Podcasts about data breach investigations report

Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405

Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405

Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Show Notes: https://securityweekly.com/esw-405

In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir Show Notes: https://securityweekly.com/esw-404

Qasim Ijaz Qasim Ijaz is the director of cybersecurity at a leading healthcare organization, overseeing detection, incident response, vulnerability management, purple teaming, and cybersecurity engineering. With a strong background in offensive security and risk management, he has helped organizations strengthen their defenses against evolving threats. He is also a dedicated educator, mentoring professionals and sharing his expertise at conferences such as BSides and Black Hat. You don't need to go far in the news these days to find out that another organization was hacked. Data breeches are a nightmare scenario for both leaders and the people they support. In this episode, Qasim and I explore what your team and you can do to be a bit more prepared. Key Points Use multi-factor authentication, passphrases, and a password manager. Freeze your personal credit reports. Do this for free directly with Experian, Equifax, and TransUnion. Leaders in bigger roles (executives, CEOs, board members) are larger targets for hackers due to their access and also their ability to occasionally side-step organizational guidelines. It's the non-technical pieces of a cyber response that organizations are least prepared for. Conduct incident response and disaster recovery tabletop exercises to uncover vulnerabilities before an attack. Regardless of organizational policy, employees will use AI. The best prevention assumes the inevitability of human behavior and works with it to improve systems. Resources Mentioned Recommended password managers: 1Password, Apple password app, Proton Pass Critical Security Controls by the Center for Internet Security Resources for Small and Medium Businesses by the Cybersecurity & Infrastructure Security Agency 2024 Data Breach Investigations Report by Verizon Business Related Episodes Dumb Things Smart People Do With Money, with Jill Schlesinger (episode 396) Where to Start When Inheriting a Team in Crisis, with Lynn Perry Wooten (episode 603) How to Use AI to Think Better, with José Antonio Bowen (episode 689) Discover More Activate your free membership for full access to the entire library of interviews since 2011, searchable by topic. To accelerate your learning, uncover more inside Coaching for Leaders Plus.

In this episode of Power Producers Podcast, David Carothers is joined by Ryan Smith, founder of RLS Consulting, to discuss the evolving world of cybersecurity and how insurance professionals can better navigate this complex space. Drawing on Ryan's extensive experience, they delve into actionable strategies for producers to engage clients on cyber risk, overcome objections, and build meaningful solutions that go beyond the policy. Key Points: The Intersection of Cybersecurity and Insurance Ryan highlights how cybersecurity and cyber liability are complementary solutions addressing the same problem: mitigating and transferring cyber risk. Understanding both perspectives helps producers connect the dots and provide more value to clients. Education Over Fear The conversation emphasizes the importance of educating clients about their cyber risks without resorting to fear-based selling. Producers are encouraged to focus on business impacts rather than technical vulnerabilities, fostering a consultative approach. Assessing Risk and Incident Preparedness Ryan shares insights on helping clients assess their cyber risks and prepare for incidents. He stresses the importance of asking key questions about incident response plans, compliance requirements, and the company's readiness for cyber threats. Shifting Client Mindsets The discussion tackles common objections, such as overconfidence in IT departments or the belief that “it won't happen to us.” Ryan suggests producers approach these scenarios with empathy and education, aligning solutions with clients' business priorities. Valuable Resources for Producers Ryan points to trusted industry reports, such as Verizon's Data Breach Investigations Report and IBM's Cost of a Data Breach Report, as tools to support client conversations and reinforce the importance of proactive cyber risk management. Connect with: David Carothers LinkedIn Ryan L. Smith LinkedIn Kyle Houck LinkedIn Visit Websites: Power Producer Base Camp RLS Consulting Killing Commercial Crushing Content Power Producers Podcast Policytee The Dirty 130 The Extra 2 Minutes

Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"

Ivanti's Robert Waters (Lead PMM, Exposure Management) is back with Chris Goettl (VP of Product, Patch Management) for the last of our three episodes covering Verizon's 2024 Data Breach Investigations Report, covering the third-most popular attack vector in breaches today: exploit vulnerabilities. And while they may be #3 in prevalence, they're #1 in Chris and Robert's hearts.To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a follow-up on Verizon's 2024 Data Breach Investigations Report, discussing the two main attack vectors used in most breaches -- phishing and credential attacks -- and how your organization should go about defending itself.  To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from a listener, who writes in on an AirBnB debacle he was dealing with. Joe shares the newly released 2024 Data Breach Investigations Report from Verizon. Dave shares a story From the New York Magazine, written by Ezra Marcus, on a college sophomore from University of Miami who was found to be tangled up in a refund fraud scam that granted him a lavish lifestyle. Our catch of the day comes from Joe's mother this week. She happened to receive an email with the subject line being "your order is confirmed," coming from what looks to be "McAfee." Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: The Package King of Miami 2024 Data Breach Investigations Report You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)

In episode 330 Tom, Scott, and Kevin discuss the new features for iPhones and Android phones designed to warn users about secret trackers, possibly aiding in identifying stalkers. The hosts discuss Apple and Google's collaboration on a technology called DOLT (Detecting Unwanted Location Trackers), aiming to improve user privacy by detecting Bluetooth trackers like Tiles […] The post New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report appeared first on Shared Security Podcast.

On this episode of The Cybersecurity Defenders Podcast we take a close look at the 2024 Verizon Data Breach Investigations Report.The Verizon 2024 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of the current cybersecurity landscape, highlighting significant trends and emerging threats. This year's report, the 17th edition, examines 30,458 security incidents and 10,626 confirmed breaches, marking a two-fold increase from the previous year. A key finding is the dramatic surge in vulnerability exploitation, which nearly tripled, driven by attacks on unpatched systems and zero-day vulnerabilities. Ransomware and extortion continue to be major threats, comprising 32% of breaches, with a notable rise in pure extortion attacks where data is stolen but not encrypted​​.The report also emphasizes the human element in cybersecurity breaches, with human errors contributing to 68% of incidents. Phishing remains a critical issue, with median times to click on malicious links and submit data being alarmingly short. Despite this, there is an encouraging increase in phishing awareness among users. Additionally, the report underscores the growing complexity of supply chain attacks, highlighting the vulnerabilities in third-party code and services. Interestingly, the impact of generative AI in cyberattacks remains minimal, with most uses being experimental rather than operational. The DBIR concludes with a call for improved vulnerability management and continued focus on human-centric security measures​.You can download the full report here.

