Podcasts about infrastructure security agency cisa

How exposed is your trucking operation to cybercrime right now, and are you relying too much on trust and automation? Listen to our guest today, Artie Crawford of NMFTA, breaking down the real cybersecurity threats facing transportation. The biggest takeaway is simple: no fleet, broker, or carrier is too small to be targeted! We discuss how AI-driven cyber fraud, business email compromise, and fake load schemes are hitting trucking companies hard, why small companies are often the most vulnerable, and how multi-person verification, cybersecurity training, and multi-factor authentication can dramatically reduce risk! 2026 NMFTA Cybersecurity Trends Report: https://bit.ly/4oYPTds   About Artie Crawford Artie Crawford, CISSP, CISM, is the Director of Cybersecurity at the National Motor Freight Traffic Association, Inc. (NMFTA)™. Artie is a seasoned professional with extensive experience in cybersecurity strategy and deep technical expertise in addressing complex cybersecurity challenges. He possesses a thorough understanding of the tools, techniques, procedures, and attack vectors employed by cyber adversaries. Artie has a proven track record of providing strategic guidance, collaboration, and engineering support to a wide range of organizations, including state and local governments, educational institutions, intelligence agencies, transportation authorities, and the Department of Defense, all in support of their cybersecurity missions. Throughout his distinguished career, Artie has held pivotal roles at organizations such as the Cybersecurity & Infrastructure Security Agency (CISA), Microsoft, MITRE, and others. His work has been centered on developing advanced techniques and tools for real-world operations. A 27-year veteran of the U.S. Marine Corps, Artie retired in 2011 as the Cybersecurity Chief of the Marine Corps, where he served as the Senior Technical Advisor to the CIO and Director of C4.  

One of the most important cybersecurity laws in the country quietly expired last October with no sign of reauthorization on the horizon. Instead, the conflation between the 2015 Cybersecurity Information Sharing Act and the Cybersecurity and Infrastructure Security Agency has led to a political standstill that will only have negative impacts on American cybersecurity. What implications will not reauthorizing CISA 2015 have on national security? And how much risk are we taking on by letting protections for information sharing between the private sector and the government lapse?In this episode, Shane Tews is joined by Caitlin Clarke, Cristin Flynn Goodwin, and James Andrew Lewis. In this conversation, they unpack how confusion between the 2015 information-sharing law and the Cybersecurity and Infrastructure Security Agency (CISA) makes Americans vulnerable to foreign cyberattacks, how rescinded liability and FOIA protections are already slowing down cyber defense, and why speed matters more than ever as AI accelerates malicious actors.

The U.S. is facing a surge in advanced threats from nation-state actors like China and Russia, who are increasingly probing critical infrastructure vulnerabilities. David Travers, director of the Environmental Protection Agency's (EPA) Office of Water Emergency Response and Cybersecurity, noted how escalating risks to the nation's water sector has shifted over his 30-year career, how adversaries are leveraging emerging technologies like AI to improve attacks and how the agency is adapting. He also detailed how partnerships with Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are improving incident reporting, plans for a new $9 million water system resilience grant and the top cybersecurity initiatives shaping 2026.

