Podcasts about infosecurity magazine

Send us a textGet ready for an eye-opening deep dive into the world of cybersecurity! This episode reveals the alarming speed at which hackers adapt and exploit vulnerabilities, with over 61% of them leveraging new exploits within 48 hours of discovery. We discuss enlightening insights from InfoSecurity Magazine and showcase the new Netflix documentary "Zero Day," which delves into the insidious realm of malware and cyberattacks. Things take a darker turn as we recount a chilling story about a local priest whose voice was hijacked by criminals using AI to swindle desperate individuals claiming to need exorcisms. This event highlights the surreal intersections of faith, vulnerability, and technology in today's world. For small and medium-sized businesses, the conversation explores the additional risks posed by ransomware, which accounts for a staggering 95% of healthcare breaches. We dissect the unique challenges these entities face and the importance of investing in robust security measures. We also bring you a series of CISSP questions that challenge listeners to consider their knowledge and preparedness in combating emerging cyber threats. These questions encompass important topics, including risk mitigation, insider threats, and security protocols. Join us on this critical journey through today's cybersecurity landscape, and make sure to take proactive steps for your safety. Don't forget to subscribe, share, and leave a review to keep the conversation going!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textDiscover the hidden threats lurking in your kitchen appliances and learn why your next air fryer might be spying on you. On this episode of the CISSP Cyber Training Podcast, we unravel the alarming findings from Infosecurity Magazine about Chinese IoT devices and their potential to invade your privacy. We emphasize the critical importance of educating ourselves and others about the risks of IoT devices and the vast amounts of data they can collect. Additionally, we highlight new ICO regulations that aim to bolster data protection, especially for international companies, ensuring they uphold stringent privacy standards.But that's not all! We shift gears to explore Agile development practices, diving into the adaptability and feedback loops of Scrum and the high-security approach of the spiral model. Discover how the Capability Maturity Model's pinnacle stage fosters continuous improvement and learn the essentials of integrating security into the DevSecOps CI/CD pipeline without sacrificing speed. We also delve into the nuances of pair programming for enhanced code quality and clarify the distinct approaches of Scrum's time-boxed sprints versus Kanban's work-in-progress limits. Tune in for a comprehensive look at modern software development practices and the indispensable role of security in our digital world.Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

¡Aprende SecTY! EP4.1 Top 5 cyberattacks del 2023 Los ciberdelincuentes se botaron en el 2023 atacando cibernéticamente a empresas comprometiendo datos de clientes y haciendo que las empresas perdieran mucho dinero. Escucha cuanles fueron los ciberataques mas llamativos en el 2023. Este episodio es presentado por AeroNet. Empresa de tecnología 100% puertorriqueña, líder en soluciones de conectividad para negocios y residencias en Puerto Rico. Go Faster, Go Save. AeroNet Wireless - Reliable High Speed Internet (aeronetpr.com) Fuentes: ·         Top 10 Cyber-Attacks of 2023 - Infosecurity Magazine (infosecurity-magazine.com) ·         A year in review: 10 of the biggest security incidents of 2023 (welivesecurity.com) Si deseas orientación o evaluación sobre ciberseguridad para tu negocio o capacitar a tus empleados sobre seguridad de información en tu negocio, escríbeme a itsec@sectycs.com para poder ayudarte porque ofrecemos capacitación de seguridad a grupos de usuarios para pequeños negocios. Recuerda: Síguenos en Facebook, Instagram, X y LinkedIN como: @SecTYCS SUSCRIBETE en nuestro canal de YouTube Aprende SecTY: https://www.youtube.com/channel/UC1E9yilgLf5HZMQVDf_ViRw Envíame tus preguntas o recomendaciones a: itsec@sectycs.com Deja tu reseña en iTunes/Apple Podcast y compártelo con personas que necesiten mejorar la seguridad en su negocio y en su vida. Puedes escucharnos también por medio de: iTunes/Apple Podcast, Spotify, Google Podcast, Amazon Music y iHeartRadio.

Allan is joined by AJ Grotto: William J. Perry International Security Fellow and Founding Director of the Program on Geopolitics, Technology and Governance at Stanford University.  He also serves as the faculty lead for the cyber policy specialization that the university offers through its master's in international policy program .  He's also a visiting fellow at the Hoover Institution.  He's talking with me today about Cybersecurity spend vs. cybersecurity efficacy.  AJ, thanks so much for coming on down to ‘The Ranch! The below points are mostly followed, but the pair also get into CISOs embracing risk, CISOs owning risk, and buying 'lemons' in the cybersecurity market: So Cybersecurity Ventures says 2023 spending is growing 15% year over year. Between awareness training and tech stack, they are estimating $198+ billion in spend this year on cybersecurity.  Techcrunch analyzed the estimated shrinkage of budgets this year based on economic conditions:  45% of budgets remain unchanged or even increased.  3% of budgets were cut by an average of 21.2%.  So these figures hold close to steady despite the economic downturn.   We spend more and more on cybersecurity every year.  When does this end? Conversely, InfoSecurity Magazine says ransomware attacks surged by 74% in 2023. Wired reports an increase for 2023 as well.  We can dig into Verizon and IBM annual reports to see generally trends of year-over-year increases as well.  Verizon shows 13% increase with a curve that's trending upward more quickly each year.  What gives? How do we solve this? How do we bridge this gap? Tactically, we have tech stacks and awareness training and GRC. What is our spend story there vs. this looming threat landscape? Is the solution to spend less, but more intelligently? In other words, crafty rationalization where we still get full coverage, but spend less? If we can never close the gap between spend and threat, what are we to do? Sponsored by our good friends at Seraphic Security. Seraphic helps you defend your digital workplace with security and DLP for every browser and essential desktop apps like Microsoft Teams, Slack, Asana, and Notion. Protect against compromise and prevent data loss via the web with Seraphic.

Rick Howard, the CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the meaning of quantum computing through a cybersecurity perspective with CyberWire Hash Table guests Dr. Georgian Shea, Chief Technologist at the Foundation for Defense of Democracies, and Jonathan Franz, the Chief Information Security Officer at ISC2. Research contributors include Bob Turner, Fortinet's Field CISO – Education, Don Welch, New York University CIO, Rick Doten, CISO at Healthcare Enterprises and Centene, and Zan Vautrinot, Major General - retired. Howard, R., 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Wiley. URL: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/1394173083.   Deen, S., 2008. 007 | Quantum of Solace | Theme Song [Video]. YouTube. URL https://www.youtube.com/watch?v=YMXT3aJxH_A  Dungey, T., Abdelgaber, Y., Casto, C., Mills, J., Fazea, Y., 2022. Quantum Computing: Current Progress and Future Directions [Website]. EDUCAUSE . URL https://er.educause.edu/articles/2022/7/quantum-computing-current-progress-and-future-directions. France, J., 2023. Quantum Compute and CyberSecurity, in: ISC2 Secure Summits.  France, J., 2023. The Race Against Quantum: It's Not Too Late to be the Tortoise that Beat the Hare [Essay]. Infosecurity Magazine. URL https://www.infosecurity-magazine.com/opinions/race-quantum-tortoise-beat-hare/.  Shea, Dr.G., Fixler, A., 2022. Protecting and Securing Data from the Quantum Threat [Technical Note]. Foundation for the Defense of Democracies. URL https://www.fdd.org/wp-content/uploads/2022/12/fdd-ccti-protecting-and-securing-data-from-the-quantum-threat.pdf  

https://podinbox.com/compliancetime The guest on the podcast is Debanjan Chatterjee. Debanjan has more than 17 years of experience in Fraud Risk Management. He has been using Data Science to design counter-fraud solutions for traditional, global banks as well for modern Fintech firms. He is a certified expert in NFT and DeFi and contributes to the literature of managing Financial Crime Risk for Crypto-assets. His articles have been published on Nasdaq, Bitcoin Magazine, Association of Certified Fraud Examiners, InfoSecurity Magazine and The A.I. Journal.In this episode, we spoke about cryptocurrency, the Metaverse, AI, money laundering and technology, and how to think as a criminal. Connect with Debanjan on LinkedIn: https://www.linkedin.com/in/debanjan-chatterjee-03942454/Support the show

Cobalt Mirage deploys Drokbk malware. Zombinder in the C2C market. Impersonation scams: that's not Ukraine's Ministry of Digital Transformation. On the cyber front, nothing new. CISA releases three new ICS advisories. Caleb Barlow on attack surface management. Mike Hamilton from Critical Insight explains how state and local governments apply for the $1 billion allocated by the feds for cybersecurity funding. And criminals prey on other criminals. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/235 Selected reading. Drokbk Malware Uses GitHub as Dead Drop Resolver (Secureworks) Zombinder: new obfuscation service used by Ermac, now distributed next to desktop stealers (ThreatFabric) Crypto Winter: Fraudsters Impersonate Ukraine's Government to Steal NFTs and Cryptocurrency (DomainTools) Danish defence ministry says its websites hit by cyberattack (Reuters) Kela website hit by DoS attack (Yle) Advantech iView (CISA)  AVEVA InTouch Access Anywhere (CISA) Rockwell Automation Logix controllers (CISA)  The scammers who scam scammers on cybercrime forums: Part 1 (Sophos News)  Cyber-criminals Scammed Each Other Out of Millions in 2022 (Infosecurity Magazine)

