Podcasts about data breach report

Welcome to the Identity Theft Resource Center's (ITRC's) Weekly Breach Breakdown for October 10, 2025. I'm Alex Achten, Senior Director of Communications & Media Relations for the ITRC. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. Today, we will examine our Q3 2025 data breach findings. The last time we inspected the latest data breach trends was in our H1 2025 Data Breach Report. At that time, we were on pace to track a record number of compromises in 2025. Cyberattacks were the primary cause of data breaches where personal information was stolen. Sixty-nine (69) percent of data breach notices did not include information about the root cause of the attack. What changed in the third quarter of the year? The short answer? Not much. Let's dive into the Q3 2025 data breach numbers. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on X: twitter.com/IDTheftCenter

Welcome to 'AI Lawyer Talking Tech,' your weekly exploration of the dynamic intersection between artificial intelligence and the legal world. Today, we delve into a landscape being fundamentally reshaped by AI, presenting both immense opportunities and significant challenges. On one hand, AI tools are revolutionizing everything from streamlining government regulations and supercharging mass claims litigation to providing data-driven insights for case strategy and automating complex legal research. Yet, this rapid technological advancement also brings pressing concerns: the ethical implications of AI platforms on attorney-client privilege, the rise of AI-driven data breaches, and the debate over AI's impact on human judgment and critical thinking. We'll also examine the growing legal scrutiny of tech giants regarding algorithmic exploitation and the evolving regulatory frameworks designed to address AI's far-reaching societal effects. Join us as we discuss how legal professionals are working to both harness the power of AI and establish the necessary guardrails for its responsible use.Minnesota joins legal onslaught against TikTok, alleging algorithmic exploitation of youth2025-08-24 | NaturalNews.com10 Safe White-Collar Middle-Class Careers AI Will Not Replace by 20302025-08-24 | New Trader UHow Small Business Can Survive Google's AI Results2025-08-23 | Finance MonthlyApple Gains Support in Privilege Fight Against Epic Games Ruling2025-08-22 | The Mac ObserverBefore the TEDx Stage, There Was a Farewell Email August 20252025-08-22 | Thrive GlobalInside Virginia's AI-driven streamlining of regulations2025-08-22 | NextgovFlaster Greenberg launches AI practice group2025-08-22 | Delaware Business TimesSPLC forms partnership to make data publicly available in gerrymandering fights2025-08-22 | Southern Poverty Law CenterNorth America LPO market to hit $52Bn by 2033: Market Data Forecast2025-08-22 | Outsource AcceleratorData Breach Investigation for Aspire Rural Health System Customers2025-08-22 | InvestorsHangout.comY Combinator says Apple's App Store has hindered startup growth2025-08-22 | TechCrunchAI Makes Us Faster, Not Smarter2025-08-22 | Forbes.comEmployment Law Update: Danger, Employers, Danger! How Machine Intelligence Is Pushing White-Collar Employees Toward Overtime Eligibility2025-08-22 | JD SupraSupercharging Mass Claims: Leveraging AI and LLMs in UK Group Litigation2025-08-22 | JD SupraClient Beware: The Utilization of Artificial Intelligence Platforms and the Potential Waiver of Attorney-Client Privilege2025-08-22 | JD SupraAddleshaw Goddard posts strong revenues as it continues to invest in strategic growth2025-08-22 | Aberdeen & Grampian Chamber of CommerceCloud Seeding (Platforms): Keeping Pace With Constant Change2025-08-22 | FTI TechnologyUK faces legal issues over data center development2025-08-22 | CryptopolitanNavigating the Modern Hybrid Courtroom2025-08-22 | JD SupraSurePoint Introduces SurePoint Legal Suite, Uniting Leading Legal Technology Solutions to Accelerate Law Firm Performance2025-08-22 | Legal Technology News - Legal IT Professionals | Everything legal technologyILTACON2025 Recap: Beyond the AI Buzz – A Grounded Take on Legal Tech2025-08-22 | Legal Technology News - Legal IT Professionals | Everything legal technologyMeta Platforms Inc.'s AI Policies Under Investigation and States Continue to Pursue AI Regulation - AI: The Washington Report2025-08-22 | Mintz LevinUnderstanding the UK Data (Use and Access) Act 20252025-08-22 | Ogletree DeakinsTen Key Insights from IBM's Cost of a Data Breach Report 20252025-08-22 | Baker Donelson Bearman Caldwell & Berkowitz PCColorado Lawmakers Propose Watered-Down AI Law – But Employers Would Still Face Real Risks2025-08-22 | Fisher & Phillips LLPU.S. AI Laws and What They Mean for Your Business2025-08-22 | Burr & FormanHow Litigation Analytics Drive Case Strategy2025-08-21 | JD Supra

Welcome to this episode of Hot Topics on the Edge of Show! Join us as we dive into the latest developments in AI and its implications for businesses.In this sponsored episode by Relm, we welcome back Claire Davey from Relm to discuss:The White House's recent AI action plan aimed at making America the world's AI superpower, including its controversial deregulation strategies.Insights from IBM's 2025 Cost of Data Breach Report, highlighting the risks associated with AI breaches and the alarming statistics on data security.The importance of governance and proactive risk management in the age of AI, and how insurance can play a crucial role in mitigating these risks.Tune in for an engaging conversation that explores the balance between innovation and regulation, the challenges of AI adoption, and the future of insurance in this rapidly evolving landscape.Don't forget to subscribe and join the conversation on social media! Stay curious, keep pushing boundaries, and never miss an episode on the Edge of Show!Support us through our Sponsors! ☕

In today's Cloud Wars Minute, I highlight how the rapid rise of AI — without the right security in place — could be the biggest unseen threat to your business.Highlights00:03 — IBM's new "Cost of a Data Breach" report has revealed that while AI adoption is on the rise, AI security and governance are lagging significantly. Suja Viswesan, Vice President, Security and Runtime Products at IBM, explains that the data shows a gap between AI adoption and oversight already exists, and threat actors are starting to exploit it.00:57 — 13% of organizations reported breaches involving AI models or applications, while 8% of organizations were unsure if they had been compromised in this way. Among those surveyed who experienced a breach, 97% indicated that they had no AI access controls in place. As a result, 60% of AI-related security incidents led to compromised data, and 31% resulted in operational disruptions.01:56 — In contrast, organizations that utilize AI and automation in their security operations save an average of $1.9 million in breach costs and reduce the breach life cycle by approximately 80 days. However, it's important to remember that 16% of breaches still involve AI tools, primarily in phishing or deepfake impersonation attacks. Visit Cloud Wars for more.