Artificial Intelligence and Machine Learning in Human Resources: A Concise Guide by Dr. C. Rasmussen https://www.amazon.com/Artificial-Intelligence-Machine-Learning-Resources/dp/B0FWZQXHMG Curtisrasmussen.focalpointcoaching.com What if a computer could help find the perfect employee or predict who might leave a job? This exciting idea opens the door to a new way of working. Overview This guide explains how artificial intelligence (AI) and machine learning (ML) are transforming human resources (HR). Smart computer programs can quickly review thousands of job applications to find the best candidates, suggest training tailored to employees’ needs, and predict which workers might quit, helping managers take action to keep them. The book includes real-world examples, like how large companies use AI to save time, and covers benefits, such as improved hiring, as well as key concerns, like protecting personal information. At just 61 pages, it's concise by design, following Richard Feynman's wisdom: “If you can’t explain something simply, you don’t understand it well enough.” More pages don't equal more value; in fact, lengthy texts can bury useful insights. Since every organization is unique, this book equips HR professionals and managers with the right questions to ask rather than a rigid roadmap, making it a practical tool for anyone curious about the future of work. About the author Dr. Curtis “Curt” Rasmussen is a leading expert in industrial-organizational psychology with a Ph.D. from Walden University. He specializes in blending human skills with artificial intelligence (AI) and machine learning (ML) to make workplaces better and more efficient. With years of experience in research, consulting, and government roles, he helps businesses use data and tech wisely. His career highlights include owning Cyber-Human Performance Tech, LLC, where he advises small and mid-sized companies on adding AI to hiring and daily tasks while keeping things ethical. He also guides students in George Mason University’s Data Engineering program, focusing on AI tools like natural language processing and computer vision. At the Cybersecurity and Infrastructure Security Agency (CISA), he led workforce planning as a senior I/O psychologist, creating surveys and frameworks that improved employee satisfaction by 45% and helped with smarter hiring. Earlier, he reviewed AI and data science proposals for the Department of Commerce, National Academy of Medicine, and the Office of the Director of National Intelligence, making sure projects were strong and fair. Dr. Rasmussen has invented patent-pending tools like the Multidimensional Algorithm Structure (MAS), which picks the best AI methods by checking data and company needs, and the eXplainable Artificial Intelligence Construct (XAIC), which makes AI easy to understand and trust by involving people in decisions. These ideas help fix common AI problems, like failures or hidden biases.

Nick Kartsioukas joined us to talk about security in embedded systems.  Common Vulnerabilities and Exposures (CVE) is the primary database to check your software libraries, tools, and OSs: cve.org. Open Worldwide Application Security Project (OWASP, owasp.org) has information on how to improve security in all kinds of applications, including embedded application security. There are also cheatsheets, Nick particularly recommends Software Supply Chain Security - OWASP Cheat Sheet.  Wait, what is supply chain security? Nick suggested a nice article on github.com: it is about your code and tools including firmware update, a common weak point in embedded device security. Want to try out some security work? There are capture the flag (CTF) challenges including the Microcorruption CTF (microcorruption.com) which is embedded security related. We also talked about the SANS Holiday Hack Challenge (also see Prior SANS Holiday Hack Challenges). This episode is brought to you by  RunSafe Security. Working with C or C++ in your embedded projects? RunSafe Security helps you build safer, more resilient devices with build-time SBOM generation, vulnerability identification, and patented code hardening. Their Load-time Function Randomization stops the exploit of memory-based attacks, something we all know is much needed. Learn more at RunSafeSecurity.com/embeddedfm. Some other sites that have good information embedded security: This World Of Ours by James Mickens is an easy read about threat modelling Cybersecurity and Infrastructure Security Agency (CISA) is at cisa.gov and, among other things, they describe SBOMs in great detail National Institute of Standards and Technology (NIST) also provides guidance: Internet of Things (IoT) | NIST  NIST Cybersecurity for IoT Program  NIST SP800-213 IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements There is a group of universities and organizations doing research into embedded security: National Science Foundation Center for Hardware and Embedded Systems Security and Trust (CHEST). Descriptive overview and the site is nsfchest.org European Telecommunications Standards Institute (ETSI) - Consumer IoT Security Camera Ubiquiti configuration issue (what not to do) Finally, Nick mentioned Stop The Bleed which provides training on how you can control bleeding, a leading cause of death. They even have a podcast (and we know you like those). Elecia followed up with Community Emergency Response Teams (CERT). Call your local fire department and ask about training near you! Transcript