Fareedah Shaheed is the CEO and Founder of Sekuva SehKOOvuh, where she helps parents and caretakers protect their kids online. She has taught thousands of people online security & safety, has hosted lunch and learns, and has delivered keynotes on the subject. She is a Forbes 30 Under 30 honoree and is currently serving on the Forbes board for the Under 30 community.   Fareedah was named Cybersecurity Personality of the Year 2020. And her work has been featured in Cisco, NASA, FOX 25, FOX 46, FOX Carolina, NBC Washington, The Grio, Yahoo!, AfroTech, The Every Mom, StartPage, TripWire, Infosecurity Magazine, and most recently on the NASDAQ. Fareedah is on fire when it comes to spreading her message. I connected with Fareedah via LinkedIn and as I got to know more about her work and her personal story, I knew she would be a fantastic guest. She did not disappoint!  Listen in to hear Fareedah share: Her experience growing up as a third culture kid How her identity as a Black Muslim gamer raised in Saudi Arabi inspired her work in cybersecurity How her relationship with her mom especially informed her experience around her own cybersecurity The significance of her mom embracing imperfection in order to create a more safe, secure and soulful mother/daughter relationship What holistic online safety is and why it's so much more important than blanket rules that might serve only as bandaids  The importance of connection over control and a strong parent/child bond in online safety Why she champions parental therapy and therapeutic practices in order for parents to have a connection to self as a foundation to protect your child from the online world First 3 steps to take toward cybersecurity for your child Links mentioned: From September 14th-20th only, become a member of The Shameless Mom Academy: shamelessmom.com/academy Connect with Fareedah: Cyberfareedah.com Join Fareedah's Safe Kid Movement: safekidsmovement.com Fareedah on all social media: @CyberFareedah  Fareedah's podcast: The Accidental Arab     Sponsor info and promo codes: Please find our sponsor information here: shamelessmom.com/sponsor/ Interested in becoming a sponsor of the Shameless Mom Academy? Email our sales team at sales@adalystmedia.com

¡Aprende SecTY! Herramientas y controles para prevenir un ransomware Se espera que los daños globales por ransomware superen los $30 mil millones para 2023 de acuerdo con el reporte más reciente de CyberThreat de Mid—Year de la compañía de Acronis. ¿Pero que controles debemos aplicar para prevenir un ransomware? Referencias: Articulo: Global Ransomware Damages to Exceed $30bn by 2023 - Infosecurity Magazine (infosecurity-magazine.com) Episodios relacionados: EP2.13: Como capacitar en seguridad a empleados de pequeños negocios: https://aprendesecty.libsyn.com/ep213-como-capacitar-en-seguridad-a-empleados-de-pequeos-negocios EP2.26 Usa el sentido común para no caer en un phishing: https://aprendesecty.libsyn.com/ep226-usa-el-sentido-comn-para-no-caer-en-un-phishing Recuerda: Simposio Anual 2022 de ISACA Puerto Rico ya tiene disponible su registro temprano. No lo dejes pasar, y REGISTRATE YA AQUÍ: https://events.eventzilla.net/e/2022-isaca-pr-annual-symposium-2138575591 Si deseas capacitar a tus empleados sobre seguridad de información en tu negocio, escríbeme a itsec@sectycs.com para poder ayudarte porque ofrecemos capacitación de seguridad a grupos de usuarios para pequeños negocios. Entra a nuestra página de Aprende SecTY https://www.aprendesecty.com  para que puedas obtener las guías, tips y pasos que ya he compartido anteriormente de manera GRATIS. Como por ejemplo la Guía de Como identificar un Phishing Email: Aprende a identificar un Phishing email (aprendesecty.com) Síguenos en Facebook, Instagram, Twitter y LinkedIN como: @SecTYCS SUSCRIBETE en nuestro canal de YouTube Aprende SecTY: https://www.youtube.com/channel/UC1E9yilgLf5HZMQVDf_ViRw Envíame tus preguntas o recomendaciones a: itsec@sectycs.com Deja tu reseña en iTunes/Apple Podcast y compártelo con personas que necesiten mejorar la seguridad en su negocio y en su vida. Puedes escucharnos también por medio de: iTunes/Apple Podcast, Spotify, Stitcher, Google Podcast, Amazon Music y iHeartRadio.

A daily look at the relevant information security news from overnight - 28 July, 2022Episode 275 - 28 July 2022NetStandard Knocked Offline- https://www.bleepingcomputer.com/news/security/kansas-msp-shuts-down-cloud-services-to-fend-off-cyberattack/Moxa NPort Flaws - https://www.securityweek.com/moxa-nport-device-flaws-can-expose-critical-infrastructure-disruptive-attacksPost Macro Tactics - https://www.infosecurity-magazine.com/news/hackers-change-tactics-for-new/Naughty Knotweed- https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html Twitter Data Sale - https://www.infosecurity-magazine.com/news/criminal-twitter-users-data/Hi, I'm Paul Torgersen. It's Thursday July 28th, 2022 and this is a look at the information security news from overnight. From BleepingComputer.com:Managed service provider NetStandard suffered a cyberattack causing the company to shut down its MyAppsAnywhere cloud services. The company said Hosted GP, Hosted CRM, Hosted Exchange, and Hosted Sharepoint will be offline until further notice, but that no other services were impacted. That being said, their main website remains down as well. No word on threat actor or malware involved, but it is assumed to be a ransomware hit. From SecurityWeek.com:Two high severity flaws have been found in the NPort 5110 device servers from Moxa. The vulnerabilities can be exploited remotely to cause the targeted device to enter a denial of service condition. The only way to regain control of the device is to physically power it down, which might present a challenge as many of these devices are in very remote locations. These things are designed to connect to Ethernet networks and should not be exposed to the internet. However, a Shodan search found at least 5,300 of them that are. Now some of these may be honeypots, but they're not ALL honeypots. Customers should contact Moxa for a security patch. From InfoSecurity-Magazine.com:Since Microsoft announced they would disable macros by default, the use of macro-enabled attachments by threat actors decreased by around 66% between October 2021 and June 2022. Awesome. But, where there's a will there's a way. In that same timeframe, the number of malicious campaigns using container file formats jumped up 176%. These formats include ISO, RAR, ZIP and IMG files that contain macro-enabled docs. Now the ISO and RAR formats will still have the Mark of the Web, meaning they originated from the internet and their macros would be blocked, but the files within them would not. Link to the ProofPoint research in the article. From TheHackerNews.com:A threat actor tracked as Knotweed, used several Windows and Adobe zero-day exploits in highly-targeted attacks against targets in Europe and Central America. They are actually an Austrian outfit called DSIRF that supposedly sells general security and information analysis services to commercial customers. As a side gig, they created a cyberweapon called Subzero, which can hack phones, computers, and internet-connected devices. Talk about vertical integration. And last, from InfoSecurity-Magazine.com:A user named devil is selling a database of 5.4 million Twitter users' information on the Breached Forums site. They say it contains the phone numbers and email addresses of users, including celebrities and companies, and is asking for $30,000. Twitter is investigating the issue, which the seller said exploited a vulnerability in its systems that allows someone to find additional user information, even if that user has it hidden in privacy settings. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.

We know that cybersecurity presents a huge risk to us both personally and professionally, but what can we do to stay safe? To answer this question I spoke with cybersecurity expert Raj Samani, who at the time of recording was Chief Scientist at McAfee, and is now at Rapid7 on the Actionable Futurist Podcast®.As an international cybercrime expert, Raj has assisted multiple law enforcement agencies in cybercrime cases, and is a special advisor to the European Cybercrime Centre and is on the advisory councils for Infosecurity Europe and Infosecurity Magazine.Cybersecurity threats now have the potential to completely cripple companies and complete supply chains and my discussion with Raj is accessible to audiences of all types, and contains advice for a board of directors, right down to students considering their career options.In this wide-ranging discussion, we covered topics including:Cybercrime in a pandemic worldHow cybercrime has evolvedHow supply chains are now a targetThe Log4j vulnerability and what it meansAre boards taking cyber threats seriously?Making the board uncomfortable about the risksContextualising why cybersecurity mattersCan AI help fight cybercrime?Actionable advice to keep safeHow much security do you need?The industries most at riskNation-states running social media campaignsWhat the FireEye acquisition means for McAfee Criminals now have R&D departmentsIoT and APIs as the next threat areas?Children's toys are getting hackedPutting security at the heart of designBletchley Park's role in cybersecurityThe hot roles in cybersecurityTop 3 cybersecurity trendsDo companies need a dedicated Chief Security Officer?3 things to do today to stay safeRaj provides us with actionable and practical advice on what to do this week to reduce your exposure.Make 2022 the year you lean forward and take cybersecurity seriously.More on RajLinkedInTwitterMcAfee EnterpriseRaj's BlogsResources mentioned on the showHave I Been Pwned? websiteSpeakers for Schools websiteNoMoreRansom.orgThe Cuckoo's Egg bookApplied Cyber Security and the Smart Grid bookDave Grohl BiographyBletchley ParkYour Host: Actionable Futurist® Andrew GrillFor more on Andrew - what he speaks about and replays of recent talks, please visit ActionableFuturist.comfollow @AndrewGrill on Twitteror @andrew.grill on Instagram.