Is ChatGPT making you dumb? In episode 66 of Mixture of Experts, host Tim Hwang is joined by Kaoutar El Maghraoui, Kush Varshney and Volkmar Uhlig. First, ChatGPT released a new study mode. The intention is to support education, but what is the reality? Next, AI agents are changing design interfaces; is agentic experience (AX) the new UX? Then, a new paper released by Nature about generative neural networks contextualizing ancient texts. How is AI supporting historical research? Finally, special guest, Suja Viswesan, joins us to debrief the 2025 Cost of a Data Breach Report. What do we need to know about AI-driven cybersecurity attacks? Tune in to Mixture of Experts to find out! 00:00 – Intro 01:09 – ChatGPT study mode 13:52 – Agentic experience 12:08 – Decoding ancient texts with AI 39:55 – Cost of a Data Breach Report 2025 The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. Read the 2025 Cost of a Data Breach Report → https://www.ibm.com/reports/data-breach Subscribe for AI updates → https://www.ibm.com/account/reg/us-en/signup?formid=news-urx-52120 Learn more about artificial intelligence → https://www.ibm.com/think/artificial-intelligence Visit Mixture of Experts podcast page to get more AI content → https://www.ibm.com/think/podcasts/mixture-of-experts

Dans cet épisode, Frédéric Costa (LinkedIn) de chez Zero Trust nous explique pourquoi il vaut mieux d'abord surveiller l'ensemble de la surface d'attaque avant de lancer un projet Zero Trust complet. Il détaille les étapes clés d'un SOC managé (XDR/MDR), insiste sur l'identification des « signaux faibles » et la mise en place d'un cycle PDCA de gouvernance , et partage ses conseils pour aider les PME à gagner en maturité (activation des logs, déploiement d'un EDR, collaboration continue avec des analystes experts). Frédéric rappelle aussi l'importance de configurer correctement les briques de base (SIEM, EDR, NDR, Threat Intelligence) et de formaliser des politiques de sécurité partagéesOù le trouver ?LinkedIn : https://www.linkedin.com/in/fredericosta/Site Zero Trust : https://www.zerotrust.fr/Ses recommandations ANSSI (référentiel et bonnes pratiques) : https://cyber.gouv.fr/CNIL (règles de conservation des logs) : https://www.cnil.fr/Sources citées dans l'épisode :Ponemon Institute, Cost of a Data Breach Report (2023)Gartner, Market Guide for Endpoint Detection and Response (2023)Forrester, Now Tech: Extended Detection and Response (2023)IDC, Worldwide Endpoint Security Market Shares (2024)SANS Institute, Modern SOC Architectures (2023)NIST, Framework for Improving Critical Infrastructure Cybersecurity (2022)IBM Security, Cost of a Data Breach Report – Europe (2023)France Num, Baromètre PME 2023 (https://www.francenum.gouv.fr)----------------------------------DSI et des Hommes est un podcast animé par Nicolas BARD, qui explore comment le numérique peut être mis au service des humains, et pas l'inverse. Avec pour mission de rendre le numérique accessible à tous, chaque épisode plonge dans les expériences de leaders, d'entrepreneurs, et d'experts pour comprendre comment la transformation digitale impacte nos façons de diriger, collaborer, et évoluer. Abonnez-vous pour découvrir des discussions inspirantes et des conseils pratiques pour naviguer dans un monde toujours plus digital.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.

In this episode of The Segment, we dive deep into the critical intersection of cybersecurity, resilience, and organizational strategy with the renowned Dr. Larry Ponemon, founder of the Ponemon Institute and a pioneer in privacy and security research. With over 20 years of groundbreaking studies, including the IBM Cost of a Data Breach Report and the Global Cost of Ransomware Study, Dr. Ponemon shares valuable insights into the evolving cyber threat landscape and what businesses can do to stay ahead.We also talk about: The origins and evolution of the Ponemon Institute's research.Why prevention isn't enough, emphasizing containment and resilience in cybersecurity.The rising costs of data breaches and attackers' growing focus on disrupting operational resilience.How organizations can leverage research data to secure leadership buy-in and develop effective strategies.The importance of Zero Trust frameworks in addressing modern security challenges.The role of robust leadership, strategic planning, and redundancy in enhancing resilience.The evolving responsibilities of CISOs and unifying accountability within organizations.Emerging trends like artificial intelligence and global contributions to cybersecurity innovation.Metrics for measuring the effectiveness of security controls.The Global Cost of Ransomware Report: https://www.illumio.com/resource-center/cost-of-ransomware  Listening Notes:[2:30 - 6:00] Advice for Mitigating Ransomware Risks[6:00 - 11:00] Role of Zero Trust in Security[11:00 - 16:00] Accountability in Security Strategies[16:00 - 21:00]  Research Wishlist: Metrics and Trust[21:00 - 25:00] Long-Term Industry ObservationsTune in to learn how to shift from a prevention mindset to one of resilience and adaptability in an ever-changing digital world!

Send us a textCameron and Gabe return after a brief hiatus to explore major developments in security, privacy, and resilience. They dive into insights from the IAPP conference and VeeamOn, examining how AI governance and outdated privacy tools are reshaping the industry landscape.• AI governance frameworks dominated IAPP discussions with companies "building the plane as they're flying"• Verizon's Data Breach Report debunks overblown AI security fears, showing real risks are data leakage and poor access controls• Growing frustration with outdated privacy management tools is driving demand for better solutions• Security posture isn't about using recognized brands but about architecture without dangerous gaps• Sam Altman's virtual appearance at IAPP disappointed attendees expecting an in-person keynoteStay tuned for our bonus episode covering even more developments from this busy week in privacy and security! Support the show

