POPULARITY
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical cybersecurity topics, including newly discovered Windows Zero Days, insights from Verizon's latest Data Breach Investigations Report, and a significant credential leak at CISA. They emphasize the importance of vulnerability management, the evolving threat landscape, and best practices for securing sensitive data. The conversation highlights the need for organizations to adapt quickly to emerging threats and implement robust security measures to protect against breaches.----------------------------------------------------YouTube Video Link: https://youtu.be/DtPgg2jQCyM----------------------------------------------------Documentation: https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html?m=1https://www.verizon.com/business/resources/T158/reports/2026-dbir-data-breach-investigations-report.pdfhttps://arstechnica.com/information-technology/2026/05/in-stunning-display-of-stupid-secret-cisa-credentials-found-in-public-github-repo/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
The 2026 Verizon DBIR is here — and one finding changes the conversation around cyber risk.For years, the industry has focused on identity as the primary attack surface. But according to the latest Data Breach Investigations Report, vulnerability exploitation has now overtaken credential abuse as the most common initial access vector in breaches.In this episode of Reimagining Cyber, Tyler Moffitt breaks down what the report really means for defenders, MSPs, and SMBs. He explores why attackers are moving faster than patch cycles, how AI is accelerating both exploitation and phishing, and why “identity vs. patching” is the wrong debate.He also unpacks:Why vulnerability exploitation surged to the top attack vectorHow AI is compressing the timeline from disclosure to attackWhy ransomware still dominates breach outcomesThe growing role of third-party and supply-chain riskWhy SMBs struggle most with patch management and visibilityPractical steps organizations should prioritize right nowWhat MSPs should be telling customers after this year's DBIRKey takeaway:“Identity is the new perimeter, but vulnerability management is still the unlocked window.”If you work in cybersecurity, IT, risk management, or support SMB environments, this episode delivers practical insight into where attackers are succeeding — and what organizations need to do next.#CyberSecurity #DBIR #Ransomware #PatchManagement #IdentitySecurity #AI #MSP #CyberRisk #VerizonDBIR #InfosecAs featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking PodcastsThis list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
⬥EPISODE NOTES⬥ The most dangerous sentence in cybersecurity disclosure right now is "no evidence of unauthorized access to our network." It is technically true. It is also operationally hollow. The customer whose data is on a leak site does not care which network it left from. The plaintiff in Bexar County does not care. The regulator about to receive a federal incident report under a 72-hour clock that starts at suspicion, not confirmation, will not care. In April 2026, two U.S. banks disclosed an incident at the same unnamed third-party vendor. Six class action lawsuits followed in two weeks. The vendor still has not been publicly named. The plaintiffs sued the banks anyway. In a separate situation, an alleged Adobe breach surfaced through a threat actor's claims about a third-party business process outsourcing firm -- and as of the coverage reviewed for this analysis, no public confirmation or denial from Adobe had surfaced. This is the Common Point of Failure pattern, and it is arriving with enough frequency that it deserves to be named clearly.
⬥EPISODE NOTES⬥ The most dangerous sentence in cybersecurity disclosure right now is "no evidence of unauthorized access to our network." It is technically true. It is also operationally hollow. The customer whose data is on a leak site does not care which network it left from. The plaintiff in Bexar County does not care. The regulator about to receive a federal incident report under a 72-hour clock that starts at suspicion, not confirmation, will not care. In April 2026, two U.S. banks disclosed an incident at the same unnamed third-party vendor. Six class action lawsuits followed in two weeks. The vendor still has not been publicly named. The plaintiffs sued the banks anyway. In a separate situation, an alleged Adobe breach surfaced through a threat actor's claims about a third-party business process outsourcing firm -- and as of the coverage reviewed for this analysis, no public confirmation or denial from Adobe had surfaced. This is the Common Point of Failure pattern, and it is arriving with enough frequency that it deserves to be named clearly.
The human-speed defense of small business is being obliterated by the machine-speed offense of AI-driven cybercrime. Today, what large companies treat as a manageable risk is a terminal expense for small enterprises, with 60% of small enterprises shutting down within six months of a major attack. As AI-crafted phishing lures achieve a 54% click-through rate, traditional “awareness” training has become a shallow defense against an automated tide. We are at a strategic crossroads: do we outsource our security to Big Tech, wait for the government to mandate a minimum level of security, or return to the “radical collaboration” that built the Internet itself? Can we bake immunity directly into the Internet’s plumbing before the 400 million small businesses that form our economic backbone become mere collateral damage? Join us for a conversation with Brian Cute, the CEO of the Global Cyber Alliance. A veteran of Internet governance, he has held leadership roles at ICANN and the Public Interest Registry (the .org registry). He now leads The Global Cyber Alliance’s mission to deliver practical and effective tools to those most at risk in a fractured digital landscape. Hosted by: Alexa Raad and Leslie Daigle. Further reading: 2025 Data Breach Investigations Report, Verizon 110+ of the Latest Data Breach Statistics to Know for 2026 & Beyond ElectroIQ Small Business Stats 2025 SentinelOne 2026 CVE Forecast GCA Cybersecurity Toolkit for Small Business Cyber Basics: A free three-week training series for small businesses The views and opinions expressed in this program are our own and may not reflect the views or positions of our employers.
