Previously, Tracey was Executive Director of Risk Management at Arizona State University, where she led the university's risk management and insurance functions. In this episode we explore the differences between academia and corporations in managing privacy, cybersecurity, and AI risks, the role of the board of trustees and university leadership, and the challenges associated with open networks, collaborative research, shadow IT, and resource pressures. AI has opened up new opportunities and challenges and academia has been one of the first to feel its impact, making higher education more advanced in AI governance than many private sector organizations. Tracey shares her thoughts on the role of insurance in higher ed risk management and the importance of cross-organizational teams in addressing privacy, cybersecurity, and AI risk management.
Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon. If you could eliminate or redefine one overused term, which would it be and why? How does this overloaded language specifically hinder effective communication and action in the region? The Mandiant Attack Lifecycle is a well-known model. How has your experience in the East Asia region challenged or refined this model? Are there unique attack patterns or actor behaviors that necessitate adjustments? Two years post-acquisition, what's been the most surprising or unexpected benefit of the Google-Mandiant combination? M-Trends data provides valuable insights, particularly regarding dwell time. Considering the Asia Pacific region, what are the most significant factors reducing dwell time, and how do these trends differ from global averages? Given your expertise in Asia Pacific, can you share an observation about a threat actor's behavior that is often overlooked in broader cybersecurity discussions? Looking ahead, what's the single biggest cybersecurity challenge you foresee for organizations in the Asia Pacific region over the next five years, and what proactive steps should they be taking now to prepare? Resources: EP177 Cloud Incident Confessions: Top 5 Mistakes Leading to Breaches from Mandiant EP156 Living Off the Land and Attacking Critical Infrastructure: Mandiant Incident Deep Dive EP191 Why Aren't More Defenders Winning? Defender's Advantage and How to Gain it!