We consider the incongruency of a U.S. Strategic Bitcoin Reserve, the latest crypto exchange hack, and how most participants lost money on the Trump meme coin. Given all that, we review some areas where cryptocurrency is helping individuals and businesses.Topics CoveredWhat is the U.S. Strategic Petroleum ReserveWhy it makes little sense for the U.S. and individual states to create and participate in a Strategic Bitcoin ReserveWhat led to the latest and largest cryptocurrency exchange hack in historyHow financial and other data breaches impacted over 1 billion people last year, costing over $15 billionHow quantum computers could disrupt the security of cryptocurrency and traditional financial systemsWhy most speculators lose money on meme coinsWhat are some current ways cryptocurrency is helping individuals and businesses achieve greater financial stability and lower costsEpisode SponsorsDelete Me – Use code David20 to get 20% offStawberry.meInsiders Guide Email NewsletterGet our free Investors' Checklist when you sign up for the free Money for the Rest of Us email newsletterOur Premium ProductsAsset CampMoney for the Rest of Us PlusShow NotesAll Information (Except Text) for S.4912 - BITCOIN Act of 2024—Congress.govHouse Bill No. 4087—Michigan Legislature2025 South Dakota Legislature House Bill 1202—South Dakota LegislatureState of Arizona Senate SB 1025—Arizona State LegislatureQuantum computers and the Bitcoin blockchain by Itan Barmes, Bram Bosch and Olaf Haalstra—DeloitteBybit Hack, Crypto's Biggest Ever, Spoils Coinbase's SEC Victory Party by Olga Kharif, Muyao Shen, and Emily Nicolle—BloombergCost of a Data Breach Report 2024—IBMITRC Annual Data Breach Report—Identity Theft Resource CenterPost by @realDonaldTrump—Truth SocialTrump MemeEarly Investors in Donald Trump's Memecoin May Have Been Tipped Off, Experts Claim by Joel Khalili—WiredExclusive: Trump's meme coin made nearly $100 million in trading fees, as small traders lost money by Tom Wilson and Michelle Conlin—ReutersMemecoin scandal rocks Argentina's Javier Milei by Ciara Nugen—The Financial TimesTether Brings Its $140B USDT Stablecoin to Bitcoin and Lightning Networks by Krisztian Sandor—CoinDeskRelated Episodes488: Should You Invest in an Ethereum ETF?462: Now Should You Buy a Bitcoin ETF?410: Is Cryptocurrency Dead?373: Are Stablecoins Safe? Should You Own Them?See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Bill Truett talks with Nick Lasenko about the critical role of identity and access management in today's organizations. They discuss common risks, best practices, and the impact of AI on identity and access management. The conversation also covers frameworks, regulatory requirements, and real-world use cases. Host:  Bill Truett, CIA, CISA, senior manager, Standards & Professional Guidance, IT,  The IIA Guest: Nick Lasenko, CISA, CISSP, cybersecurity, privacy, and risk management practitioner Key Points Introduction [00:00-00:00:07] Overview of identity and access management [00:00:08-00:00:31] The financial impact of data breaches [00:00:32-00:01:26] Challenges in detecting and responding to security incidents [00:01:27-00:02:26] Common identity and access management risks for auditors [00:02:27-00:03:26] Weak governance and its implications [00:03:27-00:04:26] Siloed organizations and identity and access management complexities [00:04:27-00:05:26] Regulatory frameworks and standards [00:05:27-00:07:26] Identity and access management controls and data governance [00:07:27-00:09:26] Real-world use cases and security incidents [00:09:27-00:11:26] Horror stories and lessons learned in identity and access management [00:11:27-00:13:26] Best practices for managing user access reviews [00:13:27-00:16:26] Continuous authentication and its challenges [00:16:27-00:18:26] Privileged access management and audit considerations [00:18:27-00:21:26] The impact of AI and machine learning on identity and access management [00:21:27-00:23:26] Final thoughts on strengthening identity and access management controls [00:23:27-00:25:26] Closing remarks [00:25:27-00:31:43] The IIA Related Content Interested in this topic? Visit the links below for more resources: Intermediate IT Auditing Auditing IT Change Management GTAG: Auditing Identity and Access Management, 2nd Edition Fraud and Emerging Tech: Identity and Authentication with the Paycheck Protection Program Implementing The IIA's New Cybersecurity Topical Requirement Cybersecurity Topical Requirement Visit The IIA's website or YouTube channel for related topics and more. Resources Mentioned The IIA's 2025 Analytics, Automation and AI Virtual Conference The IIA's Updated AI Auditing Framework NIST Cybersecurity Framework (CSF) NIST AI Risk Management Framework IBM Cost of a Data Breach Report 2024 CISA and NSA Guidance on Identity and Access Management Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

Welcome to the Fraudian Slip…the Identity Theft Resource Center's podcast where we talk about all-things identity compromise, crime, and fraud that impact people and businesses. This week, we look at The Identity Theft Resource Center's 2024 Annual Data Breach Report. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter

Dans cet épisode de Déclic Numérique, nous explorons pourquoi les données sont souvent comparées au pétrole du XXIe siècle. Qu'est-ce qui les rend si précieuses ? Comment sont-elles utilisées dans des secteurs comme la santé, le divertissement ou les transports ? Et surtout, quels risques ces gigantesques volumes de données entraînent-ils pour notre sécurité, notre vie privée et l'environnement ? Découvrez les bases pour mieux comprendre et gérer vos données au quotidien.Sources citées :DOMO, Data Never Sleeps 10.0 : DOMO ReportStatista (2023), Global Data Economy Trends : Statista Data TrendsIBM, Cost of a Data Breach Report 2022 : IBM Security ReportDocteur Imago, Impact environnemental du numérique en santé : Docteur Imago ArticleCNIL, Données personnelles : comprendre vos droits : CNIL Resources----------------------------------DSI et des Hommes est un podcast animé par Nicolas BARD, qui explore comment le numérique peut être mis au service des humains, et pas l'inverse. Avec pour mission de rendre le numérique accessible à tous, chaque épisode plonge dans les expériences de leaders, d'entrepreneurs, et d'experts pour comprendre comment la transformation digitale impacte nos façons de diriger, collaborer, et évoluer. Abonnez-vous pour découvrir des discussions inspirantes et des conseils pratiques pour naviguer dans un monde toujours plus digital.Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.

In this episode of Power Producers Podcast, David Carothers is joined by Ryan Smith, founder of RLS Consulting, to discuss the evolving world of cybersecurity and how insurance professionals can better navigate this complex space. Drawing on Ryan's extensive experience, they delve into actionable strategies for producers to engage clients on cyber risk, overcome objections, and build meaningful solutions that go beyond the policy. Key Points: The Intersection of Cybersecurity and Insurance Ryan highlights how cybersecurity and cyber liability are complementary solutions addressing the same problem: mitigating and transferring cyber risk. Understanding both perspectives helps producers connect the dots and provide more value to clients. Education Over Fear The conversation emphasizes the importance of educating clients about their cyber risks without resorting to fear-based selling. Producers are encouraged to focus on business impacts rather than technical vulnerabilities, fostering a consultative approach. Assessing Risk and Incident Preparedness Ryan shares insights on helping clients assess their cyber risks and prepare for incidents. He stresses the importance of asking key questions about incident response plans, compliance requirements, and the company's readiness for cyber threats. Shifting Client Mindsets The discussion tackles common objections, such as overconfidence in IT departments or the belief that “it won't happen to us.” Ryan suggests producers approach these scenarios with empathy and education, aligning solutions with clients' business priorities. Valuable Resources for Producers Ryan points to trusted industry reports, such as Verizon's Data Breach Investigations Report and IBM's Cost of a Data Breach Report, as tools to support client conversations and reinforce the importance of proactive cyber risk management. Connect with: David Carothers LinkedIn Ryan L. Smith LinkedIn Kyle Houck LinkedIn Visit Websites: Power Producer Base Camp RLS Consulting Killing Commercial Crushing Content Power Producers Podcast Policytee The Dirty 130 The Extra 2 Minutes