Third-party risk is no longer a background concern for healthcare organizations -- it is a frontline challenge. Jason Kor, Principal at HITRUST, works on the company's third-party risk management team, helping enterprises understand the security risk embedded in their supply chains. The numbers tell a stark story: according to Security Scorecard, 99% of the world's 2,000 largest companies are actively connected to a vendor that has experienced a breach in the past 18 months. And Verizon's Data Breach Investigations Report shows that the share of breaches tied to a third party has doubled year over year. HITRUST exists precisely to help organizations move from awareness to action. HITRUST will be at HIMSS 2026 in Las Vegas, March 9-12, at Booth 11307. Stop playing whack-a-mole with vendor risk -- step into the VR challenge and win prizes. For organizations already holding a HITRUST certification, the team has something else waiting: a trophy recognizing the commitment to independent, external audits and rigorous security standards. For those exploring certification for the first time, the booth is a chance to understand how HITRUST compares to alternatives like SOC 2 questionnaires -- and why scalability and risk reduction make it the stronger choice for supply chain assurance. Kor puts it plainly: the audits are time-consuming and expensive because they are effective. And at the end of the process, someone reads that report and makes real business decisions based on what it contains. Two major themes converge at this year's event: supply chain risk and AI. HITRUST has already launched an AI security assessment offering, and new CSF releases are on the horizon, including a report center feature enabling online review of assessments for anti-fraud and continuous monitoring purposes. On Tuesday, March 10, 2026, from 11:10 AM to 11:30 AM, Kor will deliver a 20-minute session titled "Understanding AI Security Risk -- The New Blind Spot in TPRM and Supply Chain Resilience." The session addresses a rapidly evolving challenge: as organizations build their own generative AI tooling -- or work with third parties that have integrated AI into their products -- questions around data sovereignty, input handling, and model provenance become critical, especially in healthcare where electronic health information is at stake. Also on the HIMSS 2026 agenda from HITRUST: Ryan Patrick, Executive Vice President of TPRM Customer Solutions, joins John P. Houston of UPMC and Chuck Christian of Franciscan Health for a Brunch Briefing titled "Building Secure, Compliant, and Resilient Healthcare Systems Together" on Tuesday, March 10, 2026, from 10:30 AM to 11:45 AM at Level 1, Casanova 505. The session offers practical strategies, frameworks, and real-world lessons for organizations looking to reduce risk, enhance protection, and advance trust in an evolving threat and regulatory landscape. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Jason Kor, Principal, HITRUSThttps://www.linkedin.com/in/securityconsultantcissp/ RESOURCES HITRUST: https://hitrustalliance.net Jason Kor Session -- Understanding AI Security Risk -- The New Blind Spot in TPRM and Supply Chain Resilience (Tuesday, March 10, 2026, 11:10 AM - 11:30 AM): https://app.himssconference.com/event/himss-2026/planning/UGxhbm5pbmdfNDMyMTMxOA== Building Secure, Compliant, and Resilient Healthcare Systems Together -- Brunch Briefing (Tuesday, March 10, 2026, 10:30 AM - 11:45 AM): https://app.himssconference.com/event/himss-2026/planning/UGxhbm5pbmdfNDMzNzQwMQ== HIMSS 2026 Global Health Conference and Exhibition: https://www.itspmagazine.com/cybersecurity-technology-society-events/himss-global-health-conference-amp-exhibition-2026 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Jason Kor, HITRUST, Sean Martin, brand story, brand marketing, marketing podcast, brand spotlight, third-party risk management, TPRM, supply chain risk, healthcare cybersecurity, HIMSS 2026, AI security, generative AI risk, HITRUST CSF, cybersecurity certification, data sovereignty, electronic health information, vendor risk management Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
The Today in Manufacturing Podcast is brought to you by the editors of Manufacturing.net and Industrial Equipment News (IEN).This week's episode is brought to you by Blumira. The 2025 Data Breach Investigations Report from Verizon revealed that manufacturers reported 1,607 data breaches in 2024, a substantial increase from 2023.A new video from Blumira shares real data from manufacturers to show you how to expand your awareness of the current cybersecurity landscape. It includes proactive strategies to minimize the risk of data exploitation and technologies that help monitor threats in real-time. Watch the video right now. Every week, we cover the five biggest stories in manufacturing, and the implications they have on the industry moving forward. This week:- Layoffs Are Piling Up, Raising Worker Anxiety- How Hershey's Chocolate Survived An Attack from Mars- Toyota Debuts Autonomous Car Concept to Transport Kids- Anduril Opens Ghost Shark Factory as First Autonomous Underwater Vehicle Rolls Off the Line- UPS Plane Crashes and Explodes at Kentucky AirportIn Case You Missed It- ATS Countersues Andersen After Accusations of 'Poor Management' for Project That Ran 860 Days Late- Carbon Capture Pipelines Have Struggled to Advance, but a Project in Nebraska Has Found Success- Lockheed Invests $50M to Weaponize Autonomous SailboatsPlease make sure to like, subscribe and share the podcast. You could also help us out a lot by giving the podcast a positive review. Finally, to email the podcast, you can reach any of us at David, Jeff, Andy or Anna [at] ien.com, with “Email the Podcast” in the subject line.