Ransomware and other cyber threats have evolved in recent years , and with that so has cybersecurity. In this episode we'll share stories of modern day cyber attacks that keep IT professionals up at night. We'll hear about a cyber attack that impacted a country's health service, an attack on a legal firm's web server that exposed sensitive client data, and we'll hear how attackers found vulnerable systems in a small company's network and got in.  Experts share advice about best security practices for organizations and individuals alike. It's #CyberSecurityMonth, and this is an episode you won't want to miss.Kurt Roemer, Chief Security Strategist for Citrix, shares his expertise in preventing attacks on IT departments and individuals.Fahmida Rashid is a cybersecurity journalist. She has been writing about information security for 15 years for technology publications such as Dark Reading, Security Week and Infosecurity Magazine.Citrix is supplying you with critical intelligence to write the new work playbook. Explore research and perspectives for a successful hybrid work model on Fieldwork by Citrix. [LINK: https://www.citrix.com/fieldwork/flexible-work/virtual-series.html] filled with research, tools, and best practices to guide, support, and enable the flexible workforce.To learn more about best practices for a secure workforce, visit us here:https://www.citrix.com/fieldwork/secure-workforce/

Eleanor Dallaway, Editorial Director at Infosecurity Magazine, is joining the Tech Trailblazers judging team for this, our tenth, edition. Chief Trailblazer Rose Ross talks to her about her rise up the ranks of Infosecurity Magazine, what it is that will impress her as an entry to the Awards, and how diversity and inclusion are a focus for her in the cybersecurity industry. Eleanor also shares how important the personal connection and face-to-face meetings are important for telling the stories she writes.

Veracode CEO Sam King is an icon in the realms of secure coding and application security, and she joins the podcast, along with Infosec CEO Jack Koziol, to discuss her cybersecurity journey, the President's directive on software security and so, so many more topics. You really don't want to miss this one, folks. – Download our FREE ebook, Developing cybersecurity talent and teams: https://www.infosecinstitute.com/ebook – Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/ – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - Intro 3:10 - Origin story5:05 - Ground floor of cybersecurity 7:54 - The “aha!” moments 12:30 - Point were you thought industry would grow14:28 - Changes implemented at Veracode19:52 - Nation's approach to cybersecurity24:10 - Federal government security 26:25 - Government oversight 28:14 - Secure coding practices 31:52 - Veracode's app security report40:04 - How to learn web application security 43:46 - Mistakes to avoid when applying  47:13 - Bringing in more diverse candidates  51:36 - Maintaining Veracode's edge54:25 - Advice to move into a new cybersecurity role56:24 - Outro Sam King is the chief executive officer of Veracode and a recognized expert in cybersecurity, DevSecOps and business management. A founding member of Veracode, Sam has played a significant role in the company's growth trajectory over the past 15 years, helping to mature it from a small startup to a company with a billion dollar plus valuation. Under her leadership, Veracode has been recognized with several industry distinctions including a seven-time consecutive leader in the Gartner Magic Quadrant, leader in the Forrester SAST Wave and a Gartner Peer Insights Customer Choice for Application Security. Sam has been a keynote speaker at events such as Gartner Security Summit, RSA and the Executive Women's Forum, on topics ranging from cybersecurity to empowering women and creating diverse and resilient corporate cultures. She has been profiled in business publications such as the Huffington Post, CNNMoney, Financial Times, InfoSecurity Magazine and The Boston Globe.Sam received her masters of science and engineering in computer and information science from University of Pennsylvania. She earned her BS in computer science from University of Strathclyde in Glasgow, Scotland, where she earned the prestigious Charles Babbage Award, awarded to the student with the highest academic achievement in the graduating class. She currently sits on the board of Progress Software. Sam is also a member of the board of trustees for the Massachusetts Technology Leadership Council, where she was a charter member of the 2030 Challenge: a Tech Compact for Social Justice in efforts to bring more diversity to the local workforce.About InfosecInfosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with  skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It's our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.

Our teens LOVE their devices, but to us parents, they open up a scary world of bullies, creeps, and social distortion. How do we keep our kids safe AND allow them to explore and connect online? In today's episode, Dr. Cam talks with Online Safety Educator Fareedah Shaheed. Fareedah is the CEO and Founder of Sekuva, where she helps parents and caretakers protect their kids online. She has taught thousands of people online security & safety, has hosted lunch and learns, and has delivered keynotes on the subject. She is a Forbes 30 Under 30 honoree and is currently serving on the Forbes board for the Under 30 community. She has been named Cybersecurity Personality of the Year 2020. And her work has been featured in Cisco, NASA, FOX 25, FOX 46, FOX Carolina, The Grio, Yahoo!, AfroTech, TripWire, Infosecurity Magazine, Fareedah has a free guide on safer games for kids. If you'd like a copy go to https://my.community.com/fareedah and text the phrase: safe games. If you want to learn more from experts like Fareedah, join me Tuesday afternoons for the Parenting Teens Power Hour. It's free! You can register at www.askdrcam.com/powerhour. Also, if you enjoyed this episode and all the amazing nuggets that Fareedah shared with us, please take a quick moment to rate and review. This helps other parents like you find this show. As always, thank you for your support!

Cyber has evolved with technological advancements, but the workforce behind cyber may be evolving too. Bush School student and cyber expert Amanda Custer shares with us the major cyber issues facing America and the prospects of women in cyber for the near and distant future. Amanda has kindly shared some links below for people who wish to learn more!Huckins, Grace. 2021. “As More Women Enter Science, It's Time to Redefine Mentorship.” Wired. (February 23, 2021).Huntington-Klein, Nick, and Elaine Rose. 2018. “A Study of West Point Shows How Women Help Each Other Advance.” Harvard Business Review. (February 23, 2021).“Cybersecurity Professionals Stand Up to a Pandemic: (ISC)2 Cybersecurity Workforce Study, 2020”.Kovacevic, Andrej. 2020. “Solving the Global Cybersecurity Skills Gap in Two Simple Steps.” Infosecurity Magazine. (February 23, 2021).Mundy, Liza. 2017. Code Girls The Untold Story of the American Women Code Breakers of World War II.“The STEM Gap: Women and Girls in Science, Technology, Engineering and Math.” AAUW : Empowering Women Since 1881. (February 23, 2021).“Women and Information Technology by the Numbers.” 2020.“Women in Cybersecurity.” Cybersecurity Guide. (February 23, 2021).To listen to our episode with Ed Wynn discussing civility in politics, click HERE.Support the show (https://www.patreon.com/friendsfellowcitizens)

This week, Tessian's CEO Tim Sadler is joined by Dan Raywood, journalist and former deputy editor of Infosecurity Magazine. Looking back over the past 12 months, Dan and Tim talk about resilience and how recent events have changed cybersecurity, from SolarWinds to Covid-19 - to which Dan poses the question, "Has anything actually really changed?!" They also discuss where IT leaders need focus efforts in 2021 and why the human factor is a major consideration.  Looking for more Human Layer Security  insights?  Head over to the Tessian blog and you can subscribe to the Tessian newsletter to stay up to date with all our Human Layer Security news.