Integrity360, one of the leading pan-European cyber security specialists, has announced the launch of its Managed Cloud Native Application Protection Platform (CNAPP) Service, designed to deliver automated cloud workload protection, unparalleled visibility into cloud environments, proactive threat and exposure detection, and compliance alignment. The service addresses the growing complexity of securing multi-cloud environments and protecting cloud-native applications against evolving risks. Cloud environments are increasingly the target of cyberattacks, with 82% of breaches occurring in the cloud and 39% spanning multiple environments, according to the IBM Cost of a Data Breach Report 2023. Integrity360's Managed CNAPP Service directly addresses these risks, providing organisations with advanced tools and services to strengthen their cloud security posture and protect their cloud environments with greater efficiency. Integrity360's Managed CNAPP Service combines agent and agentless methodologies to deliver visibility into threats and exposures across cloud environments. This dual approach enables organisations to monitor and protect every layer of their cloud infrastructure, from workloads and configurations to APIs and sensitive data. Granular insights into misconfigurations and potential vulnerabilities also allow organisations to identify and address risks proactively, reducing the likelihood of breaches. Integrity360's Managed CNAPP Service offers 24/7 real-time threat detection, leveraging AI-driven insights to identify active threats and prioritise risk findings. By distinguishing between two critical categories, exposures and threats, the service focuses security operations, improving the speed and accuracy of threat management and alleviating the burden on internal security teams. The service integrates seamlessly across multi-cloud setups and provides 24/7/365 protection through Integrity360's Security Operations Centre (SOC). It is backed by robust SLAs, ensuring that critical threats are acknowledged within 15 minutes, triaged within one hour, and investigated within two hours. This rapid response capability enables businesses to contain threats quickly and minimise potential damage. The service also addresses common vulnerabilities in cloud environments, such as misconfigured assets and excessive permissions, which have been at the centre of recent breaches. For instance, the high-profile Microsoft Midnight Blizzard attack, in which attackers exploited a non-production cloud tenant lacking MFA to gain access to production systems, highlights the critical need for proactive security measures. "Traditional cloud security tools often operate in silos, leaving blind spots in organisations' defences," said Ahmed Aburahal, Technical Product Manager at Integrity360. "The need for advanced, unified security solutions is critical, particularly as Gartner predicts that 95% of cloud breaches will stem from user misconfigurations by 2025. Our Managed CNAPP Service bridges these gaps, providing a unified platform that ensures continuous monitoring, streamlined risk management, and robust threat protection." Integrity360's Managed CNAPP Service offers tailored solutions to prevent such incidents, including continuous configuration monitoring and enforcement of security best practices. The flexible options empower businesses to select the level of protection that best aligns with their cloud strategy, whether securing a single public cloud or managing complex multi-cloud infrastructures. Ongoing optimisation enables organisations to adapt to evolving threats and maintain an agile, resilient cloud environment and while the service leverages advanced automation and AI-driven tools, its human-centred approach is critical to its success. Integrity360's SOC team provide expert configuration and change management support, ensuring that each customer's CNAPP deployment is aligned with their unique security and compliance needs. Month...

What's the true cost of a data breach?

In this conversation, I discuss various topics including the US Army's failed $11 million marketing deal with the UFL and Dwayne 'The Rock' Johnson, the state of ransomware in state and local government organizations, the Mimecast Global Threat Intelligence Report, the reliance on a few tech companies for critical aspects of the economy, the need for campaigns to report cyber breaches, the vulnerabilities in open source software, and the findings from the IBM Cost of a Data Breach Report.

Is OpenAI about to release their biggest AI project? In Episode 16 of Mixture of Experts, host Tim Hwang is joined by Nathalie Baracaldo, Kate Soule, and Shobhit Varshney. Today, the experts chat IBM's 2024 Cost of a Data Breach Report and analyze how gen AI could reduce the cost of cyber threats. Next, rumors are circulating the internet about OpenAI dropping “Project Strawberry,” what they internally reference as a “level 2” model. Are the rumors true? Tune-in for more.The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.Segments:0:01 — Intro00:52 — Cost of a Data Breach 202412:33— Project Strawberry

Israël is akkoord om verder te spreken over een staakt-het-vuren en het vrijlaten van de gijzelaars. Dat heeft het bureau van Israëlische premier Benjamin Netanyahu bekendgemaakt. Verschillende media meldden de afgelopen dagen dat Netanyahu het hervatten van de gesprekken tegenhield. Volgens Israël-correspondent David de Jong lijkt een deal heel dichtbij. ‘Maar met Netanyahu  en Hamas weet je het nooit.' Van de gezochte Catalaanse ex-premier Carles Puigdemont is nog altijd niet duidelijk waar hij is. Gisteren gaf hij gepland een korte toespraak in Barcelona en keerde daarmee voor het eerst in zeven jaar terug naar Spanje. De politie had hem graag gearresteerd, maar na zijn toespraak nam Puigdemont direct de benen. 'Eigenlijk was het de toegift van een show dit al jaren duurt. Het leek een klap op de vuurpijl, maar het liep met een sisser af', zegt Sebastiaan Faber, hoogleraar Hispanistiek verbonden aan het Oberlin College in Ohio. Er wordt steeds meer data gestolen en de kosten daarvan stijgen flink. Daarom moeten bedrijven ook steeds langer herstellen van zo'n cyberaanval. Dat blijkt uit de jaarlijkse Cost of a Data Breach Report van het IBM. De wereldwijde gemiddelde kosten van een datalek liggen nu op 4,44 miljoen euro. Dat komt doordat de inbreuken steeds ingrijpender worden en de eisen voor security teams hoger worden. See omnystudio.com/listener for privacy information.

Send us a Text Message.According to IBM's Cost of a Data Breach Report, nearly 20 percent of the organizations surveyed stated that they have experienced a breach stemming from a compromise in their supply chain, or a vulnerability related to it. The average cost of these breaches was estimated at just under $4.5 million. Their data also found that attacks emanating from the supply chain had a longer lifecycle than average.The increased costs and complexities of addressing supply chain attacks is not a surprise when you consider that these intrusions not only impact the targeted company, but the logistics, distribution and retail elements that are dragged along on this difficult and painful ride. To help dive into the factors associated with supply chain attacks and other cybersecurity challenges, we welcome Theo Zafirakos, a Cyber Risk and Information Security Expert at Fortra to the show.Watch/listen as we discuss:The three primary soft spots from which supply chain hacks emanate - software, devices and people.Why people are the most neglected of the three, and how they can be trained to identify attacks.The expanded role AI is playing in email compromises that help fuel supply chain attacks.Why IT and OT need to become more aware of each other's requirements and risks.The important role cybersecurity plays in ensuring operational reliability.The growing need for ransomware response plans, and how a national supply chain hack helped reinforce this need for all enterprises, regardless of size or sector.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