The United States, United Kingdom, and Australia have imposed sanctions on the Russian hosting provider MediaLand due to its facilitation of ransomware operations. MediaLand has been linked to various cybercrime activities, including support for groups like LockBit and BlackSuit, and has been identified as a provider for cybercrime marketplaces. The sanctions freeze assets within the U.S., U.K., and Australia and expose individuals engaging in transactions with MediaLand to potential enforcement actions. This shift towards a more offensive cybersecurity strategy, as articulated by National Cyber Director Sean Caroncross, aims to impose costs on adversaries targeting U.S. critical infrastructure, reflecting a recognition that current defensive measures are insufficient.In a related initiative, a coalition of chief security officers and former officials from the Cybersecurity and Infrastructure Security Agency (CISA) has launched a campaign to combat misleading cybersecurity advice, often referred to as "hack lore." This effort emphasizes practical measures such as patching, using strong passwords, and enabling multi-factor authentication, while debunking outdated myths that distract from real threats. The coalition's focus on evidence-based guidance aims to realign cybersecurity practices with effective strategies, which is particularly relevant during high-traffic shopping seasons.Additionally, Vectra AI has introduced the Vectra AI Shield for Microsoft, designed to enhance security across Microsoft environments. This solution addresses visibility gaps in existing Microsoft security tools, particularly concerning identity-based attacks. As identity becomes a focal point for cyber threats, the demand for platforms that simplify security management within the Microsoft ecosystem is increasing. This trend underscores the need for IT providers to adapt their security strategies to include comprehensive identity detection and management.For Managed Service Providers (MSPs) and IT leaders, these developments signal a critical shift in the cybersecurity landscape. The emphasis on government intervention and offensive strategies indicates that MSPs must prepare for increased reporting requirements and a focus on governance rather than solely on tools. By aligning with evidence-based practices and enhancing their understanding of identity security, MSPs can position themselves as trusted advisors, helping clients navigate the evolving cybersecurity landscape effectively. Four things to know today 00:00 Sanctions Hit a Russian Hoster While the U.S. Says It's Time for a More Aggressive Cyber Approach04:58 Security Leaders Call Out “Hacklore” — and Say It's Time to Drop Myths That Don't Stop Attacks07:31 A New Identity Security Tool Hits Microsoft's Ecosystem, and It Shows Where MSSPs Are Struggling Most09:44 NinjaOne Rolls Out MSP NXT — but MSPs Are Asking for Fewer Big Shows, Not More This is the Business of Tech.     Supported by:  https://try.auvik.com/dave-switchhttps://getflexpoint.com/msp-radio/

So far in 2025, enterprises have faced a surge in sophisticated cyberattacks — with ransomware, data breaches, and social engineering attacks dominating the threat landscape. AI is playing an increasing role in attacks. Almost 9 in 10 global organizations (87%) faced an AI-powered cyber attack in the last year. Recent cuts in funding for the Cybersecurity and Infrastructure Security Agency (CISA) may add to the cyber risks that enterprises face. Blog Post: https://www.nutanix.com/blog/engineered-differently-built-in-security-across-platform-data-network-and-apps#Host: Phil Sellers, XenTegraCo-Host: Jirah Cox, NutanixCo-Host: Andy Greene, XenTegraCo-Host: Chris Calhoun, XenTegra

Drawing from his extensive government and private sector experience, Jeff Greene, former Assistant Executive Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), former Chief of Cyber Response and Policy on the National Security Council, Distinguished Fellow at the Aspen Institute and Founder of Salty Coffee Consulting, explored how public-private partnerships strengthen critical infrastructure protection, highlighted emerging threat actors, discussed the latest cybercrime tactics and shared practical strategies businesses can implement to enhance their cyber resilience. Check out the conversation to gain actionable insights from a seasoned expert who has helped shape national cybersecurity policy and learn how to better protect your organization in an increasingly complex digital environment.Watch the original Wednesdays with Woodward® webinar: https://institute.travelers.com/webinar-series/symposia-series/global-cyber-resilience.  ---Visit the Travelers Institute® website: http://travelersinstitute.org/.Join the Travelers Institute® email list: https://travl.rs/488XJZM.Subscribe to the Travelers Institute® Podcast newsletter on LinkedIn: https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7328774828839100417.Connect with Travelers Institute® President Joan Woodward on LinkedIn: https://www.linkedin.com/in/joan-kois-woodward/.