Talking Cyber is a Cybercrime Magazine podcast series that covers the latest news and breaking stories on the cybereconomy, hackers, intrusions, privacy, security and much more. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss Verizon's 2024 Data Breach Investigations Report and break down some of the key findings. To learn more about today's stories, visit cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com

In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering. The episode touches on various cybersecurity measures, the omnipresence of multi-factor authentication (MFA) as a necessity rather than a best practice, and the surge in denial-of-service (DDoS) attacks. Hardy also discusses generative AI's role in enhancing social engineering attacks and the potential impact of deepfake content on elections and corporate reputations. Listeners are encouraged to download the DBIR for a deeper dive into its findings. Transcripts: https://docs.google.com/document/d/1HYHukTHr6uL6khGncR_YUJVOhikedjSE  Chapters 00:00 Welcome to CISO Tradecraft 00:35 Celebrating Milestones and Offering Services 01:39 Diving into the Verizon Data Breach Investigations Report 04:22 Top Attack Methods: VPNs and Desktop Sharing Software Vulnerabilities 09:24 The Rise of Phishing and Credential Theft 19:43 Advanced Threats: Deepfakes and Generative AI 23:23 Closing Thoughts and Recommendations

Send us a Text Message.In this episode, Spencer and Brad discuss the highly respected 2024 Verizon Data Breach Investigations Report (DBIR), a data-driven analysis of cyberattacks and data breaches from around the world. Tune in to discover the latest global trends and patterns in cybersecurity, as well as key insights for security professionals and executives. Don't miss out on this essential resource that has been shaping the industry for the past 15 years.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

In this week's Security Sprint, Dave and Andy talked about the following topics. Warm Start: Tribal-ISAC merch!  National Security Memorandum on Critical Infrastructure Security and Resilience.  Biden-Harris Administration Announces New National Security Memorandum to Strengthen U.S. Department of Energy's Role in Ensuring Security and Resilience Across America's Energy Sector Biden signs new memo to boost security of US critical infrastructure White House announces new policy guiding infrastructure protection   Verizon 2024 Data Breach Investigations Report Verizon's 2024 Data Breach Investigations Report: 5 key takeaways Verizon DBIR: Enterprises Know The Pain Of Zero Day Exploits All Too Well Verizon's 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA's KEV Catalog Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find Forescout: Exposing the exploited: Analyzing vulnerabilities that live in the wild   Info Ops Russia is trying to exploit America's divisions over the war in Gaza; The effort includes artificial intelligence, fake social media accounts and a spike in state-sponsored Russian propaganda NewsGuard: Russia-Ukraine Disinformation Tracking Center: 477 Websites Spreading War Disinformation And The Top Myths They Publish Campus Protests Give Russia, China and Iran Fuel to Exploit U.S. Divide; America's adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say.   Hurricane Preparedness. A Proclamation on National Hurricane Preparedness Week, 2024. Oklahoma and Kansas at High Risk of Extreme Storms and Tornadoes Heavy rains ease around Houston but flooding remains after hundreds of rescues and evacuations Dashcam shows tornado obliterate Nebraska building Nebraska tornado survivor recounts mayhem: 'The windows exploded and glass was flying everywhere' Death toll from southern Brazil rainfall rises to 78, many still missing   China & Resilience!  SAVE THE DATE! CISA Hosts CISA Live! – “People's Republic of China Cyber Threats and What We Can Do”. On Wednesday, May 15, we will host our next CISA Live! - “People's Republic of China Cyber Threats and What We Can Do”  Under the Digital Radar: Defending Against People's Republic of China's Nation-State Cyber Threats to America's Small Businesses.   Quick Hits Australian police shoot dead 'radicalized' teen Germany Travel Advisory-Level 2: Exercise Increased Caution-May 1, 2024 Sweden “On Terror Level Four” As Security Is Tightened A Week Before Eurovision Song Contest Bird flu's wild range; Counties where avian flu has been detected in wild mammals since 2022 House Energy and Commerce Committee: What We Learned: Change Healthcare Cyber Attack French cyberwarriors ready to test their defense against hackers and malware during the Olympics The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States FBI Releases 2023 Elder Fraud Report with Tech Support Scams Generating the Most Complaints and Investment Scams Proving the Costliest CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity Communication gaps between IT departments and senior corporate leadership worsening application security risks SBOM Sharing Primer CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities Maersk says Red Sea disruption will cut capacity by 15-20% in second quarter Chinese-Made Surveillance Cameras Are Spreading Across Eastern Europe, Despite Security Concerns Wichita government shuts down systems after ransomware incident    

Guest post by Cillian McCarthy, CEO, Vault365 In an evolving digital landscape, organisations are increasingly vulnerable to cyber risks that threaten their critical data. The acceleration of AI, coupled with the growing sophistication of cyberattacks, means that organisations without an effective backup and disaster recovery plan in place run a heightened risk of their data being compromised. According to PwC's 2024 Digital Trust Insights survey, just 42% of Irish-based respondents said that they understand the cyber risks posed by emerging technologies. Disaster recovery needs to be a core business objective for organisations of all sizes in the digital age, with information including confidential customer data, financial records, and employee data more accessible than ever before. Building blocks for data backup There are key building blocks that all disaster recovery plans should include. Risk assessment is the foundation of any strategy and is vital to understand where the gaps are in order to allocate necessary resources. It can also help to optimise the measures already in place. The cornerstone of an effective plan is secure data backup, and backup efforts should be concentrated on ensuring business continuity in the event of a disaster, and focused on developing contingency plans for the continuity of business operations. However, it's not enough to just have a backup plan in place. Any plan must be laid block-by-block to each organisation's specific needs and tested regularly to ensure maximum effectiveness. Furthermore, communication is key - employees right across the organisation must be aware of the protocols and understand that time is of the essence should a breach occur. Crucially, it's not just external threats that organisations need to protect their data against. Human error is a top cause of cyber breaches and, therefore, employees (whether acting maliciously or otherwise) pose a significant risk to organisational data. In fact, Verizon's recent Data Breach Investigations Report 2023 found that 74% of all security breaches include a human element. This is where cybersecurity awareness training comes into play and can support disaster preparedness. It's crucial that this training is delivered regularly to employees and kept up-to-date as cyber threats continue to evolve. Head in the cloud A backup of your cloud data is now also an indispensable tool for data protection and security in the current business landscape. The cloud is flexible, almost infinitely scalable, and provides seamless accessibility from anywhere (which is particularly important for dispersed workforces). In addition, it enables secure remote data deletion and recovery in the event of a data breach or if a business is concerned about unauthorised access. The cloud can also aid enhanced regulatory compliance for organisations. Recent CSO figures show that in 2023, 42% of Irish enterprises used cloud computing services to store files. Implementing a robust back up and disaster recovery plan isn't a once-off task, but an ongoing process that requires continuous assessment and improvement as business needs evolve. Not only can a successful cyber breach result in data loss or business downtime - it can also cause irreparable financial and reputational damage. Data is the lifeblood of organisations, and this invaluable asset demands robust protection against modern threats. See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about ho...