The 17th annual Verizon Data Breach Investigation Report reveals key findings and trends in cybersecurity. The report highlights the increase in vulnerability exploitation for initial access, the continued prevalence of human error in breaches, the rise of pure extortion attacks, and the limited impact of generative AI in the cybersecurity landscape. Recommendations include implementing robust threat and vulnerability management programs, focusing on user education and data protection, and exploring the use of generative AI for defensive purposes. The report serves as a valuable resource for organizations looking to enhance their cybersecurity strategies. Takeaways -Vulnerability exploitation for initial access nearly tripled in 2023, highlighting the need for robust threat and vulnerability management programs. -Human error remains a significant factor in most breaches, emphasizing the importance of user education and data protection measures. -Pure extortion attacks are increasing, signaling a shift away from encryption ransomware as threat actors seek quicker and easier ways to profit. -Generative AI has yet to make a significant impact in the cybersecurity landscape, but organizations should consider leveraging it for defensive purposes. -The Verizon Data Breach Investigation Report provides valuable insights and recommendations for organizations looking to enhance their cybersecurity strategies. ----------------------------------------------------------- YouTube Video Link:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ https://youtu.be/ajqbA9zPUbA ----------------------------------------------------------- Documentation: https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/ ----------------------------------------------------------- Contact Us: Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/bluesecuritypod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Linkedin: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Youtube: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ----------------------------------------------------------- Andy Jaw Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajawzero⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ----------------------------------------------------------- Adam Brewer Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message

In this episode of CyberIntel, Brian Odian shares some key figures from IBM's Cost of a Data Breach Report. If you have any questions you want answered on CyberIntel, email us at cyberintel@vikingcloud.com and our experts will be in touch - we may even make it the subject of a future episode! CyberIntel provides a deep dive into the world of cybersecurity and compliance. Hosted by Brian Odian, VikingCloud's Director of Managed Compliance Services APAC, amongst other cybersecurity and compliance expert advisors, we explore the nuances of various compliance standards and the latest in cybersecurity news, trends and threats. New episodes every two weeks! CyberIntel is presented by VikingCloud. VikingCloud is leading the Predict-to-Prevent cybersecurity and compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions - faster. VikingCloud is the one-stop partner trusted by 4+ million customers every day to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruption to their business. 

Welcome to the Fraudian Slip…the Identity Theft Resource Center's podcast where we talk about all-things identity compromise, crime, and fraud that impact people and businesses. This week, we look at The Identity Theft Resource Center's 2023 Annual Data Breach Report. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter

As in years past, we dive into IBM's 2023 Cost of a Data Breach Report. This annual study sheds light on the ever-evolving landscape of data breaches and provides valuable insights for organizations looking for ways to focus their efforts and money to help prevent and reduce the costs associated with a data breach. More info at HelpMeWithHIPAA.com/419

A zero-day attack of undetermined origin targets government offices in Norway. Russia accuses the US of cyber aggression. Data breaches exact a rising cost. 74% of survey respondents say their company would pay ransom to recover stolen or encrypted data. Executives and security teams differ in their perception of cyber threat readiness. Mr. Security Answer Person John Pescatore looks at risk metrics. Joe Carrigan on a new dark market AI tool called Worm GPT. And Apple issues urgent patches. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/140 Selected reading. Norway says Ivanti zero-day was used to hack govt IT systems (BleepingComputer) Norway investigates cyberattack affecting 12 government ministries (Record) Norwegian government IT systems hacked using zero-day flaw (BleepingComputer) Putin ally accuses US of planning cyberattacks on Russian critical infrastructure (Al Arabiya English)  Cost of a Data Breach Report 2023 (IBM Security) Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments (Coveware)  2023 Cyber Threat Readiness Report (Swimlane)  Apple Releases Security Updates for Multiple Products (Cybersecurity and Infrastructure Security Agency CISA) Apple fixes 16 security flaws with iOS 16.6, two actively exploited (9to5Mac) Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs (The Hacker News) Apple fixes new zero-day used in attacks against iPhones, Macs (BleepingComputer)  iOS 16.6: Apple Suddenly Releases Key iPhone Update With Urgent Fixes (Forbes) 

IBM Security today released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023 - an all-time high for the report and a 15% increase over the last three years. Detection and escalation costs jumped 42% over this same time frame, representing the highest portion of breach costs and indicating a shift towards more complex breach investigations. According to the 2023 IBM report, businesses are divided in how they plan to handle the increasing cost and frequency of data breaches. The study found that while 95% of studied organisations have experienced more than one breach, breached organisations were more likely to pass incident costs onto consumers (57%) than to increase security investments (51%). The 2023 Cost of a Data Breach Report is based on in-depth analysis of real-world data breaches experienced by 553 organisations globally between March 2022 and March 2023. The research, sponsored and analysed by IBM Security, was conducted by Ponemon Institute and has been published for 18 consecutive years. Some key findings in the 2023 IBM report include: · AI Picks Up Speed - AI and automation had the biggest impact on speed of breach identification and containment for studied organisations. Organisations with extensive use of both AI and automation experienced a data breach lifecycle that was 108 days shorter compared to studied organisations that have not deployed these technologies (214 days versus 322 days). · The Cost of Silence - Ransomware victims in the study that involved law enforcement saved $470,000 in average costs of a breach compared to those that chose not to involve law enforcement. Despite these potential savings, 37% of ransomware victims studied did not involve law enforcement in a ransomware attack. · Detection Gaps - Only one third of studied breaches were detected by an organisation's own security team, compared to 27% that were disclosed by an attacker. Data breaches disclosed by the attacker cost nearly $1 million more on average compared to studied organisations that identified the breach themselves. Elaine Hanley, Security Services, IBM Ireland, said: "Across the globe, and very similar to the UK, this report confirms what we are seeing as ordinary citizens in Ireland. Across all industries studied, customer personally identifiable information was the most commonly breached record type and the costliest. In Ireland, we are seeing a surge in phishing emails and texts in recent months. Globally, we are seeing that firms with a smaller number of employees were disproportionally affected by higher breach costs, which in the context of Ireland, means that most of the indigent industries operating here need to pay attention to cybersecurity. Globally, we saw that only about half of those who suffered a breach actually plan to invest more in their cybersecurity programme post-breach. The pandemic has accelerated digital transformation in Ireland, and although this can be seen as generally positive, it does incur additional cybersecurity risks. However, AI and automation had the biggest impact on speed of breach identification and containment for studied organisations. So now is the time to understand the technologies and strategies that best protect your data." Additional findings in the 2023 IBM Data Breach report include: · Breaching Data Across Environments - Nearly 40% of data breaches studied resulted in the loss of data across multiple environments including public cloud, private cloud, and on-prem - showing that attackers were able to compromise multiple environments while avoiding detection. Data breaches studied that impacted multiple environments also led to higher breach costs ($4.75 million on average). · Costs of Healthcare Breaches Continue to Soar - The average costs of a studied breach in healthcare reached nearly $11 million in 2023 - a 53% price increase since 2020. Cybercriminals have started making stolen data more accessi...