In the latest episode of #IMM, Christine speaks with James Coker, tech reporter at Infosecurity Magazine

In this episode, we deviate a bit from our traditional topics to incorporate the growing diversity in the Infosec world. In the past, this has been a male dominated field, but the culture is changing.  Our guest today is Eleanor Dallway. Eleanor is the Editorial Director at Infosecurity Magazine, and she is at the front of the security industry. She has more than 15 years of online job experience and knows more about information security than most English Literature graduates should. She spends her working days interviewing industry professionals, keeping the website updated with news on a regular basis, editing the magazine, and attending industry events.  Show Notes: [1:03] - Eleanor’s experience in Infosec began in 2006 when she started working for Infosecurity Magazine. She also has experience editing for a wine and spirits magazine as well as one for retail. [2:03] - Eleanor admits that information security is her favorite, because she’s worked in it the longest and it is constantly changing. [2:51] - Her favorite part of her job is interviewing industry professionals. She shares several famous individuals who she has been able to interview. [4:18] - Eleanor admits that she was very nervous to interview Kevin Mitnick and describes the experience. [5:57] - Kevin Mitnick did magic tricks for Eleanor for fun, but demonstrated how con artists are very much like magicians. [9:55] - Chris and Eleanor chat about their different interviews with previous podcast guest John McAfee. [11:14] - John McAfee spoke an unscripted rant at an event that Eleanor was able to be present for. [12:30] - Infosec trends are compared to fashion trends because they are cyclical and come back again. [13:38] - Some trends that Eleanor discusses are the Cloud, artificial intelligence, and the focus on the human side of security. [15:13] - Awareness now is much different than it was 15 years ago when Eleanor began working for Infosecurity Magazine. Now, they are major headlines and mainstream news. [16:48] - Eleanor’s company puts in software that randomly tests people.  [19:31] - We start to distrust people who are actually trustworthy and tend to become cynical.  [20:18] - The types of scams that trend ebb and flow. Sometimes the trend is text scams, emails, or phone calls, generally speaking. [21:40] - There are clever scammers who use the current climate to change their approach. Eleanor shares that she has seen a lot of scams with packages delivered because more people are shopping online. [23:56] - When someone targets Eleanor, she knows she can handle it, but she gets very angry when scammers target her parents and grandmother. [25:52] - Eleanor discusses various conferences and events. She doesn’t tend to worry about heavy security for some of them, but for several of them, she takes every precaution. [28:10] - For the most part, Eleanor tends to go to more of the businessy conferences. [30:42] - Eleanor admits that most of the things on her phone or computer are not that interesting so she feels comfortable taking her devices with her to other countries when traveling. [31:28] - In regards to women in the industry, Eleanor says that it is still male dominated but it is moving in the right direction. [32:48] - Eleanor has worked with programs that encourage teenage girls in high school to get into the infosec and technology world. [33:25] - Eleanor launched Women in Cybersecurity Networking Group that began small in the UK but is now national. The purpose is to create a community. [35:02] - Marketing cybersecurity needs a lot of change to include more accurate images and descriptions. [36:11] - There’s a lot of going on in this space in regards to diversity in the industry, but Eleanor feels that it is not being done quickly enough. [37:33] - The security industry is very resilient and has not been hurt by the pandemic except that they are shorthanded. Unemployment is high in many places, so people should be jumping ship and going into it. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Infosecurity Magazine Web Page Women in Cybersecurity Networking Group Eleanor Dallaway on Twitter Eleanor Dallaway on LinkedIn

All links and images for this episode can be found on CISO Series https://cisoseries.com/our-hope-it-doesnt-happen-to-me-security-strategy/  We're thinking it just might be possible to wish our security problems away. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest this week is Steve Giguere, (@_SteveGiguere_) director of solution architecture and community, StackRox. Thanks to this week’s podcast sponsor, Stackrox StackRox is the industry’s first Kubernetes-native security platform that enables organizations to securely build, deploy, and run cloud-native applications anywhere. The StackRox Kubernetes Security Platform delivers lower operational cost, reduced operational risk, and greater developer productivity through a Kubernetes-native approach that supports built-in security across the entire software development lifecycle. On this week's episode That’s something I would like to avoid Security theater is a security placebo. We're being told that it's effective, and we may fool ourselves into believing it is, but the reality is there's no real security medicine there. Over on Infosecurity Magazine, Danny Bradbury has identified a few key ones I want to call out. In particular, technology buzzwords - like getting a solution with AI, data collection - more data, more insights, right?, and endless security alerts - for practitioners and end users. All of these seem to be in regular practice today. Does calling out security theater result in pushback? And if so, how do you handle calling it out and how would you shift each of these security placebos into a more medicated version? There’s got to be a better way to handle this On reddit, kautica0 asks, "If a company becomes aware of a 0-day vulnerability and it impacts their production web application serving customers, what actions should be taken? Should it even be considered an incident?" Just because it's a 0-day vulnerability does that make it more threatening than any of the known vulnerabilities? There was a lot of logical advice that was akin to how we would handle any vulnerability, but the 0-day nature had the looming feeling of this could be an incident very quickly and would require an incident response plan. "What's Worse?!" A "What's Worse?!" entry from our youngest listener. Please, enough. No, more. The topic is Kubernetes Security. We discuss what we have heard enough about when it comes to Kubernetes security and what we would like to hear more. Where does a CISO begin Is being cloud first a security strategy? Over on the UK's National Cyber Security Centre, an article argues that we should not ask if the cloud is secure, but whether it is being used securely. What does that mean? And is there an argument for and against cloud first being a valid security strategy?  

All links and images for this episode can be found on CISO Series (https://cisoseries.com/can-a-robot-be-concerned-about-your-privacy/) I want AI to be efficient, but I also want my space. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest is Rebecca Weekly (@rebeccalipon), senior director of hyperscale strategy and execution, senior principal engineer, Intel. Thanks to this week's podcast sponsor, Intel. Intel’s new suite of security features in the upcoming Xeon Scalable platform improves data confidentiality and integrity in a world that increasingly relies on it. Features like Intel SGX further enable confidential computing scenarios — crucial for organizations in regulated industries to meet growing security requirements and protect sensitive data. On this week's episode Why is everybody talking about this now "The lack of women in cybersecurity leaves the online world at greater risk," stated Naomi Schalit of The Conversation. Mollie Chard of Capgemini shared the article that generated a lot of conversation. Naomi hit many issues we've discussed before like diversity offers different viewpoints, which is critical for building a cybersecurity program. I would like to focus on the dynamic of the security team. I've been in testosterone-fueled environments and things change dramatically when just one woman enters the room. And it changes even more when there are more women. What is that dynamic, why is it valuable, and what's the danger of the all-male environment? Well that didn’t work out the way we expected At the end of every show I ask our guests, "Are you hiring?" And prior to COVID, almost everyone said desperately, "YES, we're hiring." That has changed dramatically for the worse since COVID started. Emma Brighton has a story on InfoSecurity Magazine about the real shortage that's happening. Problems she points to are the need to secure more communications channels, security people being offloaded to do IT support, and the competition for skilled talent. What is COVID doing to our security environment and our staff? What's Worse?! Everyone in the loop or out of the loop? Please, Enough. No, More. Today's topic is security on the chipset. We have never talked about this on the show, but now we've got someone from Intel and it seemed appropriate now would be the time to do just that. What have we heard enough about chip-level security, and what would we like to hear a lot more? Are we having communication issues Will the fight to maintain privacy always be in conflict? The people who collect data always want more information so they can get greater insights. Outside of regulations, they have no incentive to maintain privacy. As we're collecting more and more information automatically and artificial intelligence systems are making decisions for us, can AI systems be made privacy aware while still being effective at gaining insights? What would that even look like?

Fareedah Shaheed is the CEO and Founder of Sekuva, an online security coaching business, where she helps non-tech savvy online small business owners and families implement online security fundamentals in their businesses and lives. She has taught hundreds of people online security & safety, has hosted lunch and learns, and has delivered keynotes on the subject. Her work has been featured in Radio One, TripWire, Infosecurity Magazine, ABC 6, NBC 29, FOX 25, FOX 40, WFMJ, and many more.Links:Website: https://sekuva.mykajabi.com/Instagram: https://www.instagram.com/cyberfareedah/Facebook Group: https://www.facebook.com/groups/515654908958783Freebie Links: https://bit.ly/CyberFareedah

Michael Hill – Editor of Infosecurity Magazine speaks to Rose Ross for our second podcast in our Judges on Fire Series.

Fareedah tells us how important it is for us to protect ourselves online. There are hackers preying on the vulnerable small business. You don't want your hard work comprised. She works with non-technical small business. Fareedah Shaheed is the CEO and Founder of Sekuva, an online security coaching business, where she helps non-tech savvy online small business owners and families implement online security fundamentals in their businesses and lives. She has taught hundreds of people online security & safety, has hosted lunch and learns, and has delivered keynotes on the subject. Her work has been featured in Radio One, TripWire, Infosecurity Magazine, ABC 6, NBC 29, FOX 25, FOX 40, WFMJ, and many more. www.sekuva.mykajabi.com Check out the host: www.itsmymoneyjournal.info www.instagram.com/itsmymoney_