This is Derek Miller, Speaking on Business. According to Verizon's 2023 Data Breach Investigations Report, 74 percent of all security breaches include a human element. That's why Wasatch Security Awareness was created — to provide cybersecurity training to businesses and their employees. Founder Matt Groves joins us with more. Matt Groves: Your company's employees are both the biggest target and the best defense against a cyber attack. At Wasatch Security Awareness, we are determined to educate your end users to become smarter than the digital threats they will inevitably face. When we work with businesses, we use a simple training process to ensure each organization gets the personalized education they need. First, we collaborate with management to create a human intelligence training plan. We then test employees with a customized “spear phishing” email that mimics techniques used by cybercriminals. Based on the test's results, Wasatch Security Awareness provides customized training to help businesses become more secure. On average, 24 percent of employees click a link inside their first spear fishing test, and 19 percent enter a username and password. But with training and practice, we can help your employees be your company's first defense against cybercriminals. Derek Miller: Whether you're a small, local business or a large corporation, your employees can benefit from cybersecurity training. Visit the Wasatch Security Awareness website for more information. I'm Derek Miller with the Salt Lake Chamber, Speaking on Business. Originally aired: February 20, 2024

Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

In this episode of the Radian On Air podcast, Jeff Engle, assistant vice president of Mortgage Learning for Radian Guaranty, welcomes back Donna Ross, Radian Group's award-winning Chief Information Security Officer. They explore the importance of cybersecurity, especially in light of October being Cybersecurity Awareness Month, including the increasing threats to technology and confidential data, alarming statistics of cybercrime, and offer insights on how individuals and companies can protect themselves against these cyber threats.Key points discussed in this episode include:The significance of Cybersecurity Awareness Month and the role each individual plays in maintaining cybersecurityA look at the current cyber threat landscape The importance of continuous risk assessments, planning and testing due to constantly changing cyber threatsPractical tips on how individuals can protect themselves from credit card theft and identity theft - Download the Job Aid!Radian On Air Podcast: Cybersecurity Awareness Month: Are You Prepared? Radian On Air Podcast: Cybercrime: Trends, Impacts & PreventionResources: Astra ReportDeloitte 2023 Global Future of Cyber SurveyVerizon 2023 Data Breach Investigations Report © 2023 Radian Group Inc. All Rights Reserved.  550 East Swedesford Road, Suite 350, Wayne, PA 19087. Radian Group Inc. and its subsidiaries and affiliates make no express or implied warranty respecting the information presented and assume no responsibility for errors or omissions.   Redistribution or reproduction of all or part of the contents without Radian's prior written consent is expressly prohibited. The content presented is intended to convey general information and is for informational purposes only and does not constitute legal or accounting advice or opinions. Determination of eligibility for a particular program or exemption is made by the relevant authority and not by Radian Group Inc. or its subsidiaries and/or affiliates 

In this episode of the Security Squawk podcast, our cybersecurity team brings you an in-depth analysis of the Verizon data breach report and its far-reaching implications. Join our knowledgeable hosts as they unpack the report's key findings and illuminate the ever-evolving threat landscape. Discover shocking statistics, such as the staggering 83% involvement of external actors in data breaches, emphasizing the pressing need for robust defense measures. Our hosts also delve into the critical role played by the human element in security incidents, with 74% of breaches attributed to human error. Furthermore, we shed light on the importance of safeguarding credentials and the dire need for better password management practices. By sharing valuable insights and practical advice, our podcast equips businesses with the knowledge and strategies to protect themselves against malicious cyber attacks.

This week on Privacy Please, we talk about the overall costs of recovering from a ransomware incident and how they are increasing… "Mitigating these attacks takes time—if the organization even has reliable, tested backups of the systems compromised—and resources. Ransomware is so ubiquitous that it may simply be a threat that we will always have to protect against" Support the show

Dave Johnson of Pearl Technology recaps the Verizon Data Breach Investigations Report (DBIR) on The Greg and Dan Show. Johnson explains the most common types of cyber-threats, the different levels of breaches, and more from the annual Verizon DBIR on cybersecurity information. See omnystudio.com/listener for privacy information.

This episode looks at some of the numbers gathered from 16,000 cybersecurity incidents in the annual Verizon report

Leading authority in cybersecurity. Learn about the key findings from our 16th annual Data Breach Investigations Report and how we're helping our customers. Plus, a special anniversary.

Let's conclude our look at the 2022 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you read the Verizon DBIR report for 2022? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Chris has been a contributing author to the industry-recognized Verizon Data Breach Investigations Report (DBIR) since its inception (2008), a report which provides valuable information for CISOs on current trends and mitigation approaches. Join Chris as he reviews this year's (2022-2023) key trends with Ransomware, COVID-19 Remote Working impacts, threat actors, and risk mitigation. 2022 Data Breach Investigations Report, Verizon. https://www.verizon.com/business/resources/reports/dbir/ This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Follow  Show Notes: https://securityweekly.com/csp90

They stopped building castles with moats and walls when technology made them useless.  Today, our notions of perimeter defense are being negated by technology as well. This time, the network has expanded the number of threat vectors to the point where it is almost impossible to even catalog the endpoints. Because federal networks are being accessed from mobile devices, there is an increased federal focus on enhancing cyber defense.  We don't have to look further than the Office of Management and Budget to see them requiring Zero Trust Architecture.  ZTA's first pillar is identity; identity is increasingly dependent on edge devices like laptops and phones. Facts about cybersecurity are fascinating. Recently, Verizon released its Data Breach Investigations Report, a well-respected study of cyber security concerns.  They state that 62% of breaches were caused by partners to organizations, not from internal threats.  This fact alone is an interesting twist on the concept of the supply chain. Federal information professionals now must worry about external threats on mobile devices of contractors.  During the interview, Tony D'Angelo provides suggestions for increasing Mobile Endpoint Security.  He suggests that humans may be more vulnerable with a phone because we typically drop our guard with something like a text message with a link. Tony D'Angelo turns the table in the middle of the interview – he mentions a tool that is used to attack phones called “Pegasus.”  It can embed on a phone without any user action.  Lookout has become adept at identifying malicious code on phones. So good, they claim they can recognize a zero-day attack before it occurs.