Guest post by Rob Allen, who is an IT Professional with almost two decades of experience assisting small and medium enterprises embrace and utilise technology. Worrying trends are emerging in how ransomware is being not just more narrowly targeted, but tailored and sophisticated too According to Security Intelligence, one of the top 10 most costly cyber attacks of 2022, took place in April, where ransomware crippled the US Austin Peay State University. The attack brought the university to a halt just before final exams began, reducing faculty, staff and students to personal devices to access email and other university resources. The university cancelled final exams and closed all computer labs. Ransomware: narrowing the focus for more targeted attacks It was forewarning of later attacks seen in the same sector here at home in 2023. It is becoming easier for ransomware to target specific sectors and individual organizations, with elements of artificial intelligence (AI) and automation being incorporated, adding to developments such as ransomware-as-a-service. It does not have to be the devastating strike it used to be. A combination of policies, controls and layered protections can stop ransomware, minimising damage and ensuring your business can carry on. There is little doubt that ransomware is becoming more prevalent, and more costly. Gartner reports that as many as a third of organisations globally have experienced some kind of ransomware attack. As reported by BCS, while 2022 saw a slight global fall in ransomware incidents, Europe saw a 63% increase. IBM's "Cost of a Data Breach Report" 2022 found that the share of breaches caused by ransomware grew 41% in the period and took 49 days longer than average to identify and contain. Additionally, destructive attacks increased in cost by more than $430,000, making the global average cost of a ransomware attack $4.54 million. The volume and impact of ransomware is further multiplied by technological developments. Ransomware-as-a-service has already been observed and is well documented. Now, cybersecurity experts suspect that AI and machine learning (ML) may be deployed to increase efficacy, and perhaps facilitate automation. Automating significant elements of the ransomware process could mean an even greater acceleration of attacks, argues Mark Driver, a research vice president at Gartner. 'It's not worth their effort if it takes them hours and hours to do it manually, but if they can automate it', Driver reasons, "it's terrifying." While it has not yet been definitively identified in the wild, security expert Mikko Hyppönen has said there may be a few, highly successful ransomware gangs with the resources to hire AI talent and develop the capability. Experts see distinct patterns emerging within ransomware attacks due to these technological developments. TechTarget reports that the three sectors of media/leisure/entertainment, retail, and energy/oil/gas/utilities, accounted for more attacks than any other sectors. These ransomware attacks are increasingly tailored for a specific sector or industry, with utilities, in particular, seeing more narrowly focused methodologies, instead of the 'scatter gun' approach of old. This has led to speculation that if the trends of as-a-service platforms, and sector specific adaptation converge with embedded AI and ML, automation, , then ransomware incidents such as the Colonial Pipeline attack in the US could not only become more common, but more coordinated and effective. If such tactics and tools were to be used by a nation-state, entire sets of critical infrastructure could be at risk of crippling attacks. However, it is important to point out that while ransomware is a growing menace, it is often the final stage of an attack. Gartner's "Anatomy of a Ransomware Attack," it depicts the initial stages as ingress- through the likes of phishing, email, credentials dumps, etc, compromise followed by burrowing and lateral movement - prior to ...

On This Week in Enterprise Tech, Lou Maresca and Ron Reiter talk about the cybersecurity findings from Verizon's 2023 data breach report and what strategies and technologies companies can be using to prevent ransomware attacks. For the full episode, visit twit.tv/twiet/551 Host: Louis Maresca Guest: Ron Reiter You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On This Week in Enterprise Tech, Lou Maresca and Ron Reiter talk about the cybersecurity findings from Verizon's 2023 data breach report and what strategies and technologies companies can be using to prevent ransomware attacks. For the full episode, visit twit.tv/twiet/551 Host: Louis Maresca Guest: Ron Reiter You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

On This Week in Enterprise Tech, Lou Maresca and Ron Reiter talk about the cybersecurity findings from Verizon's 2023 data breach report and what strategies and technologies companies can be using to prevent ransomware attacks. For the full episode, visit twit.tv/twiet/551 Host: Louis Maresca Guest: Ron Reiter You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/ Sponsor: GO.ACILEARNING.COM/TWIT

336,000 servers remain unpatched against critical Fortigate vulnerability Patchless Cisco flaw breaks cloud encryption for ACI traffic Google changed its privacy policy to reflect Bard AI's data collecting Top 10 cybersecurity findings from Verizon's 2023 data breach report Ron Reiter, Co-Founder and CTO of Sentra talks data security and improving your Security Posture. Host: Louis Maresca Guest: Ron Reiter Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: discourse.org/twit cs.co/twit bitwarden.com/twit

336,000 servers remain unpatched against critical Fortigate vulnerability Patchless Cisco flaw breaks cloud encryption for ACI traffic Google changed its privacy policy to reflect Bard AI's data collecting Top 10 cybersecurity findings from Verizon's 2023 data breach report Ron Reiter, Co-Founder and CTO of Sentra talks data security and improving your Security Posture. Host: Louis Maresca Guest: Ron Reiter Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: discourse.org/twit cs.co/twit bitwarden.com/twit

In this week's episode, we're diving deep into the latest headlines in the world of cybersecurity. We kick off our discussion with an examination of the recently discovered MoveIT vulnerability that was exploited in a ransomware attack. What makes this vulnerability a prime target, and how can organizations fortify their defenses? From there, we turn our attention to the biopharma industry. As this sector increasingly becomes a hotbed for cyber attacks, we'll dissect why this industry is attractive to cyber criminals and what measures companies can take to bolster their cybersecurity. We'll also delve into the recent ransomware attack on Eisai, a leading pharmaceutical group. What lessons can other organizations learn from Eisai's experience? And more importantly, how can such incidents be prevented? Finally, we wrap up with a discussion on the financial implications of ransomware attacks. A recent study by Verizon places the median cost of a ransomware incident at $26k. But is that the whole picture? We'll explore the hidden costs of ransomware and why prevention is always better than cure. Tune in to stay informed and learn actionable strategies to protect your organization from these evolving cyber threats.

Cyber attacks are almost entirely responsible for today's data breaches, and, increasingly often, the details of these breaches are vague—leaving security experts with a growing list of questions. Sharon Nelson and John Simek talk with James Lee about the Identity Theft Resource Center's latest Data Breach Report. They discuss current trends, the challenges of nebulous data breach notices, and what all organizations should be on the lookout for in the coming year. James E. Lee is Chief Operating Officer at the Identity Theft Resource Center.