When security breaches make news headlines, they tend to be about nefarious hackers in another country or a catastrophic failure of technology. However, employees occasionally make mistakes that can pose grave dangers to the organization’s cybersecurity, from emailing valuable data to recipients to misconfiguring assets that enable unwanted access to company information. Indeed, human mistakes reportedly account for one-fourth to one-third of data and intellectual property breaches within companies. The average cost of inadvertent breaches from human error is estimated to up to $3.5 millionannually; that’s without even including breaches resulting from employee willful misconduct. Many of the biggest breaches over the last decade would actually not have happened but for some form of human error.Our guest, Dr. Adi Gillat, shares her experience related to security breaches, and to what extent intellectual property (IP) rights are at risk, particularly in the specific context of the COVID-19 pandemic that has impacted all businesses for the last few months.Dr. Gillat has been an IP, IT, and privacy lawyer for almost 25 years, advising Israeli technology companies oncomplex tech transactions and compliance matters. Ranked among the top transactional IP lawyers in Israel, she is a founding partner at H-F & Co., based in Tel Aviv, Israel, and leads its IP, IT and Tech-Transactions practice. She is a licensed attorney both in Israel and in the U.S., where she previously practiced IP transactional and litigation law.Every two weeks, on Tuesday, Brand & New gives the floor to inspiring individuals, with a 360-degree vision, to help brand owners, intellectual property lawyers, and marketing and finance professionals (and beyond!) stay curious and agile in an ever-evolving business environment. Brand & New is a production of the International Trademark AssociationHosted by Audrey Dauvet - Contribution of M. Halle & S. Lagedamond - Music by JD BeatsFOR MORE INFORMATION, VISIT INTA.ORGTo go further:About Adi Gillat: https://www.linkedin.com/in/adi-gillat-8a39371/Also of interest:- Harvard Business Review, The Biggest Cybersecurity Threats are inside your Company (link to https://hbr.org/2016/09/the-biggest-cybersecurity-threats-are-inside-your-company)- INTA On-demand Webcast: Data Privacy 101—How to Ensure Data Protection and Enhance Brand Value in the Age of Data Privacy (link to https://learning.inta.org/products/data-privacy-101how-to-ensure-data-protection-and-enhance-brand-value-in-the-age-of-data-privacy)- INTA Report: Recommendations to Enhance Brand Value Through Data Protection (link to: https://www.inta.org/Advocacy/Documents/2018/Recommendations%20to%20Enhance%20Brand%20Value%20Through%20Data%20Protection.pdf- Infosecurity Magazine https://www.infosecurity-magazine.com/opinions/employees-taking-data/- Business Insights, Addressing Human Error causes Security Breaches (link to https://businessinsights.bitdefender.com/addressing-human-error-causes-security-breaches)- Forbes, Remote Work involves Cybersecurity Risks (link to https://www.forbes.com/sites/ca

Kim writes about cybersecurity for Tripwire, AT&T Cybersecurity, Venafi, and Cylance's blogs. She also writes for Peerlyst. In the past Kim has contributed to Infosecurity Magazine, Threatpost, Comodo's blog, CCSI's blog, CSO, CIO, Computerworld, Hacker Noon, The Threat Report, and 2600 Magazine. Listen in as Jenny and Kim discuss early years tech support, writing and deep fakes.  To read the Deep Fake Peerlyst article by Kim, click the link here.  To follow Kim on Twitter, click the link here. To view Kim's LinkedIn page, click the link here. Don't forget you can also follow Jenny on Twitter by clicking the link here.   

In another special Black Hat 2019 episode of #IMM, Christine chats with Dan Raywood, Deputy Editor of Infosecurity Magazine.

On this episode, Jim and Jeff talk about Kacy Zurkus' article "Healthcare Organizations Too Confident in Cybersecurity" for InfoSecurity Magazine and why multi-factor authentication (MFA) isn't more widely adopted. Jeff also poses a question to Jim: Do you choose MFA or Privileged Access Management (PAM) first if you can only do one? Brought to you by identropy.com Want to join the conversation? Leave us a message here: anchor.fm/identity-at-the-center/message --- Send in a voice message: https://anchor.fm/identity-at-the-center/message

In today’s chat, Marco Ciappelli and Sean Martin speak with Killian Faughnan, Group CISO, William Hill. In addition to getting some insight into how Killian looks at cybersecurity as a whole, during our chat today we got to dig into the lightning talk Killian will be giving during InfoSec Europe in London as part of a 4-part keynote session titled Building Brand Infosec: Engaging Employees to Drive Secure Behaviour. The four talks, which are to be presented as a single keynote moderated by Michael Hill, Deputy Editor at Infosecurity Magazine, will drive communications up and down the stack within the organization, looking at the role of security awareness and responsibility for all within the organization. Killian will be sharing his insights in Talk 4 — Marketing Security to the Board & Execs, where he will give the audience some tips on how to sell InfoSec to the executive staff and the board of directors. Killian shared with us that selling InfoSec to internal stakeholders is a marketers nightmare — as a CISO you find that you have to market to a very diverse group of people from management to the executive staff to the board via a single marketing campaign. The challenge is bringing home a single message across the board for all to understand. Listen in to hear a ton from Killian as he prepares us for some great conversations next week. ________ We'd like to thank our conference coverage sponsors for their support. Be sure to visit their directory pages on ITSPmagazine to learn more about them. Bugcrowd: https://www.itspmagazine.com/company-directory/bugcrowd CyberCyte: https://www.itspmagazine.com/company-directory/cybercyte Devo: https://www.itspmagazine.com/company-directory/devo Nintex: https://www.itspmagazine.com/company-directory/nintex STEALTHbits: https://www.itspmagazine.com/company-directory/stealthbits ________ Want more from InfoSec Europe in London? Follow all of our coverage here: https://www.itspmagazine.com/infosec-europe-2019-event-coverage-london-uk-cybersecurity-news-coverage-and-podcasts Looking for more chats on the clouds to InfoSec Europe? You can find those here: https://itspmagazine.com/itsp-chronicles/chats-on-the-clouds-to-infosec-2019-london