Enjoying the content? Let us know your feedback!Today we're diving into something that keeps cybersecurity professionals up at night, and no, it's not the latest ransomware attack or data breach. It's something much more frustrating: the fact that despite spending billions of dollars on security awareness training every year, employees keep clicking on phishing emails, using weak passwords, and falling for social engineering attack.- https://www.sans.org: Security Awareness Training - https://www.verizon.com: 2025 Data Breach Investigations Report- https://ebbinghausmuseum.org: The Forgetting CurveBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.
In this episode, we speak with Dwayne McDaniel about exposed secrets in our GitHub repositories and figuring out when we've been compromised using Honeytoken. Links: Dwayne's site – https://dwayne-mcdaniel.com/ Verizon's Data Breach Investigations Report – https://www.verizon.com/business/resources/reports/dbir/ GitGuardian Blog – https://blog.gitguardian.com/ HoneyBadger.io – https://HoneyBadger.io Our Discord – https://discord.gg/aMTxunVx Buy our shirts – https://store.phparch.com/products/community-corner-podcast-t-shirt Scott's Social […] The post Community Corner: Exposed Secrets with Dwayne McDaniel appeared first on PHP Architect.
In episode 145 of Cybersecurity Where You Are, Sean Atkinson and Tony Sager begin their mid-year review of 12 Center for Internet Security® (CIS®) experts' cybersecurity predictions for 2025. Here are some highlights from our episode:01:14. Verizon's Data Breach Investigations Report as a source of enlightenment and humility02:28. The use of generative artificial intelligence (GenAI) to finely tune phishing emails06:31. Cyber threat actors' Darwinian efficiency in adopting new technology07:50. Policies, oversight, and compliance in slowing defenders' adoption of technology10:30. The two-sided, dynamic challenge of managing supply chain risk18:23. Cybersecurity as a strategic business investment in protecting revenue20:40. The value of partnerships in determining rational social expectations for cybersecurity26:45. Rapid recap of several of our 2025 cybersecurity predictions28:43. Designing technology with human awareness to create a culture of responsibility32:29. The need to rethink what "connected" means in our complex worldResources12 CIS Experts' Cybersecurity Predictions for 2025Episode 117: 2025 Cybersecurity Predictions from CIS Experts2025 Data Breach Investigations Report2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationEpisode 119: Multidimensional Threat Defense at Large EventsHow to Construct a Sustainable GRC Program in 8 StepsSociety of Information Risk AnalystsReasonable CybersecurityEpisode 135: Five Lightning Chats at RSAC Conference 2025If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
The Medcurity Podcast: Security | Compliance | Technology | Healthcare
What's really driving breaches in healthcare?This episode breaks down key stats from the 2025 Verizon Data Breach Investigations Report—including ransomware trends, human error patterns, and how attackers are moving faster than ever. We'll highlight what it means for your organization and where to focus your efforts this year.Learn more about Medcurity here: https://medcurity.com#Healthcare #Cybersecurity #Compliance #HIPAA #SecurityRiskAnalysis #DBIR2025 #VerizonBreachReport #2025DBIR
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI
Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405
Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-405
Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Show Notes: https://securityweekly.com/esw-405
Now in its 18th year, the Verizon Business DBIR is one of the industry's longest standing and leading reports on the current cybersecurity landscape. This year's report analyzes more than 22,000 security incidents with victims spanning 139 countries, examining significant growth in third-party involvement in breaches, increases in ransomware and examines the average amounts paid and amount of time to patch vulnerabilities, among many other findings. Segment Resources: - https://www.verizon.com/about/news/2025-data-breach-investigations-report - https://www.verizon.com/business/resources/reports/dbir This segment is sponsored by Verizon Business! To read the full Verizon Business 2025 Data Breach Investigations Report, please visit https://securityweekly.com/verizonrsac. Over the past two decades, the browser has evolved from a simple web rendering engine to the primary gateway through which users interact with the internet, be it for work, leisure or transactions. In other words, browsers are becoming the new endpoint. Yet, despite the exponential growth of browser-native attacks, traditional security solutions continue to focus on endpoint and network, leaving a large gaping hole when it comes to browser security. SquareX has started the Year of Browser Bugs (YOBB), a yearlong initiative to draw attention to the lack of security research and rigor in what remains one of the most understudied attack vectors - the browser. Learn more about SquareX's Browser Detection and Response solution at https://securityweekly.com/squarexrsac Last Mile Reassembly Attacks: https://www.sqrx.com/lastmilereassemblyattacks Polymorphic Extensions technical blog: https://labs.sqrx.com/polymorphic-extensions-dd2310006e04 There is a growing overlap between endpoint and cloud environments, creating new security challenges. ThreatLocker has recently released innovative solutions designed to protect organizations operating in this space. These include Cloud Control, Cloud Detect, Patch Management, and other advanced security tools tailored to bridge the gap between endpoint and cloud protection. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerrsac to learn more about them! Jason Mical, Field CTO, discusses Devo and Detecteam's integrated solution, which proactively improves security posture by identifying and closing detection gaps. The integration combines Devo's comprehensive threat detection, investigation, and response capabilities with Detecteam's autonomic detection lifecycle platform to continuously validate and improve detection capabilities based on real-world attack scenarios. Solution demo: https://www.devo.com/interactive-demos/devo-detecteam-engineering-confidence-in-threat-detection/ This segment is sponsored by Devo . Visit https://securityweekly.com/devorsac to learn more about them! While the value of identity security remains largely untapped, SailPoint's latest Horizons of Identity Security report reveals that organizations with mature identity programs can bend their identity security-to-value curve and recognize disproportionately higher returns. These programs unlock new value pools and can help address emerging challenges, such as securing machine and AI agent identities. The 2024-25 Horizons of Identity Security report: https://www.sailpoint.com/identity-library/horizons-identity-security-3 Take the identity security maturity assessment: https://www.sailpoint.com/identity-security-adoption Learn more about SailPoint's Customer Experience Portfolio: https://www.sailpoint.com/customer-success/customer-experience-portfolio This segment is sponsored by SailPoint. Visit https://securityweekly.com/sailpointrsac to learn more about them! Identity has long been the soft underbelly of cybersecurity—but with AI, non-human identities (NHIs), and autonomous agents on the rise, it's now front and center for security teams, the C-suite, and boardrooms alike. Adversaries aren't just hacking systems anymore—they're hijacking identities to slip through the cracks and move undetected in systems. For too long, identity security was treated as interchangeable with IAM—but that mindset is exactly what left critical gaps exposed. Listen to our interview with Hed Kovetz as he unpacks why identity has become today's most urgent battleground in cyber. He'll what you can do about it with an identity security playbook that gives you the upper hand. https://resources.silverfort.com/identity-security-playbook/home https://www.silverfort.com/blog/shining-the-spotlight-on-the-rising-risks-of-non-human-identities/ This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about Silverfort's IDEAL approach to identity security! Show Notes: https://securityweekly.com/esw-405
In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir Show Notes: https://securityweekly.com/esw-404
In this topic segment, we discuss the most interesting insights from the 2025 edition of Verizon's DBIR. You can grab your own copy of the report at https://verizon.com/dbir Show Notes: https://securityweekly.com/esw-404
Qasim Ijaz Qasim Ijaz is the director of cybersecurity at a leading healthcare organization, overseeing detection, incident response, vulnerability management, purple teaming, and cybersecurity engineering. With a strong background in offensive security and risk management, he has helped organizations strengthen their defenses against evolving threats. He is also a dedicated educator, mentoring professionals and sharing his expertise at conferences such as BSides and Black Hat. You don't need to go far in the news these days to find out that another organization was hacked. Data breeches are a nightmare scenario for both leaders and the people they support. In this episode, Qasim and I explore what your team and you can do to be a bit more prepared. Key Points Use multi-factor authentication, passphrases, and a password manager. Freeze your personal credit reports. Do this for free directly with Experian, Equifax, and TransUnion. Leaders in bigger roles (executives, CEOs, board members) are larger targets for hackers due to their access and also their ability to occasionally side-step organizational guidelines. It's the non-technical pieces of a cyber response that organizations are least prepared for. Conduct incident response and disaster recovery tabletop exercises to uncover vulnerabilities before an attack. Regardless of organizational policy, employees will use AI. The best prevention assumes the inevitability of human behavior and works with it to improve systems. Resources Mentioned Recommended password managers: 1Password, Apple password app, Proton Pass Critical Security Controls by the Center for Internet Security Resources for Small and Medium Businesses by the Cybersecurity & Infrastructure Security Agency 2024 Data Breach Investigations Report by Verizon Business Related Episodes Dumb Things Smart People Do With Money, with Jill Schlesinger (episode 396) Where to Start When Inheriting a Team in Crisis, with Lynn Perry Wooten (episode 603) How to Use AI to Think Better, with José Antonio Bowen (episode 689) Discover More Activate your free membership for full access to the entire library of interviews since 2011, searchable by topic. To accelerate your learning, uncover more inside Coaching for Leaders Plus.