In Plain Sight is a Cybercrime Magazine podcast series brought to you by Conceal. In this episode, host Paul John Spaulding is joined by Steve Morgan, Editor-in-Chief at Cybercrime Magazine, to discuss Verizon's 2022 Data Breach Investigations Report, including vulnerability exploitation, the rise in ransomware, and more. Conceal is a zero-trust network privacy and security company that disguises and protects your enterprise's online presence and privacy. To learn more about our sponsor, visit https://conceal.io

Challenge Accepted is a new podcast from Arctic Wolf that has informative and insightful discussions around the real-world challenges organizations face on their security journey. Hosted by Arctic Wolf's VP of Strategy Ian McShane and Chief Information Security Officer (CISO) Adam Marrè, the duo will draw upon their years of security operations experience to share their thoughts and opinions on issues facing today's security leaders.  In the inaugural episode of Challenge Accepted, our two hosts dig into the findings of the most recent Data Breach Investigations Report from Verizon, discuss key takeaways that security and IT teams should implement, and encourage businesses in need of security advice to talk to a source many may not consider….the F.B.I.

In the leadership and communications section,CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw271

In the leadership and communications section,CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw271

Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.   In the leadership and communications section, CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw271

Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.   In the leadership and communications section, CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw271

This podcast is a discussion about the 2022 Verizon Data Breach Investigations Report and some of our key takeaways. From the Executive Summary of the DBIR: As introduced in the 2018 report, the DBIR provides “a place for security practitioners to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime.” For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years.  Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

Verizon's 2022 Data Breach Investigations Report (DBIR) is out, and Delinea is here to break down the highlights! Delinea CISO Stan Black and Cybersecurity Evangelist, Tony Goulding, discuss which findings are most surprising, actionable, and trending upward in this year's report. Get the experts' advice on how we all can develop smart, data-driven security solutions based on evolving threat actor behavior and incident analysis. Read all about it in Verizon's 2022 Data Breach Investigations Report!   Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn

Every year Verizon publishes the Data Breach Investigation Report (DBIR) that shows the statistical modeling of thousands of company compromises and breaches in the last 12 months. This report provides a quantitatively backed, global view of the current trends and attack patterns of threats in the cyber domain. Join INE's Director of Cybersecurity Content, Jack Reedy, and our Defensive Operations Instructor, Jason Alvarado, as they analyze the report findings, highlight key changes, and forecast the primary focus of business minded CISO's in the world today.

Every year Verizon publishes the Data Breach Investigation Report (DBIR) that shows the statistical modeling of thousands of company compromises and breaches in the last 12 months. This report provides a quantitatively backed, global view of the current trends and attack patterns of threats in the cyber domain. Join INE's Director of Cybersecurity Content, Jack Reedy, and our Defensive Operations Instructor, Jason Alvarado, as they analyze the report findings, highlight key changes, and forecast the primary focus of business minded CISO's in the world today.

The more we learn, the more we know how less we know.In this episode we will cover important takeaways of the recently release Virison Data Breach Investigations Report. There are key points to be mindful of.In addition, we will recap other top trending security news, includingRCE on Microsoft Diagnostic Tool (MSDT)CISA adds more exploited vulnerabilities to the Catalog- https://msrc-blog.microsoft.com: Guidance for CVE-2022-30190 Microsoft-support-diagnostic tool vulnerability- www.verizon.com: Ransomware threat rises: Verizon 2022 Data Breach Investigations Report- www.theregister.com: Verizon: Ransomware sees biggest jump in five years- www.cisa.gov: Known Exploited Vulnerabilities CatalogBe sure to subscribe!If you like the content. Follow me @iayusuf or read my blog at  https://yusufonsecurity.comYou will find a list of all previous episodes in there too.

Digital Shadows CISO Rick Holland hosts this edition of ShadowTalk. Rick is joined by repeat special guest David Thejl-Clayton, Senior Advisor in Cyber Defense at Combitech. They discuss: - Rick and David's thoughts on the 2022 DBIR report (Full disclosure, they are fanboys) - Research that shows how APT groups primarily go after known vulnerabilities and not 0days - David's experience helping customers create their custom version of the DBIR ***Resources from this week's podcast*** Find David on Twitter: https://twitter.com/DCSecuritydk Find David on LinkedIn: https://www.linkedin.com/in/davidclayton454/ 2022 Data Breach Investigations Report: https://www.verizon.com/business/resources/reports/dbir/ Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/ SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TE Software Updates Strategies: a Quantitative Evaluation against Advanced Persistent Threats https://arxiv.org/abs/2205.07759 VSec Community: https://vsec.dk/about/ Checkout the “Roll your own DBIR” Templates on GitHub here: https://github.com/cvpl-fdca/rollyourown-DBIR

Keeping trouble out. All the details on our 2022 Data Breach Investigations Report. Plus, a full news rundown.

[Referências do Episódio] - Verizon's Data Breach Investigations Report - https://www.verizon.com/business/resources/reports/dbir/ - Horizon3 dizendo que reproduziu a exploração da CVE-2022-22972 - https://twitter.com/Horizon3Attack/status/1528935531333177344 - Mais sobre a CVE-2022-22972 - https://www.vmware.com/security/advisories/VMSA-2022-0014.html - Chaos Yashma - https://blogs.blackberry.com/en/2022/05/yashma-ransomware-tracing-the-chaos-family-tree - Bibliotecas populares de Python e PHP seqüestradas para roubar chaves AWS - https://www.bleepingcomputer.com/news/security/popular-python-and-php-libraries-hijacked-to-steal-aws-keys/ - Falhas no Screencastify - https://palant.info/2022/05/23/hijacking-webcams-with-screencastify/ - Atualizações do Zoom - https://thehackernews.com/2022/05/new-zoom-flaws-could-let-attackers-hack.html [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

It is time for YusufOnSecurity, welcome onboard to this week's show.Often it is not about what came in but rather what has been left behind. This week we will look at introducing digital forensics and what is involved when carrying out this painstaking process. Also coming up, a couple of pertinent security news that you might find relevant, including MITTRE Evaluation round 4 is out. Gitlab vuln that might need your attention. - https://www.cynet.com: 2022 MITRE ATT&CK Evaluation Results Overview - https://attack.mitre.org: ATT&CK- https://about.gitlab.com: Critical security release GitLab 14-9-2 released- https://en.wikipedia.org: Digital forensics-https://trustwave.com: 2019 Trustwave global security report. Please review this within the context of today more recent version. -https://www.verizon.com: Data Breach Investigations Report-https://www.cisco.com: Security outcomes study report- https://talosintelligence.com: Incident Response EmergencyBe sure to subscribe!    If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.com   You will find a list of all previous episodes in there too.