Cloud and Cloud computing is in the news and we'll talk about what is going on and what to expect Do you sell things online off a website?  If so, you have to listen in to find out what the IRS is doing, right now, it's going to drive you crazy. It's update time! Microsoft is out with their April update, known as 1903 or 19h1. It has some nice Windows Update policy features. What are Cybercriminals up to now?  They are using new tactics that bypass traditional email security, So listen in to find out more It's bad enough that cybercriminals are attacking us and stealing out information but now these Bad guys are stealing money right out of bank accounts. Do you know what a Denial-of-Service or a Distributed Denial-of-Service attacks are?  Well, the FBI and Secret Service trying to shut down criminal organizations who are using them in a big way, we'll talk about what they are doing today. Are you a C-level executive? It is time to remove your cybersecurity blinders -- Cybersecurity is no longer an IT problem it is a boardroom level problem and scary one when you get right down to it.  Cybercriminals are using brand impersonation now and it's it costing companies a lot of money  For all this and more tech tips, news, and updates visit - CraigPeterson.com --- Transcript: Below is a rush transcript of this segment; it might contain errors. Airing date: 04/06/2019 FBI Shuts Down Denial Of Service Attacks - Supreme Court Ruling Will Affect Every Business Craig Peterson 0:00   Hey, hello, everybody, Craig Peterson here. And it looks like my math was wrong. You know, last week I said, I thought we were coming up to the 1,000th week of being on the air. Actually, we weren't coming up on it, it was the 1000th week. So this is our One Thousand and One weeks of broadcasting, and this week, we're going to have a few different radio appearances, as I usually do all be on with Jack Heath on Monday, but because I'm going to be busy this week, as well, actually, I guess, this week? No, I'm not going to be on with Jack on Monday. But I am going to be on on other stations Tuesday and Wednesday. Okay. So anyhow, we passed 1000 weeks, you can do the math, that's a lot of years on the air. I don't know if that makes me old. It's certainly kind that makes me feel old. But you guys, man, I appreciate you. I appreciate everyone who listens, and everyone who subscribes to my podcast. And you can do that quite easily by going to http://CraigPeterson.com/iTunes. Leave a comment. Hopefully, I've earned a five star from you guys. And that'll help get the show out so more people are aware of it. Craig 1:26 So let's get right into the articles this week. as is true every week, I send these things out on Saturday morning. So you should get my show notes-newsletter, and that'll keep you up to date. Let you know about the latest security problems that have arisen this last week and other things in the tech biz and tech world that I think are interesting. So number one this week is from Infosecurity Magazine. And it's talking about cloud and cloud computing, we'll get to that in a few minutes. The U.S, man, if you have a website, if you're selling things online, you got to hear what the IRS is doing right now. Craig 2:08 And man, the internet tax stuff, it's going to drive you crazy. There is a new update here for Windows coming on. Well, it's the April update. And it's known as version 1903 or 19h1. Craig 2:26 But it's going to have a new Windows Update policy. And it's going to let you if you are a big organization that is using the group policy editor, basically, you have an Active Directory server and you have group policies for your various accounts. Craig 2:46 Excuse me, this, the policy is supposed to allow you now to specify deadlines for automatic updates, and restarts. Now if you don't have the Windows 10 professional, you're kind of stuck as it is right now because you can not, I repeat, can not specify when you want updates to be applied and how long you might want to wait. And we've certainly talked about that on the show before. But it's going to give IT admins a lot more control, especially when managing larger fleets really of devices, number of Windows devices, so it should be pretty good. And I have some details on where you'll find it in the menus there on my website at http://CraigPeterson.com. And Softpedia has really quite a nice little thing about the whole thing. But basically, you as an admin can set a deadline for installing updates as high as 30 days. Usually, I recommend about seven days, five to seven days, because that lets you get past the initial problems that often accompany these updates from our friends at Microsoft. And the auto reboot can be anywhere from zero to seven days following that. Craig 4:08 Now, this feature is something that was available only in the pro version. And now it's available across the board if you are using group policies, okay? The latest tactics used by cybercriminals will talk about this. And this is bypassing traditional email security. Craig 4:27 And where do most IT professionals feel vulnerable when it comes to bad guys and attacks and stealing our information, stealing money literally right out of bank accounts. Well, we'll talk about that too. But first, I want to get to an article I love the title of this. This is out of the UK, it's from The Register. It's called Silence of the WANs, which I thought was just very clever. The FBI has been working hard to shut down criminal organizations, so has the Secret Service. I've talked with both of them before about what they're doing and how effective they have been. And one of the problems we talked about in my cybersecurity course, was something called a denial of service attack and distributed denial of service attack. And we talked about how to prevent them, how to stop them, and how to make your life so much easier. And we, of course, concluded that class, it's not open, you can't get into it right now, because I'm not conducting it right now. But denial of service attacks is absolutely huge. And the FBI just busted a massive attack and network about two weeks ago. Craig 5:45 And this was just amazing. Because the traffic loads plummeted after the FBI took these guys out. And some of them were right here in the US. You think most of the time that there may be in Russia or, you know, some Eastern European country, maybe India, you know, the normal places these things come from. But the December of 2018, the FBI really started pushing trying to figure out who was running the distributed denial of service attacks. Now, here's what how a DOS works, the denial of service attack. Craig 6:25 Someone, usually it's either a competitor or more often, it's someone that disagrees with your company. So a company that maybe has some sort of a political stance or donated to a charity that somebody doesn't like, they will start sending dozens, hundreds, thousands of requests to a web server, this is just a simple explanation, okay. So they'll send all of these to the web server, the web server becomes overloaded. It may crash or may not crash doesn't really matter. But because it has so many requests coming in, it cannot serve the normal users. So, people who are coming to your website to find out more about you may be to place an order, maybe to get some of the information that you're providing, they cannot get there because of the denial of service attack that's going on. Well, there is a worse type of denial of service attack, and it's called a distributed denial of service attack. Because bottom line, if there's only one machine that's attacking you, it's pretty darn easy to put a filter in place to block that machine from getting to you. That makes sense, right? Well, if you have 100, or thousand machines that are all sending data to you becomes much more difficult to stop. And that's the whole idea behind distributed denial of service attacks. Craig 7:55 So they FBI worked with a mitigation provider called Nexusguard. And they've been tracking this stuff. And they're saying both the overall number of attacks and the volume of the data fired at the targets to overwhelm them is down and it's measurably down because the FBI wiped out 15 of these denials of service mercenary sites. Some of them are run in America, some of them are run overseas, but they allowed people to purchase the temporary use of the massive button that's of compromised devices. Right? Isn't that what I'm always warning you guys about? That's part of the reason you got to keep his machine safe. Because millions of machines have been compromised. They have remote controllers on them. The owners of the machines just aren't aware of this because they're not paying any attention to security. And then they hire your machine now to use to attack a third party. They use your machine to mine for Bitcoin to make money for them. They use your machine to distribute kiddie porn, pictures and videos of Americans being beheaded. Okay, how many times we have to talk about this everybody? So these massive botnets were in turn commanded to create massive loads of network traffic and targeted websites and different types of services, which ultimately overload them and knock some offline.  Craig 9:27 Now, it seems according to The Register that these 15 denial-of-service groups were so prolific that simply taking them offline has caused a noticeable drop in global activity for the entire fourth quarter of 2018. We're talking about an estimate from the FBI of more than 300,000 attacks over the last five years from these guys. And Nexusguard is saying the number of attacks fell by 11%. And the size of each attack, which is the low directed at the target took a nosedive with the average rate dropping 85% and the maximum size down 24% from a year previous to that. So that's really good. The huge dip and attacks may not last, because it's so easy to set up a botnet because so many people haven't properly secured their computers, okay. And somebody else is going to come along and take over, fill in that void. There's going to be nude and distributed denial of services for higher services popping up. Craig 10:33 Many of these Internet of Things (IoT) devices are now being used for botnets. So you're smart light there on the factory floor that isn't properly secured, are not only being used to attack you and get the information from your servers. But they're also being used now too, to a direct these denial-of-service attacks. The number of these IoT devices that are used in the amplification attacks, which is a specific type, but they were up over 3,000% from last year and their accounting for more than half of all the taxing in the last quarter of 2018. So again, you know, we covered this in detail in the DIY cybersecurity, make sure you segment your network, if you have IoT devices, make sure they cannot get out of your network, except to the control nodes, the legitimate ones, right? Craig 11:34 The ones that are for the manufacturer to make sure they get security upgrades. And make sure you do the security updates, make sure they get the security updates, make sure it's all working. Because it's no longer you buy a light bulb from the local Home Depot store for a buck and plug it in. And you don't ever look at that light bulb again until it burns out. Craig 11:57 Now with the Internet of Things who the smart bulbs in the smart everything, you know, thermostats, any of this stuff, those smart devices now are your responsibility. It's just like a friend of mine, who we've been providing DNS services to for 20 years, probably 15, 20 years, well, more than 20 years. And he called us up he says, Hey, listen, why aren't you guys providing DNS for us anymore, you know, from my little network. And we were and we dug into it. And we found out guess what? Craig 12:32 His home address block that was assigned to him by in this case he has Comcast was used to access the dark web. Yeah, pretty big deal. Craig 12:50 And so now he's running around trying to figure out why now we have automatic systems in place that saw, wait a minute, the side dark web block. So all of our stuff worked perfectly. It was great. And that's how we protect our customer's websites. And that's how we set up the networks for all of our customers. Just automatic. If it's not automatic. It's not going to happen, right? So we had automatically blocked him now he's trying to figure out why what IoT device, what light switch whatever, went out to the dark web, and was being used as a tor exit point, even. It's crazy. It's crazy what's happening. So make sure you know what you're doing, find some good courses, whether they're mine or somebody else's, and understand how to do this. And I have free master classes that we're offering from time to time, make sure you're on my email list, http://CraigPeterson.com/subscribe. That way, you'll get my show notes, you'll also get some of the more urgent alerts that come out. And I'll let you know about the free master classes and other training that I'm doing. Okay. So http://CraigPeterson.com/subscribe, and keep listening to this radio show. Because I do get stuff out here. Although, you know, when you talk about master classes, they can go easily an hour, hour and a half or even longer, you know, the courses can take you six weeks to get through. But you know, stay up to date, do the right thing.  