U.S. federal cybersecurity policy has regressed by approximately 13%, according to a report from the Cyberspace Solarium Commission 2.0. This decline is attributed to budget cuts and workforce reductions at key agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the State Department's Cyber Diplomacy Staff. The report indicates that nearly a quarter of previously implemented recommendations have lost their status, which raises concerns about the nation's ability to effectively address rising cyber threats. Mark Montgomery, a former Navy Rear Admiral, emphasized that these cuts hinder the agency's effectiveness, calling for the restoration of funding and personnel to strengthen national cyber defenses.In addition to the decline in federal cybersecurity readiness, AI-generated code is now responsible for one in five security breaches, as reported by Aikido. The study found that AI coding tools account for 24% of production code, with 43% of U.S. organizations reporting serious incidents linked to AI-related flaws. Interestingly, the report also noted that increasing the number of security tools does not necessarily enhance safety; organizations using six to nine tools experienced a 90% incident rate, compared to 64% for those with one or two tools. Despite these challenges, 96% of industry professionals remain optimistic that AI will eventually produce secure and reliable code.The episode also highlights the impact of generative AI on IT service management, revealing that organizations utilizing this technology have reduced incident resolution times by nearly 18%. A report from SolarWinds indicated that the average resolution time decreased from 27.42 hours to 22.55 hours after implementing generative AI. Furthermore, a survey by Accenture found that 19% of office workers admitted to entering sensitive business information into free, unsecured AI tools, underscoring significant gaps in cybersecurity awareness and training.For Managed Service Providers (MSPs) and IT service leaders, these developments signal a pressing need for improved governance and training regarding AI usage. The findings suggest that organizations should focus on reducing tool sprawl and enhancing employee education on cybersecurity responsibilities. As small business optimism declines amid rising inflation and supply chain issues, MSPs should position themselves as stability partners, helping clients navigate these challenges rather than pushing the latest technology trends. The evolving landscape of cybersecurity threats, particularly those involving AI and automation, necessitates a proactive approach to risk management and incident response. Three things to know today 00:00 U.S. Cyber Defenses Slide as AI Code Risks Rise and Governance Gaps Widen05:41 Inflation, Uncertainty, and Automation Push Small Firms Toward Caution and Cost Control09:23 From Prompt Injections to Hidden Malware, Cyber Attacks Are Shifting Toward Stealth and Precision This is the Business of Tech.     Supported by:  https://saasalerts.com/platform-overview-for-msps/?utm_source=mspradio 