The rising adoption of digital processes in manufacturing has fundamentally changed how this sector does business. The increased reliance on digitization and network connectivity has sharpened the risks of company data exfiltration, intellectual property damages, and more, especially those stemming from insiders. Insider threat actors operate from a position of trust that allows them to circumvent security and evade detection for months, if not years. Manufacturing ranks among the top five industries with the highest reported insider breaches and privilege misuse. In Verizon's Data Breach Investigations Report, nearly 40% of the cybersecurity incidents in manufacturing traced to insiders, including partners and third-party vendors. The same report outlined 57% of database breaches to an insider within the organization. According to a CISA report, the manufacturing sector reported the highest number of insider attacks among companies in the critical infrastructure sector. These incidents can be perpetrated by employees of all ranks, contractors, third-party vendors, and partners resulting in severe damages to businesses of all sizes. IBM's annual Insider Threat report estimates the average cost of insider attacks rose by 31% in 2020 to $11.45 million from the previous two years, and the number of insider incidents climbed by 47%. Insider security breaches in manufacturing are now an impending reality requiring companies to safeguard themselves. This article dives deeper into the dynamics and challenges leading to the rise of insider incidents in manufacturing and ways to mitigate those.

The way we authenticate online is fundamentally broken. Technology has evolved significantly since the advent of the internet, yet we still rely primarily on passwords for authentication. Passwords pose significant security and user experience issues, negatively impacting both consumers and businesses. In addition, passwords are also responsible for the vast majority of data breaches each year. According to Verizon's 2021 Data Breach Investigations Report, 81% of all breaches involve weak or stolen passwords. In addition to being insecure, passwords also introduce significant consumer frustration. According to a recent Google study, ~75% of users report feeling overwhelmed trying to keep track of their passwords. So it's no surprise that users often re-use the same password across sites to make this process easier, but it introduces its own risks. Julianna Lamb, co-founder, and CTO of Stytch, joins me on Tech Talks Daily to explore this topic in more detail. Stytch is the first company that's built a platform for passwordless authentication so that any application or website can embed passwordless sign-up and login flows. I learn more about the story behind Stych. We also discuss how thousands of companies have used Stytch's software to eliminate password-based authentication's security and user experience shortcomings.

Is the Verizon Data Breach Investigations Report (DBIR) trustworthy enough for cyber risk managers to use it to choose new or improved mitigations? Our guest Suzanne Widup, one of the long-time authors of the report, will tell us how the report is made and why you can trust it. Your hosts are Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Verizon's Suzanne Widup joins the podcast to provide insight into cybersecurity trends and share key findings from the service provider's annual Data Breach Investigations Report (DBIR). The full report can be downloaded here.  As the senior principal threat intel analyst for Verizon and co-author of the DBIR, Widup has her finger on the pulse of hackers' evolving efforts to undermine network security via phishing attacks, ransomware and social engineering.  "We've seen tremendous growth in our data sets over time on both social attacks and ransomware," said Widup. Hacker's approach to ransomware has evolved as well – "Now you not only lose access to your data but they can give it to other people … we've seen the commoditization of ransomware, giving out ransomware-as-a-service and how mature these marketplaces have become."  In addition, as enterprises became more reliant on cloud networking during the pandemic, hackers took advantage of this shift. Bad actors also took advantage of public interest in pandemic-related news by incorporating language around COVID-19 into their phishing lures.  "We did see more of the attacks targeting the cloud systems than we had before," said Widup. "The phishing lures take whatever the current headline is, so COVID was all over the place there." 

Let's conclude our look at the 2021 Verizon DBIR report. Today we'll review the data by industry and the revised attack patterns with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

Have you read the Verizon DBIR report for 2021? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

This week Gar is joined by Prescott Pym, Head of Managed Security Services for Verizon's APAC SOC and still a self-confessed ‘cyberholic'. With 14 years under his belt at Verizon his experience and insights run deep. Prescott brings his wealth of experience along with his passion for cyber resilience to this discussion focused on Verizon's 2021 Data Breach Investigations Report. Prescott walks us through the changes to Verizon's approach with the DBIR this year, key findings, some of the nuances in the industry and regional data such as the prevalence of social engineering in APAC, and what the data can be used for in terms of planning. To get your copy of Verizon's 2021 Data Breach Investigations Report please follow this link: https://vz.to/3A15sYM For the latest cyber news and insights head to www.getcyberresilient.com

The Verizon DBIR is a bellwether of what's happening in IT Security. Our guest, Verizon's Chris Novak, covers the main takeaways of the report, and also explains how paying off ransomware just might get the victim into legal trouble.

Digital Shadows CISO Rick hosts this edition of ShadowTalk. He’s joined by special guest David Thejl-Clayton , Senior Advisor in Cyber Defense at Combitech. They discuss: - David talks origin story, his journey through CTI, and his current role at Combitech - His obsession with data driven response and how that data-love came to be - He and Rick reminisce about favorite speakers at SANS - They discuss the Verizon DBIR - what’s to come? - Purple-teaming - how to bring value to organizations through data ***Resources from this week’s podcast*** Find David on Twitter: https://twitter.com/DCSecuritydk Find David on LinkedIn: https://www.linkedin.com/in/davidclayton454/ Data Driven Incident Response: https://www.youtube.com/watch?v=Ll60XUJnRTw SANS CTI Summit - VERISIZE your way into CTI: https://www.youtube.com/watch?v=AwMC6INC5TE https://www.sans.org/blog/a-visual-summary-of-sans-cyber-threat-intelligence-summit/ Vocabulary for Event Recording and Information Sharing (VERIS): http://veriscommunity.net/ 2020 Data Breach Investigations Report: https://enterprise.verizon.com/resources/reports/dbir/

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, do a quick analysis of the 2020 edition of the Verizon Data Breach Investigations Report.