Craig 14:24 Now, let's talk about the number one problem that IT security professionals are looking at right now. 91%, this is according to Insider Threats, 91% of it and security professionals feel vulnerable to insider threats. And 75% believe the biggest risks lie in cloud applications like popular file storage, email solutions. You know, we talked about them before, they're worried about the Dropbox, Gmail, Google Drive, OneDrive. All of those things, right. So it is very, very concerning to IT professionals. And it's, you know, 91% of them being worried about the insider threats is huge. And that's why again, I have included in the DIY cybersecurity course, a whole set of policies and procedures that can go into the HR manuals as well as things that you should be doing in your business. Now BetterCloud surveyed nearly 500 IT network security professionals, and you can find this online. It's called The State of Insider Threats in the Digital Workspace 2019. So here are the key findings amongst again IT network security professionals, nearly all of them surveyed, 91%, feel vulnerable to insider threats. And that means things like people opening an email clicking on the wrong link, maybe doing something malicious because I got fired they got a bad review. Right. Those are all insider threats. 62% of them believe the biggest security threat comes from the well-meaning but negligent end user. That number fits in with other stats I've seen solids probably pretty legit. 75% believe the biggest risks lie in cloud storage and email solutions, which is really big. And I'm going to talk about an email security article here in a minute and about how the cybercriminals are changing their tactics. 46% of IT leaders which means, you know, the IT managers and above believe that the rise of software-as-a-service applications makes them the most vulnerable. And man, I'm seeing that all of the time, especially in regulated industries. And we're helping out some of these health care providers and legal and public companies. Man, they're using SaaS, software as a service. In other words, caught applications like that going on style, and they're not checking them. We've even done audits on restaurant chains, just small local chains, and found incredible liability that they're facing. 40% of them believe they're most vulnerable to exposure of confidential business information. That's financial information, customer list, personally identifiable information. And only 26% of C level executives say they've invested enough to mitigate the risk of insider threats, versus 44% of IT managers. Craig 17:31 So in other words, the C level executives are running around with blinders on. Kind of scary isn't it when you get right down to it. So let's get into the latest tactics that are being used by the cybercriminals to bypass email security. And I've got this article up again on http://CraigPeterson.com and this is from Industry News. And they're saying that cybercriminals are using brand impersonation now in 83% of spear phishing attacks. Now, remember, these types of phishing attacks against businesses called business email compromise is kind of a general term to cover most of them. 83% of the time, this is what's used, and it's already accounting for about a little more than $12 billion worth of stolen funds, not wasted time, not cost to recovery, right. $12 billion in stolen funds. In the last couple of years according to the FBI, on the worldwide statistics. It is huge. Craig 18:37 One in three of the spear phishing attacks is launched from Gmail accounts. Craig 18:47 20% of them occur on Tuesdays. About 20% on Wednesday, 20% on Thursday, and it drops off to 5% on the weekends, with the slightly lower numbers on Mondays and Fridays. So no big surprise there. I've had people contact me, just texting me, you know, my 855-385-5553 number about these extortion scams. I've gotten one or two of them myself. And I know you guys have gotten them because you've contacted me, you've texted me about it. And and I've gone back and forth to kind of explain what's going on. But still sextortion scams, these are a form of blackmail. And right now it's making up about 10% of all spear phishing attacks. And it's expected to increase even more because it is on an increasing line right now. And employees are also twice as likely to be the target of blackmail, than of a business email compromise. So, that's a change from last year. And this is from a report released by Barracuda and it's called Spearphishing Top Threats and Trends if you want to look it out. And they looked at about 360,000 spear phishing emails. Craig 20:08 So let's get some closer look here. Impersonating Microsoft is one of the more common techniques used by hackers to try and take over accounts, financial institutions. Impersonating nearly one in five attacks. Finance department employees are heavily targeted in obviously banks and other financial institutions as well. Majority of subject lines on sextortion emails contain some form of security alert attackers often include victims email address or password. Subject lines on more than 70% of the business email compromise attacks are trying to establish rapport, sense of urgency. Scammers are using name spoofing techniques, which they've used for years, changing the display name on Gmail and other employee accounts to make it look like it's coming from a company employee. So here's the top subject lines and number the two top 54% say security alert and 34% say change password. Okay. Very big deal. You'll see this article up on my website. And we'll have to try and do a master class on this one because I think this is important for people. I'm going to set these two aside and I'll let you know any anyone who's on my email list. I'll let you know about it. These are always free, will do a deeper dive into it. Craig 21:30 Make sure you subscribe http://CraigPeterson.com/subscribe if you haven't already. The US according to Forbes magazine has stepped up its tax collections here. And if you're selling software in the US, you've got a whole new problem coming your way, you know that we've had for a long time now, protection from the federal government saying the local authorities state and local cannot tax internet sales. And it has expanded a bit you've had massive companies like Amazon, who said yeah, we'll pay sales tax, state and local. And if you ask me, the reason they're doing that is to stomp the little guy into the ground. And the reason I say that is Amazon can deal with it. There are estimated to be over 9,000 different tax regulating entities in the United States. 9,000 of them. You have to comply with all of these 9000 across the board. How can you use a small business so that you can't, right? Amazon can. Well, there are going to be companies that are popping up there already are a few of them out there right now that are trying to take care of this problem for you where they'll collect all of the taxes. Craig 22:56 And what it is resulting in, however, is many businesses is saying listen with all the European Union rules. They've got their GAFA rules are cooking up right now> GAFA, gaffer standing for Google, Apple, Facebook, and Amazon tax. Craig 23:10 It's a kind of a VAT tax and supply, it's not supply driven. It's crazy. But there is a decision from the Supreme Court last year about a dispute between Wayfair now this is that online furniture company and the State of South Dakota and South Dakota wanted to collect taxes and Wayfair said no don't need to sell the Supreme Court overturned a law on not taxing companies with no physical presence in the taxing state. Because that legally is called legal nexus. So if you had operations in New Hampshire, you had to, well New Hampshire is a bad example, because we have no income tax. And we have no sales tax. Okay. But let's say you're in Massachusetts, which is a terrible state when it comes to taxes. You're in Massachusetts, if you sell something to someone in Mass., you have to click Mass. taxes. And if you sell something to someone in another state, you didn't necessarily have to collect the tax as well. Now you are going to. Any company selling online, this is more than just software companies, it's going to hit businesses across the board. And it's going to hit you hard. Craig 24:25 Okay. South Dakota, has rules that say if you have more than 200, individual sales, or more than a hundred thousand revenues, there are other states that say more than 100 sales, or 50,000 in revenue, some of them have 4.7%, some of them have as much as 13.5%, and the thresholds for spending in the state span from 100,000 and $500,000. And there might be 100 transactions a year it might be 500 and might be 2000 transactions a year. Whoa, okay. This is going to be a huge burden. 52 new tax codes on the individual states plus sir taxes that are introduced by counties, by cities, not just in the US, but 30 countries in Europe, along with Australia, Japan, South Africa, South Korea, Norway, India, the list just goes on and on. Hundreds of countries. More than a hundred out there. And US states have highlighted software in SaaS products as explicitly liable for sales tax. So remember too that we're talking about different taxes and different tax rates. You look in Massachusetts, they have a different tax rate for different types of IT services, they have different rates for software as a service in different categories, this is going to be a nightmare. So there's companies out there like Avalara and TaxJar that will outsource and take care of a lot of this stuff for you. Many companies are saying "forget about it." I know companies in Canada that are just pulling their hair out just dealing with Canadian tax codes. Craig 26:10 And many of them are just saying forget it, I'll just wait for the bill to come from the tax collector basically. So rather than charging you the appropriate sales tax, they fill out the state's forms that cross your fingers that they collected enough from you that they had enough in revenue to pay that state sales taxes. Craig 26:29 This is why the federal government passed a law saying no internet sales taxes because it will be a nightmare. Now, it is going to help local small businesses because now they're going to compete on a more even footing where they have to collect the sales tax. So do the bigger companies, right? And so to the people, even small guys who are selling online, and it's going to help companies like eBay and Amazon, where you just sell your product on one of those sites veil worry about all of the sales tax and collecting that. And they'll take their cut and just pass it back to you. So yeah, well, this is going to be big. It's in. You heard it here first. Thank you, Supreme Court. Craig 27:18 Anyhow, I hope you enjoyed today's show. You can read all of these articles plus the ones I missed today, including cloud adoption and what IT pros are concerned about. This 2019 state of enterprise cloud container adoption security that was published here recently, all of that in this morning's newsletter. If you didn't get it, make sure you get the future ones. http://CraigPeterson.com/subscribe, and I will keep you up to date and you can find out about this and, of course, a whole lot more. I have now thousands of articles I published up there my website, because we're over a thousand shows right now was this show 1001 weekly. Craig 28:02 This is week 1001, not show 1001. Man, that's a lot of the time on the air. Anyhow, thanks for listening. Make sure you subscribe, http://CraigPeterson.com/subscribe and have a great week. Talk to you next week. Bye-bye ---  Related articles: Windows 10 April 2019 Update Introduces a New Windows Update Policy Latest Tactics Used By Cybercriminals To Bypass Traditional Email Security Cloud Adoption On The Rise, It Pros Unsure Of Risk The US Has Stepped Up Its Tax Game. You Will Want To Read This If You’re Selling Online Most IT And Security Professionals Feel Vulnerable To Insider Threats Silence Of The Wans: FBI DDoS-For-Hire Takedowns Slash Web Flood Attacks ‘By 11%’ --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