In this episode of Power Producers Podcast, David Carothers is joined by Ryan Smith, founder of RLS Consulting, to discuss the evolving world of cybersecurity and how insurance professionals can better navigate this complex space. Drawing on Ryan's extensive experience, they delve into actionable strategies for producers to engage clients on cyber risk, overcome objections, and build meaningful solutions that go beyond the policy. Key Points: The Intersection of Cybersecurity and Insurance Ryan highlights how cybersecurity and cyber liability are complementary solutions addressing the same problem: mitigating and transferring cyber risk. Understanding both perspectives helps producers connect the dots and provide more value to clients. Education Over Fear The conversation emphasizes the importance of educating clients about their cyber risks without resorting to fear-based selling. Producers are encouraged to focus on business impacts rather than technical vulnerabilities, fostering a consultative approach. Assessing Risk and Incident Preparedness Ryan shares insights on helping clients assess their cyber risks and prepare for incidents. He stresses the importance of asking key questions about incident response plans, compliance requirements, and the company's readiness for cyber threats. Shifting Client Mindsets The discussion tackles common objections, such as overconfidence in IT departments or the belief that “it won't happen to us.” Ryan suggests producers approach these scenarios with empathy and education, aligning solutions with clients' business priorities. Valuable Resources for Producers Ryan points to trusted industry reports, such as Verizon's Data Breach Investigations Report and IBM's Cost of a Data Breach Report, as tools to support client conversations and reinforce the importance of proactive cyber risk management. Connect with: David Carothers LinkedIn Ryan L. Smith LinkedIn Kyle Houck LinkedIn Visit Websites: Power Producer Base Camp RLS Consulting Killing Commercial Crushing Content Power Producers Podcast Policytee The Dirty 130 The Extra 2 Minutes
Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"
Ivanti's Robert Waters (Lead PMM, Exposure Management) is back with Chris Goettl (VP of Product, Patch Management) for the last of our three episodes covering Verizon's 2024 Data Breach Investigations Report, covering the third-most popular attack vector in breaches today: exploit vulnerabilities. And while they may be #3 in prevalence, they're #1 in Chris and Robert's hearts.To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes back Robert Waters (Lead PMM, Exposure Management) for a follow-up on Verizon's 2024 Data Breach Investigations Report, discussing the two main attack vectors used in most breaches -- phishing and credential attacks -- and how your organization should go about defending itself. To view Verizon's report, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from a listener, who writes in on an AirBnB debacle he was dealing with. Joe shares the newly released 2024 Data Breach Investigations Report from Verizon. Dave shares a story From the New York Magazine, written by Ezra Marcus, on a college sophomore from University of Miami who was found to be tangled up in a refund fraud scam that granted him a lavish lifestyle. Our catch of the day comes from Joe's mother this week. She happened to receive an email with the subject line being "your order is confirmed," coming from what looks to be "McAfee." Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: The Package King of Miami 2024 Data Breach Investigations Report You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
In episode 330 Tom, Scott, and Kevin discuss the new features for iPhones and Android phones designed to warn users about secret trackers, possibly aiding in identifying stalkers. The hosts discuss Apple and Google's collaboration on a technology called DOLT (Detecting Unwanted Location Trackers), aiming to improve user privacy by detecting Bluetooth trackers like Tiles […] The post New Tracker Warning Features on iPhones & Androids, 2024 Verizon Data Breach Investigations Report appeared first on Shared Security Podcast.
On this episode of The Cybersecurity Defenders Podcast we take a close look at the 2024 Verizon Data Breach Investigations Report.The Verizon 2024 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of the current cybersecurity landscape, highlighting significant trends and emerging threats. This year's report, the 17th edition, examines 30,458 security incidents and 10,626 confirmed breaches, marking a two-fold increase from the previous year. A key finding is the dramatic surge in vulnerability exploitation, which nearly tripled, driven by attacks on unpatched systems and zero-day vulnerabilities. Ransomware and extortion continue to be major threats, comprising 32% of breaches, with a notable rise in pure extortion attacks where data is stolen but not encrypted.The report also emphasizes the human element in cybersecurity breaches, with human errors contributing to 68% of incidents. Phishing remains a critical issue, with median times to click on malicious links and submit data being alarmingly short. Despite this, there is an encouraging increase in phishing awareness among users. Additionally, the report underscores the growing complexity of supply chain attacks, highlighting the vulnerabilities in third-party code and services. Interestingly, the impact of generative AI in cyberattacks remains minimal, with most uses being experimental rather than operational. The DBIR concludes with a call for improved vulnerability management and continued focus on human-centric security measures.You can download the full report here.