This week Gar is joined by Prescott Pym, Operations Director for Network Security at Verizon and self confessed ‘cyber-holic'. Prescott spent 7 years working at the Australian Bureau of Statistics before joining Verizon as a security analyst back in 2007. Prescott has built out SOC teams in Australia, India, Japan, Germany, Switzerland and the USA and currently runs a 70 person APAC SOC with a focus on government. Prescott brings a wealth of experience along with his passion for cyber resilience to this discussion focused on Verizon's 2020 Data Breach Investigations Report including how Verizon use the report, the unexpected trends the data highlights, how the tried and tested attacks are still doing damage, what the data means to small and large businesses and where these attacks are coming from. To get your copy of the Verizon's 2020 Data Breach Investigations Report please follow this link: https://vz.to/3hR38eI

The reality of data breaches and other cyber threats continues to grow year after year and the only way we know what’s happening and how to address it is through the dedicated work of teams who do in-depth annual analysis of real-world security incidents. The team at Verizon produces the annual Data Breach Investigations Report (DBIR) which has quickly become one of the most respected and helpful security reports published. The report includes data from real incidents and real breaches, providing insight into what happened, how it happened, and who was responsible both externally and internally. It’s a powerful resource to help organizations of all sizes and in every industry understand their vulnerability to cyber threats. Listen to hear about the 2020 version of the report and discover how the information gleaned through this assessment can inform your security protocols and approaches. You will want to hear this episode if you are interested in... The history and mechanics of the Data Breach Investigations Report [2:20] The big changes in this year’s report [5:11] A high-level look at security concerns for the healthcare industry [8:11] The vital importance of basic cyber hygiene [13:02] Takeaways for business leaders [17:10] Year over year analysis of the 2020 DBIR [20:11] The vital need for security in both small and large companies [26:15] Why personal data theft was one of the highest incidences in the report [31:22] The bad actors discovered in the report and how to protect your organization [34:01] Benefits for many industries and roles within organizations [43:48] The Healthcare Industry Remains A Huge Cyber Target As you can imagine, the healthcare industry is one of the most data-intensive and data-sensitive industries. It is an area that requires some of the highest security measures due to the volume of personally sensitive data that exists within the system. Healthcare organizations are responsible for a great deal when it comes to security.  The reason healthcare is always a big target for hackers and other bad actors is that the data healthcare providers manage is highly monetizable. The intense security required comes down to access control and identity access management procedures, as well as continual monitoring to ensure internal personnel only access data repositories that are relevant to the work they are doing for the organization.   But there are also many external concerns. In the healthcare industry, there exists a complex partner ecosystem that works with shared data. Each partner organization must perform its due diligence when it comes to security so the entire network of partners can be secure. Listen to hear how the healthcare industry has made great strides and where it still needs improvement. Are You Overlooking The Security Of Your Intellectual Property? With such a necessary focus on Personal Identifying Information (PII) and Personal Health Information (PHI) it is understandable that in many scenarios, the security of Intellectual Property (IP) falls to a lesser priority. But this year’s report makes it clear that Intellectual Property is a target of cybercrime. When the need to secure IP does finally come into focus it’s usually too late and something has already been compromised or stolen. All industries need to recognize that their IP is just as important to protect as personal data. Key DBIR Takeaways For Executives One of the things I want to highlight from this conversation is that the data shows that security is an issue at most companies. That's a reality the C-suite needs to understand because they are the ones who can move security initiatives forward aggressively and ensure that security is a consideration from the outset of every project. This year’s DBIR will help the C-suite understand... The complexity of the security puzzle. Many variables need to be addressed and every industry and company within the industry has unique concerns. The specific issues their security teams are facing. The industry-specific aspects of the DBIR enable a targeted approach per industry and vertical rather than a broad one More likely security risks VS a broader “What could happen?” perspective. Knowing the data behind existing breaches and compromised security measures enables organizations to take a focused look at similar risks in their companies Listen to this episode to learn how foundational issues such as DDOS attacks, delivery errors, lack of adequate processes and procedures, lack of secure credentials, and weak enforcement of best practices lead to some of the most significant risks. Your security team will thank you for taking the findings of this report seriously. Resources & People Mentioned The 2020 Data Breach Investigations Report David’s TED Talk on Time Management Verizon’s Payment Security Report Verizon’s VIPER Report Verizon’s Insider Threat Report Connect with David & Jason Follow David Grady on LinkedIn Follow Jason Graff on LinkedIn Connect With Carousel Industries https://www.carouselindustries.com/ On LinkedIn On Facebook On Twitter: @Carousel_Ind On YouTube On Instagram Subscribe to ALWAYS ON Audio Production and Show notes byPODCAST FAST TRACKhttps://www.podcastfasttrack.com

Join Joseph Carson from Thycotic and Mike Gruen from Cybrary as they deep dive into Verizon's 2020 Data Breach Investigations Report. We'll share the good news of what the industry has been doing well this year and we'll also share the not-so-good news. Ransomware, malware, credential stuffing, employee cyber education, and much more will be discussed. Plus, we'll give a rundown of the measures you should have in place to protect your organization against these threats starting today.

Verizon's annual Data Breach Investigations Report confirmed 3,950 data breaches across 16 industries. Tom Merritt explains five things to know about these breaches. Subscribe to TechRepublic Top 5 podcast: Spotify: https://tek.io/2tgVu8Z Stitcher: https://tek.io/2OhZLjL Apple Podcasts: https://tek.io/2RKy8lx Google Play: https://tek.io/36Ox2tk Follow TechRepublic: Subscribe to TechRepublic Top 5 on YouTube: https://tek.io/2KkjL3l Watch more TechRepublic videos: https://www.youtube.com/techrepublic TechRepublic on Twitter: https://twitter.com/TechRepublic/ TechRepublic on Facebook: https://www.facebook.com/TechRepublic/ TechRepublic on Instagram: https://www.instagram.com/techrepublic/ TechRepublic on LinkedIn: https://www.linkedin.com/company/techrepublic/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Pinto from Verizon Enterprise joins Dennis Fisher to discuss the findings of the 2020 Data Breach Investigations Report.

Jim and Jeff talk about some of the findings in the recently released 2020 Verizon Data Breach Investigations Report (link below). Report link: https://enterprise.verizon.com/resources/reports/dbir/ Identiverse 2020 Conference Link: https://identiverse.com/ Connect with us on LinkedIn: Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Email your questions, suggestions, and topic requests to the show at questions@identityatthecenter.com Brought to you by identropy.com --- Send in a voice message: https://anchor.fm/identity-at-the-center/message

Analizamos el reporte 2019 Data Breach Investigations Report de Verizon El reporte concluye básicamente que el uso de passwords debería de desaparecer porque representa el punto más inseguro actualmente. Es interesante revisar los datos de las diversas técnicas de ataque.

+ Analizaremos el libro “La dictadura de los datos de Britanny Kaiser + Robots de Boston Dynamics atienden en hospitales. + Coronavirus en China: cómo funciona el polémico sistema chino de vigilancia + Analizamos el reporte 2019 Data Breach Investigations Report de Verizon + Un cuarto de los smartphones en el mundo no podrá usar la tecnología de Apple y Google para detener la pandemia. + Una vulnerabilidad en iPhones y iPads desde ocho años al parecer están bajo un ataque activo de hackers sofisticados para hackear los dispositivos de objetivos de alto perfil.