How can you quickly tune up your computer security? Dan Raywood – Contributing Editor at Infosecurity Magazine shares his wisdom with us. If you’re interested in an open source password manager, I’m happy to personally recommend BitWarden

It's another It's a Security Thing Thursday. Craig talked about why businesses feel vulnerable to security attacks and what they can do about it. These and more tech tips, news, and updates visit - CraigPeterson.com --- Related Articles  --- Below is a rush transcript of this segment, it might contain errors. Airing date: 02/28/2019 Why Business Feels Vulnerable To Security Attacks Craig Peterson 0:00 Hey everybody. Craig Peterson here. This is a little bit of a Security Thing today and it's all about two thirds of businesses. What are they thinking? You know, I've got a new section on my website at http://CraigPeterson.com that is all about security breaches and why they occurred. And I think it's really important for people to understand what's really happening out there. So that's why we're doing it. My wife and I've been putting a lot of work into that. But one of the articles that we have up there right now is from Infosecurity Magazine, and it's talking about how to in three, that's two thirds of organizations say that they are not convinced that they can avoid a breach. Now to me, that's a very big deal. I just don't get it. This was a Parliament Institute survey that was done of 600 cyber security leaders and professionals in these organizations. Now these people were people who are responsible for evaluating, selecting or implementing security solutions. And those are the only people who are supposed to take part in the survey. So it should be a pretty legitimate survey when it comes to understanding are these companies really positive about the outlooks or negative about the outlooks? Now I can tell you that the software we use for our bigger clients is designed to be really is designed to be 100% safe, and it's better than 99.9% safe statistically after billions of attempts to hack it. Quite literally billions. It never been never been broken through. So I know personally that there are ways to make sure that you aren't broken into. But here we go with these numbers. This is a quote right from the article vulnerability management particularly those vulnerabilities and unseen or unpatched systems is an issue for many organizations was 69% of respondents identify and delayed patching is an issue. 63% admitting they are not able to respond to alert. Now I have seen both of these as real big problems and they may be problems for you too because delayed patching is a problem in some areas of the business more than it is in other areas of the business so for instance if you have a really good next generation firewall like what, again I keep coming back to what we're using right, but there's Cisco their Firepower firewall family ties in with their switches, ties in with the software on your computers to help make it so that if something does happen, it recognizes almost instantly. So what they're talking about, really here are zero day attacks. In other words, attacks have never been seen before, all the way through attacks that maybe have been out there for six months like Equifax and they got hacked because they didn't patch and that's a real problem. It's a real problem and patching organizations don't do because it can mess things up. So let's say that you're a small organization. And if you're a small organization, you are probably running a website, but you're probably not doing it yourself. You probably didn't write the software for your website from scratch. Most likely you're using WordPress, or maybe Drupal which has turned into be quite the security nightmare. But let's say you're using Wordpress. How much patching do you need to do nowadays WordPress will patch itself and there are plugins you can put into WordPress that will not only make sure the core WordPress is up to date, but all of your modules, all of the things that you've installed in WordPress, all these plugins, it'll make sure they're all up to date as well. And it does it all automatically. So rule one, make sure those are in place. And just this week it was Monday night, I guess. I don't know it was over the weekend. That's what it was. We started getting alarms from our Firepower systems telling us that we were under attack and they were trying to use some vulnerabilities in some of the common software that used on the web. And it was the software that's typically used by bigger companies. It was some middleware attacks that were underway and it recognized them, it stopped them.  In fact this week no I think you but it's been a bad week for a tad attacks. We stopped a one of our customers. It's a fairly small company that is a very small company. But we have this technology in place for them because they are concerned about about breaches. And for some reason, over the weekend, when people are usually not there, because part of what we do is monitor when they're working, what are they doing when they're working? And what's abnormal? Well, we saw some abnormal stuff happening. And it was very abnormal stuff because they were sending files to a public file sharing service over on Google. And so again, automated systems took over and it was stopped almost instantly, which is again a very big deal a very good deal very positive thing. So we're meeting with them today to talk about what happened, the incident and how it was responded to and who was trying to breach what, you know, how did this happen? How could this happen? And it kind of smells like it was probably an insider who was just doing something that, you know, hopefully not malicious because many times your insiders will try and steal customer lists or plans or diagrams and other things and share them with someone else. And as part of that sharing, of course, they get a little remuneration right? They get a few bucks sent their way so that might have been what happened and and the reason we didn't meet with them right away is one they the CEO was very busy this week and two, we stopped it. So what's with these two thirds of companies that think they can't stop it? Well, they probably have an antivirus mentality because antivirus does not work anymore. You need a much more integrated, much larger response mechanism in place and needs to be completely automated in order to really stop the bad guys nowadays. But secondly I have to feel for them because you have an additional problem. And that is if you wrote the software for your business. In other words, a company like Equifax has huge department with programmers and analysts and stuff. So they write their software, they have to maintain it. So let's say they're using Apache Struts. And there is an Apache Struts attack, which is what actually happened to us this weekend. Now, in our case, it was stopped. But in many cases, it just won't be stopped. And it can't be stopped because they don't have the right stuff in place. So there's a Struts to attack because they haven't patch well why didn't they patch because they have to test their whole system. An integrated test, right? And that integrated test has to look at every component try it all tested all so it might take six months to do a patch because you can't just throw it in place. So an organization like that where you are writing your own software, I would highly advise you have one of these fully integrated systems like what we have in place for many of our clients now. So that's what I wanted to point out. Two thirds of businesses think that they just can't avoid a breach. In fact, you can avoid a breach, it doesn't matter the size of the organization. And if your people are telling you, you can't avoid a breach, they are wrong. Okay, they either don't know what they're talking about. Or they're being way, way, way, way too honest. Because there's always a chance that there is a breach or potential breach. But based on the responses from these guys where they're saying that the obstacles are really the mitigation and patching mitigation. You can take care of patching, you can kind of take care of but you can mitigate all of these risks by using the right kinds of systems. So anyways, that's a little bit of a security thing for today. I'm a little disappointed to see this come out I'm glad Kacy Zurkus wrote this article you'll find her on on Twitter as well as LinkedIn and the articles up on my website at http://CraigPeterson.com. You'll also find it over at Infosecurity Magazine. Take care. We'll talk to you a little bit later. --- More stories and tech updates at: www.craigpeterson.com Don't miss an episode from Craig. Subscribe and give us a rating: www.craigpeterson.com/itunes Message Input: Message #techtalk Follow me on Twitter for the latest in tech at: www.twitter.com/craigpeterson For questions, call or text: 855-385-5553

Star guest Dan Raywood of Infosecurity Magazine joins Becky and Vic to discuss potential cybersecurity trends for 2019, and whether we should be predicting at all.

Dan Raywood is the contributing editor of Infosecurity Magazine. He has written about IT security since 2008, having spent five years as news editor of SC Magazine, 20 months as Editor of IT Security Guru and six months as an Analyst in the Information Security Practice at 451 Research. He has spoken at 44CON, SecuriTay, SteelCon and Infosecurity Europe, as well as writing for a number of vendor blogs and presenting on webcasts. Key points: - To get ahead, you need mentors; - Hiring is key as you will hire the people to enable the technologies to work; - Accepting cybersecurity risk for the business is a huge step forwards Key minutes: 1:40 - Why Dan got into journalism 6:00 - Starting in information security 8:45 - Connections over knowledge 10:00 - Breaking big news in Cyber Security 15:00 - State of Cyber Security 17:00 - Trends in Cyber Security 20:00 - GDPR 23:45 - Predictions for Cyber Security 29:40 - How do we improve the state of security? 30:30 - Next big topic in cyber security 32:20 - Objectives of a journalist 33:30 - Top ten questions You can view the report here: https://www.infosecurityeurope.com/__novadocuments/484123?v=636650221535700000 You can reach InfoSec at: https://www.infosecurityeurope.com/about/ Their new North American conference: https://www.infosecuritynorthamerica.com/ Find Dan Raywood's work at: https://www.infosecurity-magazine.com/profile/dan-raywood-1/ Follow us: Twitter: @zero_hourpod Instagram: @zerohourexperience Website: www.karlsharman.com This podcast is sponsored by: BeecherMadden - www.beechermadden.com Cyber Security Professionals - www.cybersecurity-professionals.com

"Privacy is an inate right of every human being in the world. It's not something we're going to give away." Mark Weinstein is the Founder and CEO of MeWe, the Next-Gen Social Network known as the "anti-Facebook." Mark is world renown as a leading privacy advocate and one of the visionary inventors of social networking. He is ranked one of the "Top 8 Minds in Online Privacy," and was named “Privacy by Design Ambassador” by The Information and Privacy Commissioner of Ontario, Canada.  Mark's articles about privacy and social media have appeared in The Mirror (UK), HuffPo, USA Today, InfoSecurity Magazine, Dark Reading, The Nation, and many others. He’s often quoted on MarketWatch and has appeared on PBS, FOX News, and CNN. Mark has been a featured speaker and social media/privacy expert on the stage at many conferences around the globe, most recently at EY’s Strategic Growth Forum and at the KNOW Identity Conference. He has also spoken at the 16th Annual Privacy and Security Conference, Global Security Conference, GMIC New York, Security BSides Vancouver, and at Customer Experience Asia. Mark received his BA from the University of California, Santa Cruz; and his MBA from the Anderson School of Management at UCLA. He resides in Los Angeles. Mark joined me from L.A. and we talked about Facebook being a data company and not a social network, helping your kids navigate through the social media minefield, taking the road less travelled... and learning to forgive yourself. Let's StartUp!

Dan Raywood is the Contributing Editor for Infosecurity Magazine. He was a journalist covering IT and information security for five years from 2008 to 2013 for SC Magazine, and between September 2013 and April 2015 he was the relaunch editor of IT Security Guru where he interviewed CISOs, users and vendors from across the world.  Having spent six months as a security industry analyst for 451 Research, he is currently the contributing editor of the industry's most read magazine and website Infosecurity Magazine, heading up the audio channel, twice-annual Virtual Conference and contributed content. Dan on LinkedIn - Dan Raywood Dan on Twitter - @DanRaywood Infosecurity Magazine Website - Infosecurity Magazine Don't forget, to get in touch with me either try the contact page of the site or follow me on Twitter, where I can be found at @Jenny_Radcliffe SaveSave

Essential Retail sits down with sister publication Infosecurity Magazine to discuss how retailers can mitigate against cyber security attacks. Got something you want to tell us about the Podcast? Want to join us? You can get in touch on Twitter via twitter.com/essretail, or directly with Caroline at twitter.com/cl_baldwin