Cyber attacks are almost entirely responsible for today's data breaches, and, increasingly often, the details of these breaches are vague—leaving security experts with a growing list of questions. Sharon Nelson and John Simek talk with James Lee about the Identity Theft Resource Center's latest Data Breach Report. They discuss current trends, the challenges of nebulous data breach notices, and what all organizations should be on the lookout for in the coming year. James E. Lee is Chief Operating Officer at the Identity Theft Resource Center.

Welcome to the Fraudian Slip…the Identity Theft Resource Center's podcast where we talk about all-things identity compromise, crime, and fraud that impact people and businesses. This week, we look at The Identity Theft Resource Center's 2022 Annual Data Breach Report. Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/ Follow on Twitter: twitter.com/IDTheftCenter

In 2021, the estimated number of data compromises in the United States hit an all time high. The newest measurement of cybercrime for 2022 was just released Wednesday morning. KMOX's Megan Lynch spoke with James Lee, Chief Operating Officer of the Identity Theft Resource Center.

Host: James Hilliard Guests: Dr. Keith Nelson, Director of Healthcare Strategy, Connection Steve Nardone, Senior Director of Security & Network Solutions, Connection Tim Allen, Director of Operations and Technology, Connection The value of patient medical information makes healthcare entities prime targets for cybercriminals. According to IBM's 2022 Cost of a Data Breach Report, the average cost of a healthcare data breach is $10.1 million, the highest across all industries. With many healthcare providers expanding beyond the four walls into remote and virtual care, now is the time evolve your organization's cybersecurity posture. Hear from our cybersecurity and healthcare experts on what measures will help you better protect your patients' data and healthcare practice. For additional cybersecurity resources, visit: https://www.connection.com/cybersecurityawarenessmonth. Thank you for listening. You can hear us on Apple Podcasts, Amazon Music, Spotify, and Podbean.  Follow Connection on Twitter, Facebook, Instagram, YouTube, LinkedIn, or read our latest insights.  

In this episode, we discuss the IBM Security Cost of a Data Breach Report 2022. It's actually a really interesting report that goes into some detail on how much a Data Breach costs, and what things you can do as a defender to drive those costs down (and what things you're doing that increase those costs!) We break down some of the high level statistics, and then we discuss what are the top things you can be doing to drive down the costs if your company gets breached. Highly actionable information in here. Report Link - Cost of a Data Breach Report If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry.  In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:  IBM's and Ponemon's annual Cost of a Data Breach Report summary, analysis, and implications for healthcare Updated NIST guidance on HIPAA compliance approaches and expected practices Facebook (Meta) and healthcare providers targeted with multiple lawsuits over health data privacy practices GAO report warns of catastrophic financial loss due to cyber insurers backing out of covering damages from cyberattacks $100m cost reported for Tenet Healthcare's 2022 cyberattack Major breaches with healthcare vendors OneTouchPoint and Avamere impacting more than 1.5m people Cloud Security Alliance weighs in on third-party risk management in healthcare Large-scale cyberattack campaign targeting over 10,000 organizations in phishing and financial fraud scheme HHS Health Sector Cybersecurity Coordination Center alert about an increase in web application attacks on the healthcare sector New ransomware task force report targeting government interventions to disrupt ransomware attacks OCR issues 11 new financial penalties over HIPAA Right of Access failures

Ben Taylor, Executive Director of Cannabis ISAO, channels his inner Wolverine and makes his third stop on the Gate 15 podcasts as he joins Andy to talk about all things Cannabis as well as the collaborative effort to publish a joint security analysis around the Hard Reset. Dave then joins Andy to talk about recent cyber reporting and the value that they provide to organizations as they go beyond the numbers. Ensuring the episode hits key all-hazards, Andy and Dave discuss monkeypox and the lessons that can be applied from COVID that can help individuals and organizations make responsible, risk-informed decisions. Cannabis ISAO: Cannabis MSO Shares Cyber Threat Report: https://cannabisisao.org/2022/07/directors-cut-july-1-2022/  Risky Biz News, with Catalin Cimpanu (everyone with interests in cybersecurity should be subscribed to this), from 06 Jul 22: https://riskybiznews.substack.com/p/risky-biz-news-china-faces-its-first  Cannabis ISAO on the Hard Reset: https://cannabisisao.org/2022/07/directors-cut-july-15-2022/  Andy's tweet on the Hard Reset report: https://twitter.com/andyjabbour/status/1550252329378713602?s=21&t=Kbwk6HAVKIkKf7xGrRUXrQ  Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update: https://gate15.global/white-paper-the-hostile-event-attack-cycle-heac-2021-update/  Nerd Out Security Panel Discussion: EP 27. The Hard Reset and Uvalde. https://gate15.global/nerd-out-security-panel-discussion-ep-27-the-hard-reset-and-uvalde/ Cannabis ISAO website: https://cannabisisao.org  Cannabis ISAO blog and Director's Cut posts Ben's previous pods Nerd Out Security Panel Discussion: EP 13. Cannabis ISAO! https://cannabisisao.org/home/blog/ The Gate 15 Interview: Ben Taylor, on Cannabis ISAO, Cannabis Industry security, cybersecurity, rescue dogs and more!  Monkeypox WHO Director-General's statement at the press conference following IHR Emergency Committee regarding the multi-country outbreak of monkeypox - 23 July 2022  CDC Monkeypox Statement from Raj Panjabi, Director of White House Pandemic Preparedness Office, on World Health Organization Declaration on Monkeypox  FACT SHEET: Biden-⁠Harris Administration's Monkeypox Outbreak Response  IBM Cost of a Data Breach Report  Proofpoint State of Phish Report  SEKOIA.IO Mid-2022 Ransomware Threat Landscape ENISA Ransomware: Publicly Reported Incidents are only the tip of the iceberg & ENISA Threat Landscape for Ransomware Attacks.   Kim Milford, Executive Director, REN-ISAC interviewed in How Are K-12 and Higher Education Faring Against Ransomware?  Andy's thread with KELA and noting The Record: Ransomware group demands £500,000 from British schools, citing cyber insurance policy  The Gate 15 Interview: Amanda Berlin and Megan Roddie talk cybersecurity, mental health hackers, DEFCON, musicals, fruits, and more! Homeland Security Today: hstoday.com

IBM reports on the cost of a data breach. Personal apps as a potential business risk. Over on the dark side, there's help wanted in the C2C labor market. An employee engagement study reaches predictably glum conclusions. Betsy Carmelite from Booz Allen Hamilton on reducing software supply chain risks with SBOMs. Our guest is Elaine Lee from Mimecast discussing the pros and cons of AI in cybersecurity. And Why so much attempted DDoS, but not so much ransomware? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/143 Selected reading. IBM Report: Consumers Pay the Price as Data Breach Costs Reach All-Time High (IBM Newsroom) Cost of a Data Breach Report 2022 (IBM Security) Netskope Threat Research: Data Sprawl Creating Risk for Organizations Worldwide as Personal App Use in Business Continues to Rise (PR Newswire) Financial Incentives May Explain the Perceived Lack of Ransomware in Russia's Latest Assault on Ukraine (Council on Foreign Relations) Tessian | 1 in 3 Employees Do Not Understand the Importance of Cybersecurity at Work, According to New Report (RealWire)