In this episode, host Mike Shanley sits down with Steve Harris, Vice President for Defense and Intelligence at the Professional Services Council (PSC). Drawing on his decades of experience in government, including at the Defense Security Cooperation Agency, Steve shares insights on how PSC bridges industry and government to strengthen the defense industrial base. They discuss: How associations like PSC help government and industry collaborate effectively Why acquisition reform, industrial base capacity, and AI-energy alignment are top priorities for 2025 What attendees can expect at PSC's 7th Annual Defense Conference on October 30th, including featured speakers and panel highlights Practical advice for how government and industry leaders can make the most of conferences and build meaningful connections Whether you're a government professional, a large defense prime, or a small business entering the federal market, this episode offers practical perspective on how PSC drives engagement, advocacy, and insight across the defense sector. RESOURCES: PSC Defense Conference - Registration Link: https://defense.pscouncil.org/ PSC Defense Conference - Link to Sponsors: https://defense.pscouncil.org/sponsors Learn more about PSC: https://www.pscouncil.org/psc PSC Vision Conference - December 1 -3, 2025: https://vision.pscouncil.org/ Connect with Steve Harris on LinkedIn: / steve-harris-vp   Connect with Mike Shanley on LinkedIn:  / gov-market-growth   BIO: Steve Harris, Vice President of Defense and Intelligence, PSC Steve Harris became Vice President for Defense and Intelligence at the Professional Services Council (PSC) on June 9, 2025. He brings more than 28 years of federal service, including positions at the Department of Homeland Security (DHS) and the Department of Defense (DoD), along with extensive expertise in interagency collaboration, public-private partnerships, international policy, and acquisition. Before joining PSC, Harris was a member of the Senior Executive Service (SES) and served as the Deputy Executive Assistant Director for Infrastructure Security at the Cybersecurity and Infrastructure Security Agency (CISA). In this capacity, he led CISA's efforts to secure the nation's critical infrastructure in partnership with government and private-sector stakeholders. He also held several other senior roles at CISA and its predecessor organization, including Acting Executive Assistant Director for Infrastructure Security, Acting Deputy Director for CISA, Acting Assistant Secretary for the National Protection and Programs Directorate's (NPPD) Office of Infrastructure Protection, and Deputy Director of NPPD's Office of Cyber and Infrastructure Analysis. Earlier in his career, Harris held various positions within the Department of Defense. He served as Deputy for Policy at the Defense Security Cooperation Agency (DSCA) in the Office of the Secretary of Defense, where he developed and implemented international policy for Foreign Military Sales and security cooperation programs. He also held contracting and acquisition roles at the Naval Air Systems Command and the Navy International Programs Office. Harris has received numerous awards for his public service, including the Presidential Rank Award – Meritorious Executive, the DHS Secretary's Silver Medal for Meritorious Service, and the Office of the Secretary of Defense Medal for Exceptional Civilian Service. He holds a Master of Science in Management/Contract Management from the Florida Institute of Technology and a Bachelor of Arts from St. Mary's College of Maryland. LEARN MORE: Thank you for tuning into this episode of the GovDiscovery AI Podcast with Mike Shanley. You can learn more about working with the U.S. Government by visiting our homepage: Konektid International and GovDiscovery AI. To connect with our team directly, message the host Mike Shanley on LinkedIn.  https://www.govdiscoveryai.com/ https://www.konektid.com/

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive for federal agencies to update their F5 products following a significant breach where hackers accessed source code and undisclosed vulnerabilities. This incident, discovered in August, poses a serious risk to federal networks, as the threat actor could exploit these vulnerabilities to gain unauthorized access and exfiltrate sensitive data. Agencies are required to apply the latest updates by October 22nd and report their F5 deployments by October 29th, highlighting the urgency of addressing these security concerns.In a related development, the National Institute of Standards and Technology (NIST) is encouraging federal agencies to take calculated risks with artificial intelligence (AI) under new federal guidance. Martin Stanley, an AI and cybersecurity researcher, emphasized the importance of risk management in AI deployment, particularly in comparison to more established sectors like financial services. As agencies adapt to this guidance, they must identify high-impact AI applications that require thorough risk management to ensure both innovation and safety.A report from Cork Protection underscores the need for small and medium-sized businesses (SMBs) to adopt a security-first approach in light of evolving cyber threats. Many SMBs remain complacent, mistakenly believing they are not targets for cybercriminals. The report warns that this mindset, combined with the rising financial risks associated with breaches, necessitates a shift towards a security-centric operational model. The cybersecurity services market is projected to grow significantly, presenting opportunities for IT service providers that prioritize security.Apple has announced a substantial increase in its bug bounty program, now offering up to $5 million for critical vulnerabilities. This move reflects the growing importance of addressing security challenges within its ecosystem, which includes over 2.35 billion active devices. The company has previously awarded millions to security researchers, emphasizing its commitment to user privacy and security. As the landscape of cybersecurity evolves, managed service providers (MSPs) are urged to tighten vendor monitoring, incorporate AI risk assessments, and focus on continuous assurance to meet the increasing demands for security. Three things to know today00:00 Cybersecurity Crossroads: F5 Breach, AI Risk, and Apple's $5M Bug Bounty Signal Security Accountability06:44 Nearly a Third of MSPs Admit to Preventable Microsoft 365 Data Loss, Syncro Survey Finds09:22 AI Reality Check: Workers' Overconfidence, Cheaper Models, and Microsoft's Scientific Breakthrough Signal Maturity in the Market This is the Business of Tech.     Supported by:  https://mailprotector.com/mspradio/ 