Talking Cyber is a Cybercrime Magazine podcast series that covers the latest news and breaking stories on the cybereconomy, hackers, intrusions, privacy, security and much more. In this episode, host Amanda Glassner is joined by Heather Engel, Managing Partner at Strategic Cyber Partners, to discuss Verizon's 2024 Data Breach Investigations Report and break down some of the key findings. To learn more about today's stories, visit cybercrimewire.com • For more on cybersecurity, visit us at https://cybersecurityventures.com
In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering. The episode touches on various cybersecurity measures, the omnipresence of multi-factor authentication (MFA) as a necessity rather than a best practice, and the surge in denial-of-service (DDoS) attacks. Hardy also discusses generative AI's role in enhancing social engineering attacks and the potential impact of deepfake content on elections and corporate reputations. Listeners are encouraged to download the DBIR for a deeper dive into its findings. Transcripts: https://docs.google.com/document/d/1HYHukTHr6uL6khGncR_YUJVOhikedjSE Chapters 00:00 Welcome to CISO Tradecraft 00:35 Celebrating Milestones and Offering Services 01:39 Diving into the Verizon Data Breach Investigations Report 04:22 Top Attack Methods: VPNs and Desktop Sharing Software Vulnerabilities 09:24 The Rise of Phishing and Credential Theft 19:43 Advanced Threats: Deepfakes and Generative AI 23:23 Closing Thoughts and Recommendations
In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering. The episode touches on various cybersecurity measures, the omnipresence of multi-factor authentication (MFA) as a necessity rather than a best practice, and the surge in denial-of-service (DDoS) attacks. Hardy also discusses generative AI's role in enhancing social engineering attacks and the potential impact of deepfake content on elections and corporate reputations. Listeners are encouraged to download the DBIR for a deeper dive into its findings. Transcripts: https://docs.google.com/document/d/1HYHukTHr6uL6khGncR_YUJVOhikedjSE Chapters 00:00 Welcome to CISO Tradecraft 00:35 Celebrating Milestones and Offering Services 01:39 Diving into the Verizon Data Breach Investigations Report 04:22 Top Attack Methods: VPNs and Desktop Sharing Software Vulnerabilities 09:24 The Rise of Phishing and Credential Theft 19:43 Advanced Threats: Deepfakes and Generative AI 23:23 Closing Thoughts and Recommendations
Send us a Text Message.In this episode, Spencer and Brad discuss the highly respected 2024 Verizon Data Breach Investigations Report (DBIR), a data-driven analysis of cyberattacks and data breaches from around the world. Tune in to discover the latest global trends and patterns in cybersecurity, as well as key insights for security professionals and executives. Don't miss out on this essential resource that has been shaping the industry for the past 15 years.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In this week's Security Sprint, Dave and Andy talked about the following topics. Warm Start: Tribal-ISAC merch! National Security Memorandum on Critical Infrastructure Security and Resilience. Biden-Harris Administration Announces New National Security Memorandum to Strengthen U.S. Department of Energy's Role in Ensuring Security and Resilience Across America's Energy Sector Biden signs new memo to boost security of US critical infrastructure White House announces new policy guiding infrastructure protection Verizon 2024 Data Breach Investigations Report Verizon's 2024 Data Breach Investigations Report: 5 key takeaways Verizon DBIR: Enterprises Know The Pain Of Zero Day Exploits All Too Well Verizon's 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA's KEV Catalog Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find Forescout: Exposing the exploited: Analyzing vulnerabilities that live in the wild Info Ops Russia is trying to exploit America's divisions over the war in Gaza; The effort includes artificial intelligence, fake social media accounts and a spike in state-sponsored Russian propaganda NewsGuard: Russia-Ukraine Disinformation Tracking Center: 477 Websites Spreading War Disinformation And The Top Myths They Publish Campus Protests Give Russia, China and Iran Fuel to Exploit U.S. Divide; America's adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say. Hurricane Preparedness. A Proclamation on National Hurricane Preparedness Week, 2024. Oklahoma and Kansas at High Risk of Extreme Storms and Tornadoes Heavy rains ease around Houston but flooding remains after hundreds of rescues and evacuations Dashcam shows tornado obliterate Nebraska building Nebraska tornado survivor recounts mayhem: 'The windows exploded and glass was flying everywhere' Death toll from southern Brazil rainfall rises to 78, many still missing China & Resilience! SAVE THE DATE! CISA Hosts CISA Live! – “People's Republic of China Cyber Threats and What We Can Do”. On Wednesday, May 15, we will host our next CISA Live! - “People's Republic of China Cyber Threats