Guest post by Will North, chief information security officer, MHR International The days when security was only important to financial services and defence organisations are long gone. With the substantial increase in data breach fines in light of GDPR and the devastating operational impacts of ransomware on organisations – from local councils and retailers to oil pipelines – information security is now a major concern for organisations across all industry segments and sizes. The cost of failure can be substantial. The influential IBM Cost of a Data Breach Report 2021 put the global average cost of a ransomware breach at $4.62m, which excludes the ransom. The war in Ukraine has intensified threat levels significantly, with governments around the world warning of an increased risk of cyber-attacks from Russia. Boards are asking more questions than ever about security and want answers in a language they can understand – profit and loss. Many years ago, the IT Director had to add security to their responsibilities, with specialist cyber-knowledge residing with a relatively junior member of the team. This meant information security focused primarily on technical IT solutions. There were often insufficient resources to fully understand the security posture of the organisation and how to improve it. Nobody senior had the job of driving the security agenda against the operational objectives of the wider business. This legacy operating model often failed to pacify the concerns of the board. Birth of the modern CISO This gave birth to the modern CISO with completely different responsibilities. Steve Katz, generally regarded as the world's first CISO, was appointed by Citicorp in the US in the mid-1990s, following a serious hack. He defined the role, believing he must understand the business and the risk it faces so he can put its requirements first. As the CISO's role has evolved, their key responsibility has become to articulate the security risks across the business in financial terms and demonstrate the value of improving security against competing operational demands. For example, why is a €50k piece of security software better value than recruiting another member of staff? A CISO has to make the case and be prepared to stand by their judgment. As well as improving security, the much harder task for a CISO is to understand when and where it is acceptable to reduce security to increase business efficiency. Security is easy if you want to stop an organisation operating, but balancing security, cost and operational efficiency is a fine art that takes skill and experience. The CISO's role is often multi-faceted now. The explosion of investment in cyber-security technology means CISOs must keep up to date with new propositions from vendors, while at the same time supporting their own organisation's sales function. With security a key factor when choosing a supplier, the CISO must demonstrate to prospects that their organisation is the right choice to protect business-critical services and data. The CISO must have soft skills and business acumen These responsibilities mean that a completely different skillset is required. The CISO needs great interpersonal skills to understand, engage and persuade other people within the business. They need effective communication skills to make their case to the board, who may have little security or IT knowledge. In addition, today's CISO needs experience of building and retaining high-performing teams, allied to a solid understanding of finance to appreciate the value vs cost of security. Business acumen is becoming as important, if not more important, for a CISO, as knowledge of security itself. To what degree largely depends on the size of the business. For larger organisations, it is the role or the security team to understand where the gaps are and what they need to do to address them. The CISO's job is to explain to the board why they should release the funds so the team can implement the righ...

The overall number of data compromises is up 68% over 2020. Now, more than ever, attorneys must take action to protect themselves and their law firms. John Simek and Sharon Nelson welcome James E. Lee of the Identity Theft Resource Center to discuss the findings of his organization's 2021 Data Breach Report. James discusses common root causes of data breaches and explains how prevention tactics and data security services can help lawyers avoid and/or deal with a data compromise.  James E. Lee is the chief operating officer of the Identity Theft Resource Center.   Special thanks to our sponsors CaseFleet, Clio, and PInow.

The overall number of data compromises is up 68% over 2020. Now, more than ever, attorneys must take action to protect themselves and their law firms. John Simek and Sharon Nelson welcome James E. Lee of the Identity Theft Resource Center to discuss the findings of his organization's 2021 Data Breach Report. James discusses common root causes of data breaches and explains how prevention tactics and data security services can help lawyers avoid and/or deal with a data compromise.  James E. Lee is the chief operating officer of the Identity Theft Resource Center.   Special thanks to our sponsors CaseFleet and PInow.

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Analysis of IBM's new 2021 Data Breach Report including: Impacts to healthcare organizations Healthcare's breach costs and benchmarks against other industries HIPAA compliance implications for breach costs Cloud security breach trends Top sources of breaches and highest risk security domains Ways to reduce breach costs with targeted investments Nine critical vulnerabilities identified for the “Pwned Piper” medical device vulnerability issue and related recommendations Details of President Biden's proposed $9.8b cybersecurity budget President Biden's commentary on the likelihood of cyberwars leading to physical wars The new cybersecurity memorandum released by the White House this week Trends and predictions for new federal and state cybersecurity regulations targeting healthcare

Malicious attacks were the listed as the dominant threat vector and source of healthcare breaches this year according to IBM's 2020 Data Breach Report [1]. Top sources of compromises from these malicious attacks included compromised access credentials, cloud misconfigurations, and vulnerabilities in third-party software. Opportunistic cyber attackers have seized the moment of a pandemic to target vulnerable healthcare entities and their remote workforces for their own personal gain. Attacks have leveraged COVID-19 themes for social engineering assaults, phishing campaigns, ransomware entry, and more. Healthcare organizations are on their heels trying to thwart unprecedented viruses, both physical and virtual alike. In this CyberPHIx episode, we speak with Kevin Sacco, who leads the Ethical Hacking and Penetration Testing practice for Meditology Services. With almost 20 years in the field, Kevin talks about his experiences hacking healthcare organizations, including recent pandemic-era attacks. Highlights of the discussion include: Heartless hackers: the bad guys and their motives Common healthcare security vulnerabilities and cybersecurity weak spots identified in penetration testing assessments The impact of the pandemic on attack methods, remote workforce targeting, and protection mechanisms Recommendations for the most cost-effective and impactful security controls to mitigate attacks War stories from decades of hacking healthcare entities The average breach costs healthcare organizations $7.13m. Organizations that conduct routine penetration testing save an average of $243k per breach. Healthcare is likely to remain in the cross hairs of attackers for some years to come. Kevin provides practical and cost-effective recommendations for thwarting these damaging attacks on our critical healthcare infrastructure.

The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends and industry leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: Review of the key healthcare cybersecurity findings in the 2020 IBM Cost of a Data Breach Report (formerly known as the Ponemon Data Breach Report) Average healthcare breach costs, top sources of data breaches, and most effective security interventions for reducing breach costs and impact Analysis and recommendations for healthcare security CISOs and programs to adjust based on this new data and related trends Details of a presidential executive order issued this week to promote rural telehealth access and incentives for Medicare populations $53m federal stimulus proposed to improve cybersecurity and protect COVID-19 research data