Verizon has published their "Data Breach Investigations Report" for some time now and with the news of data leaks, ransomware attacks and more of that kind of horror dominating much of the technology conversation, we gratefully borrow this report to dedicate a full episode on this subject. As ever, we never shy away from deviating form the subject a little (or a lot) but this time we did try to keep close to the subject matter. If you're in any way connected to cyber security, and honestly, everybody in the tech world should be, you owe it to yourself to download the DBIR or, even better, listen to this episode! You can download the full report, or an executive summary directly from the Verizon website. Here direct links to the DBIR pdf and executive summary. And kudos to Verizon for not putting this document behind a "leave you email here" or other form of "paywall"! Just click the "view only" button if you prefer not to share your details! Please use the Contact Form on this blog or our twitter feed to send us your questions, or to suggest future episode topics you would like us to cover.

The 12th annual edition of the Verizon Data Breach Investigations Report (DBIR) was just released. The release of the DBIR is big news every year; people and companies wait patiently for the report to get published, so they read it and “absorb” it. Are you one of those people? Did you download it? Did you skim through it? Did you read it cover to cover? Or, did you (or do you plan to) go that extra step to work through it with your team to help your company operationalize its risk and information security programs? Hopefully, you take those extra moments to do just that. There’s a ton of data, stories, and actionable information in this report — especially when combined with other reports from Verizon, including the Insider Threat Report and the Data Breach Digests. Let’s dig into this episode so you can spring into action. ________ This episode of At The Edge is made possible by the generosity of our sponsor, Interfocus. Be sure to visit their directory page on ITSPmagazine at: https://www.itspmagazine.com/company-directory/interfocus

Turla is back, and with a clever backdoor called “LightNeuron.” Verizon’s Data Breach Investigations Report shows that the C-suite remains a big target of social engineers, that crooks are following companies into the cloud, that ransomware remains popular, and that people seem warier of phishing. Bad actors peddle influence in the EU. Binance gets looted, Baltimore gets hacked. Meny Har from Siemplify explains SOCs, SIEMs and SOARs. Ben Yelin from UMD CHHS considers emojis in the courtroom.

In this episode we have a deep conversation with security data scientist Jay Jacobs concerning the reliability of breach reporting, long tail curves, future trends, and the business of ransomware. Jacobs enjoys digging into data to find the insight and knowledge to tackle hard problems for customers, partners and the community at large. He is currently Partner & Co-Founder of the Cyentia Institute, a security data analytics consultancy. Although he’s taken on many projects, he’s best known for strong contributions to Verizon’s annual Data Breach Investigations Report series and his book Data-Driven Security: Analysis, Visualization and Dashboards. He is a founding member of the Society of Information Risk Analysts, and remains an active proponent of improving how we measure and manage risk. Disclaimer:  This podcast does not represent the views of former or current employers and / or clients. This podcast will make every reasonable effort to verify facts and inferences therefrom. However, this podcast is intended to entertain and significantly inform its audience based on subjective reason based opinions. Non-public information will not be disclosed. Information obtained in this podcast may be materially out of date at or after the time of the podcast. This podcast is not legal, accounting, audit, health, technical, or financial advice. © Abstract Forward Consulting, LLC.

Welcome to Season 1, Episode 011, of Web and BeyondCast, "GDPR for Small Business." (If you’re reading this in a podcast directory/app, please visit http://webandbeyondcast.com/011 for clickable links and the full show notes and transcript of this cast.) According to Verizon’s 2018 Data Breach Investigations Report, “58% of malware attack victims are categorized as small businesses.” And, in the 2017 Cybercrime Report by Cybersecurity Ventures, they note that “cybercrime damages will cost the world $6 trillion annually by 2021.” It’s with this general risk in mind that the European Union started the process of updating its already-existing Data Protection Directive from 1995, and enacted the General Data Protection Regulation. Or, as some of you might have heard it as its acronym, GDPR. I’ll call it GDPR for the rest of this episode. I’ve gotten many questions about this topic, so in today’s episode, I’m going to do a deep-dive into: What is GDPR? Who Does GDPR Apply to? What Are the Key Provisions of GDPR for Small Business? What Actions Should You Take To Be and Stay GDPR-Compliant? Disclaimer: None of this should be taken as legal advice. I’m trying to give an explanation of a highly complex, evolving extraterritorial law, and additional laws, and if you have specific questions about your situation and the laws that impact your business, you should seek licensed legal counsel in your jurisdiction. If you'd like to discuss this episode, please click here to leave a comment down below (this jumps you to the bottom of the post), or feel free to contact me here about any other questions or comments. In this Cast | GDPR for Small Business Ray Sidney-Smith, Host Show Notes | GDPR for Small Business Resources we mention, including links to them will be provided here. Please listen to the episode for context. Key Terminology: Subject - a living, natural person (so corporate/business entities, governments or anything other than a living human being don’t count under GDPR) Personal Data - any data that can identify a subject directly or indirectly, so some common forms of Personal Data are a living person’s name, address, phone number, date of birth, and tax identification number. But, it encompasses any data that fits this category. Anonymous data does not apply. Personal Sensitive Data, or Sensitive Personal Data - a class of Personal Data, that should be subjected to a higher level of protection, includes “data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.” Data Controller - a person or entity “which...determines the purposes and means of the processing of personal data” Data Processor - a person or entity which processes personal data on behalf of a Data Controller Key Provisions: Data security versus Data Privacy - chain link fence versus a 10’ solid brick wall. GDPR applies to customers and employees of your business. Right to Consent ...for the data you collect about your customers and employees. This includes access to that data. Right of Access ...to the data about you. Right to Portability ...exportable and in a useable format. Right to “Rectification” ...fix inaccurate data or request data not be used any longer. Right to Erasure ...aka right to be forgotten ...erasure of subject’s data upon request. All of these aforementioned requests from data subjects are to be responded within 30 days and you cannot charge them for it--it must be free-of-charge. Right to be Informed ...in the event of a data breach, that “is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.” (Source)

In its comprehensive annual review of cybersecurity breaches, Verizon found some predictable trends. But it also found some attacks and methodologies that might send your eyebrows to the top of your head. Marc Spitler, co-author of Verizon's Data Breach Investigations Report, joined Federal Drive with Tom Temin for the highlights and details on how your cyber strategy should change.