and What We Can Do” Under the Digital Radar: Defending Against People's Republic of China's Nation-State Cyber Threats to America's Small Businesses. Quick Hits Australian police shoot dead 'radicalized' teen Germany Travel Advisory-Level 2: Exercise Increased Caution-May 1, 2024 Sweden “On Terror Level Four” As Security Is Tightened A Week Before Eurovision Song Contest Bird flu's wild range; Counties where avian flu has been detected in wild mammals since 2022 House Energy and Commerce Committee: What We Learned: Change Healthcare Cyber Attack French cyberwarriors ready to test their defense against hackers and malware during the Olympics The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States FBI Releases 2023 Elder Fraud Report with Tech Support Scams Generating the Most Complaints and Investment Scams Proving the Costliest CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity Communication gaps between IT departments and senior corporate leadership worsening application security risks SBOM Sharing Primer CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities Maersk says Red Sea disruption will cut capacity by 15-20% in second quarter Chinese-Made Surveillance Cameras Are Spreading Across Eastern Europe, Despite Security Concerns Wichita government shuts down systems after ransomware incident
Guest post by Cillian McCarthy, CEO, Vault365 In an evolving digital landscape, organisations are increasingly vulnerable to cyber risks that threaten their critical data. The acceleration of AI, coupled with the growing sophistication of cyberattacks, means that organisations without an effective backup and disaster recovery plan in place run a heightened risk of their data being compromised. According to PwC's 2024 Digital Trust Insights survey, just 42% of Irish-based respondents said that they understand the cyber risks posed by emerging technologies. Disaster recovery needs to be a core business objective for organisations of all sizes in the digital age, with information including confidential customer data, financial records, and employee data more accessible than ever before. Building blocks for data backup There are key building blocks that all disaster recovery plans should include. Risk assessment is the foundation of any strategy and is vital to understand where the gaps are in order to allocate necessary resources. It can also help to optimise the measures already in place. The cornerstone of an effective plan is secure data backup, and backup efforts should be concentrated on ensuring business continuity in the event of a disaster, and focused on developing contingency plans for the continuity of business operations. However, it's not enough to just have a backup plan in place. Any plan must be laid block-by-block to each organisation's specific needs and tested regularly to ensure maximum effectiveness. Furthermore, communication is key - employees right across the organisation must be aware of the protocols and understand that time is of the essence should a breach occur. Crucially, it's not just external threats that organisations need to protect their data against. Human error is a top cause of cyber breaches and, therefore, employees (whether acting maliciously or otherwise) pose a significant risk to organisational data. In fact, Verizon's recent Data Breach Investigations Report 2023 found that 74% of all security breaches include a human element. This is where cybersecurity awareness training comes into play and can support disaster preparedness. It's crucial that this training is delivered regularly to employees and kept up-to-date as cyber threats continue to evolve. Head in the cloud A backup of your cloud data is now also an indispensable tool for data protection and security in the current business landscape. The cloud is flexible, almost infinitely scalable, and provides seamless accessibility from anywhere (which is particularly important for dispersed workforces). In addition, it enables secure remote data deletion and recovery in the event of a data breach or if a business is concerned about unauthorised access. The cloud can also aid enhanced regulatory compliance for organisations. Recent CSO figures show that in 2023, 42% of Irish enterprises used cloud computing services to store files. Implementing a robust back up and disaster recovery plan isn't a once-off task, but an ongoing process that requires continuous assessment and improvement as business needs evolve. Not only can a successful cyber breach result in data loss or business downtime - it can also cause irreparable financial and reputational damage. Data is the lifeblood of organisations, and this invaluable asset demands robust protection against modern threats. See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online Tech Publication and often Ireland's No.1 Tech Podcast too. You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news If you'd like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss. Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about ho...
This is Derek Miller, Speaking on Business. According to Verizon's 2023 Data Breach Investigations Report, 74 percent of all security breaches include a human element. That's why Wasatch Security Awareness was created — to provide cybersecurity training to businesses and their employees. Founder Matt Groves joins us with more. Matt Groves: Your company's employees are both the biggest target and the best defense against a cyber attack. At Wasatch Security Awareness, we are determined to educate your end users to become smarter than the digital threats they will inevitably face. When we work with businesses, we use a simple training process to ensure each organization gets the personalized education they need. First, we collaborate with management to create a human intelligence training plan. We then test employees with a customized “spear phishing” email that mimics techniques used by cybercriminals. Based on the test's results, Wasatch Security Awareness provides customized training to help businesses become more secure. On average, 24 percent of employees click a link inside their first spear fishing test, and 19 percent enter a username and password. But with training and practice, we can help your employees be your company's first defense against cybercriminals. Derek Miller: Whether you're a small, local business or a large corporation, your employees can benefit from cybersecurity training. Visit the Wasatch Security Awareness website for more information. I'm Derek Miller with the Salt Lake Chamber, Speaking on Business. Originally aired: February 20, 2024
Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
In this episode of the Radian On Air podcast, Jeff Engle, assistant vice president of Mortgage Learning for Radian Guaranty, welcomes back Donna Ross, Radian Group's award-winning Chief Information Security Officer. They explore the importance of cybersecurity, especially in light of October being Cybersecurity Awareness Month, including the increasing threats to technology and confidential data, alarming statistics of cybercrime, and offer insights on how individuals and companies can protect themselves against these cyber threats.Key points discussed in this episode include:The significance of Cybersecurity Awareness Month and the role each individual plays in maintaining cybersecurityA look at the current cyber threat landscape The importance of continuous risk assessments, planning and testing due to constantly changing cyber threatsPractical tips on how individuals can protect themselves from credit card theft and identity theft - Download the Job Aid!Radian On Air Podcast: Cybersecurity Awareness Month: Are You Prepared? Radian On Air Podcast: Cybercrime: Trends, Impacts & PreventionResources: Astra ReportDeloitte 2023 Global Future of Cyber SurveyVerizon 2023 Data Breach Investigations Report © 2023 Radian Group Inc. All Rights Reserved. 550 East Swedesford Road, Suite 350, Wayne, PA 19087. Radian Group Inc. and its subsidiaries and affiliates make no express or implied warranty respecting the information presented and assume no responsibility for errors or omissions. Redistribution or reproduction of all or part of the contents without Radian's prior written consent is expressly prohibited. The content presented is intended to convey general information and is for informational purposes only and does not constitute legal or accounting advice or opinions. Determination of eligibility for a particular program or exemption is made by the relevant authority and not by Radian Group Inc. or its subsidiaries and/or affiliates
In this episode of the Security Squawk podcast, our cybersecurity team brings you an in-depth analysis of the Verizon data breach report and its far-reaching implications. Join our knowledgeable hosts as they unpack the report's key findings and illuminate the ever-evolving threat landscape. Discover shocking statistics, such as the staggering 83% involvement of external actors in data breaches, emphasizing the pressing need for robust defense measures. Our hosts also delve into the critical role played by the human element in security incidents, with 74% of breaches attributed to human error. Furthermore, we shed light on the importance of safeguarding credentials and the dire need for better password management practices. By sharing valuable insights and practical advice, our podcast equips businesses with the knowledge and strategies to protect themselves against malicious cyber attacks.
This week on Privacy Please, we talk about the overall costs of recovering from a ransomware incident and how they are increasing… "Mitigating these attacks takes time—if the organization even has reliable, tested backups of the systems compromised—and resources. Ransomware is so ubiquitous that it may simply be a threat that we will always have to protect against" Support the show
This episode looks at some of the numbers gathered from 16,000 cybersecurity incidents in the annual Verizon report
Leading authority in cybersecurity. Learn about the key findings from our 16th annual Data Breach Investigations Report and how we're helping our customers. Plus, a special anniversary.
Let's conclude our look at the 2022 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Have you read the Verizon DBIR report for 2022? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
In Plain Sight is a Cybercrime Magazine podcast series brought to you by Conceal. In this episode, host Paul John Spaulding is joined by Steve Morgan, Editor-in-Chief at Cybercrime Magazine, to discuss Verizon's 2022 Data Breach Investigations Report, including vulnerability exploitation, the rise in ransomware, and more. Conceal is a zero-trust network privacy and security company that disguises and protects your enterprise's online presence and privacy. To learn more about our sponsor, visit https://conceal.io
Challenge Accepted is a new podcast from Arctic Wolf that has informative and insightful discussions around the real-world challenges organizations face on their security journey. Hosted by Arctic Wolf's VP of Strategy Ian McShane and Chief Information Security Officer (CISO) Adam Marrè, the duo will draw upon their years of security operations experience to share their thoughts and opinions on issues facing today's security leaders. In the inaugural episode of Challenge Accepted, our two hosts dig into the findings of the most recent Data Breach Investigations Report from Verizon, discuss key takeaways that security and IT teams should implement, and encourage businesses in need of security advice to talk to a source many may not consider….the F.B.I.
Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role. In the leadership and communications section, CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw271
Verizon's 2022 Data Breach Investigations Report (DBIR) is out, and Delinea is here to break down the highlights! Delinea CISO Stan Black and Cybersecurity Evangelist, Tony Goulding, discuss which findings are most surprising, actionable, and trending upward in this year's report. Get the experts' advice on how we all can develop smart, data-driven security solutions based on evolving threat actor behavior and incident analysis. Read all about it in Verizon's 2022 Data Breach Investigations Report! Follow us on Social!! ~Cybrary Twitter ~Delinea Twitter ~Instagram ~Facebook ~YouTube ~Cybrary LinkedIn ~Delinea LinkedIn
Keeping trouble out. All the details on our 2022 Data Breach Investigations Report. Plus, a full news rundown.