Разговор с Владимиром Илибманом о полугодовом отчете Cisco, кроликах и статистике. Всегда актуально. Intro / Outro State of Mind by Audiobinger http://freemusicarchive.org/music/Audiobinger/~/State_of_Mind BadRabbit Technical Analysis https://www.endgame.com/blog/technical-blog/badrabbit-technical-analysis Звіт Cisco з інформаційної безпеки за перше півріччя 2017 року https://engage2demand.cisco.com/LP=7258 2016 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_DBIR_2016_Report_en_xg.pdf The Black Swan by Nassim Nicholas Taleb https://www.amazon.com/Black-Swan-Improbable-Robustness-Fragility/dp/081297381X Связаться с Владимиром можно по адресу voilibma@cisco.com или https://www.facebook.com/vladimir.ilibman

In this episode, we discuss why shifting to a comprehensive data-centric strategy is critical to securing a business, how human nature has affected the evolution of cyber attacks, and how employee education is essential to security success. Join Forsythe’s host Cherie Caswell Dost, formerly of Chicago Public Radio, and industry expert Matt Sickles, senior principle consultant, Forsythe Security Solutions, for a multi-episode series of our podcast, And There You Have IT. In this six-part series, “The Six Pillars of Security," we’ll explore how companies can stay agile and secure in the face of an ever-evolving threat landscape. According to Gemalto's Breach Level Index 2016 Report, data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86 percent over 2015. And Verizon's 2016 Data Breach Investigations Report found that in 93 percent of cases where data was stolen, systems were compromised in minutes or less. Organizations, meanwhile, took weeks or more to discover that a breach had even occurred — and it was typically customers or law enforcement that sounded the alarm, not their own security measures. Traditional prevention and detection methods are being bypassed, and many organizations either don’t know what to do, or don’t have the right resources in place to advance their security. To keep up with highly skilled and aggressive attackers, we need to move beyond the predictable patterns of network security and static defenses that our cyber adversaries are well-attuned to. Listen to the podcast to learn more. 10 Keys to Data-Centric Security - It is no longer enough to focus our efforts on networks and endpoints. As IT changes continue to occur, organizations need to keep pace and advance their security by focusing on the data itself through the development of a data-centric security program. 7 Key Elements of a Successful Encryption Strategy - It’s imperative to remember that your encryption program — and IT security in general — is a process, not a product. Effective encryption takes time; in addition to careful consideration of data states and encryption techniques, there are seven key elements that can help you build a successful end-to-end approach. Forsythe Technology - For more than 40 years, Forsythe has helped companies succeed by working to optimize, modernize, and innovate enterprise IT. We develop solutions that make practical business sense from idea to implementation. We help champion innovation and deliver bottom-line results. We serve as the bridge, moving you from traditional to new IT. Whatever your business needs, we make it happen.

Jam Session: 2016 Verizon DBIR Advanced Persistent Security Podcast Episode 14 Guest: Matthew Eliason May 5, 2016 If you enjoy this podcast, be sure to give us a 5 Star Review ...

Intro / Outro Skylar Grey - White Suburban FORTINET Security Day 2015 http://www.pcweek.ua/themes/detail.php?ID=149082 iForum http://2015.iforum.ua/ Introducing CSX skills-based CYBERsecurity training and performance-baced certifications http://goo.gl/nB0GHu СТАЛЕВИЙ БУБЕН - IX (2015-04-04) http://www.steeldrum.org.ua/ua/fotolalereji/stalevyj-buben-ix-20140404.html#prettyPhoto С Днем рождения, Владимир! 2015 Data Breach Investigations Report (pdf) http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015-insider_en_xg.pdf Risky Business #362 http://risky.biz/RB362 IBM to release 20 years worth of cyberthreat data http://www.rcrwireless.com/20150416/big-data-analytics/ibm-to-release-20-years-worth-of-cyber-threat-data  IBM® X-Force Exchange https://exchange.xforce.ibmcloud.com/  Wikileaks Publishes Hacked Sony Emails, Documents http://yro.slashdot.org/story/15/04/17/0246219/wikileaks-publishes-hacked-sony-emails-documents?utm_source=slashdot&utm_medium=twitter VeraCrypt 1.0f-2 http://www.opennet.ru/opennews/art.shtml?num=41996 French TV station TV5Monde hit by Islamic State hack http://news.yahoo.com/french-tv5monde-hit-pro-islamic-state-hackers-222158856.html The 4 stages of crypto ransomware http://www.slideshare.net/slideshow/embed_code/47068990 Find it in twitter https://twitter.com/recover_service Полиция Массачусетса заплатила выкуп в биткоинах, чтобы вернуть свои файлы http://geektimes.ru/post/248706/ Q&A about malicious ransomware software https://au.finance.yahoo.com/news/q-malicious-ransomware-software-040108255.html How the U.S. thinks Russians hacked the White House http://edition.cnn.com/2015/04/07/politics/how-russians-hacked-the-wh/index.html 66% devices patched Heartbleed https://twitter.com/achillean/status/585898269605101568 but Most top corporates still Heartbleeding over the internet http://www.theregister.co.uk/2015/04/08/still_bleeding_one_year_laterheartbleed_2015_research/ YUBIKEY, YUBIHSM: SECRET WEAPONS TO GUARD SECRETS https://www.yubico.com/2015/04/yubikeyyubihsm-secret-weapons-to-guard-secrets/ What Your Passwords Say About Your Psychology http://www.worldcrunch.com/tech-science/what-your-passwords-say-about-your-psychology/computer-security-psychology-cigarette-secret-/c4s18560/#.VTE6fXV7h5R

Disgruntled admin gets 63 months for massive data deletionIntellipedia?AT&T manager on laptop loss: 'It is pathetic'FTC wants to hit the spyware guys where it hurtsSoftware security hole shows utilities and other infrastructure vulnerableVerizon Business 2008 Data Breach Investigations ReportBank of America check card data compromisedRansomwareWe lost both Ben and Doug 30 min into the podcast - excuse the slight dead air.Intro music by Walt Ribeiro - RushHostsGene Naftulyev, CISSPAnatoly Elberg, CISSPDoug Landoll, CISSPBen Spader, CISSP

In Part II of this podcast series on the Verizon Business 2008 Data Breach Investigations Report, Bryan Sartin, director of investigative response for Verizon Business Security Solutions, summarizes key report findings and discusses actions enterprises can take to help prevent data breaches. Based on an analysis of hundreds of corporate data breaches, including three of […]

The majority of corporate data breaches are avoidable with reasonable security measures. In Part I of this two-podcast series, Bryan Sartin, director of investigative response for Verizon Business Security Solutions, provides a general overview of the 2008 Data Breach Investigations Report and describes the methodology used to compile the findings of this ground-breaking analytical report. […]