AI is revolutionizing IT service management, significantly enhancing productivity and operational efficiency. A recent report indicates that AI has reduced ticket resolution times by an impressive 76%, allowing IT teams to focus on more complex issues. However, the rapid adoption of generative AI, particularly in high-stakes areas like mergers and acquisitions, raises serious concerns about data security, with a significant percentage of businesses expressing worries over data quality and ethical considerations. The prevalence of unapproved AI tools among employees further complicates governance, as many are using these tools without oversight, highlighting the need for managed AI governance.California has taken a pioneering step in regulating AI by passing a landmark bill that mandates safety protocols for chatbot operators. This legislation aims to protect vulnerable users, particularly children, by requiring age verification and safety measures related to suicidal thoughts. The law, which will take effect in January 2026, reflects a growing trend toward AI regulation, emphasizing the importance of safety in technology. Meanwhile, the Federal Communications Commission is considering changes that could allow internet service providers to hide fees again, which could impact transparency for consumers.The Cybersecurity and Infrastructure Security Agency (CISA) is facing challenges as layoffs affect key divisions responsible for national security and infrastructure. These layoffs come at a time when the private sector is increasingly responsible for cybersecurity, especially amid rising AI-driven threats. The reduction in federal coordination raises concerns about the ability to effectively manage these threats, placing more pressure on managed service providers (MSPs) to ensure security and compliance for their clients.Microsoft has announced the end of support for Windows 10, prompting a critical need for MSPs to reassess endpoint security and upgrade strategies. With a significant portion of users still on Windows 10, the lack of ongoing updates poses a risk for vulnerabilities. This transition presents an opportunity for MSPs to not only push for upgrades but also to enhance security policies and prepare clients for future technological advancements, including AI integration. The evolving landscape of technology and regulation underscores the necessity for MSPs to adapt and provide comprehensive governance and security solutions. Four things to know today00:00 AI Is Working — and Breaking Rules: Efficiency Soars, But Governance Falls Behind 04:10 AI Regulation Splinters: California Targets Chatbots, FCC Eyes Fee Rollbacks, and CISA Cuts Staff07:52 The AI Assistant Race Escalates — Copilot, Slackbot, and Salesforce All Target Your Inbox and Workflow11:12 Windows 10 Support Ends — Microsoft's Upgrade Glitch, Paid Extensions, and Opportunity for MSPsThis is the Business of Tech.   Supported by:  https://saasalerts.com/mspradio/ 

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

There’s an abundance of vulnerabilities in this week’s Network Break. We start with a red alert on a cluster of Cisco vulnerabilities in its firewall and threat defense products. On the news front, the vulnerability spotlight stays on Cisco as the US Cybersecurity and Infrastructure Security Agency (CISA) issues an emergency directive to all federal... Read more »

The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant criticism from state and local officials who feel abandoned due to diminishing federal support for critical cybersecurity programs. Many officials are concerned about their increasing reliance on self-driven initiatives, especially after cuts to the Multi-State Information Sharing and Analysis Center, which has been a crucial source of cybersecurity intelligence for over two decades. A recent survey revealed that a substantial portion of state and local governments lack adequate funding for cybersecurity, with 22% allocating no funds and 42% operating with annual budgets of less than $100,000. This situation raises alarms about the potential for increased vulnerability to cyberattacks, particularly from nation-state actors.In response to the evolving landscape of artificial intelligence, the National Institute of Standards and Technology (NIST) is developing new security guidance aimed at addressing the associated risks. This initiative will clarify how AI interacts with cybersecurity, focusing on securing AI systems, the adversarial use of AI, and leveraging AI to enhance cybersecurity measures. Additionally, a bipartisan bill known as the Validation and Evaluation for Trustworthy Artificial Intelligence Act has been reintroduced in the Senate, aiming to establish guidelines for the responsible development and testing of AI systems. House appropriators are also proposing a significant funding increase for NIST, reflecting a commitment to bolster cybersecurity and innovation.The Federal Risk Management and Authorization Program (FedRAMP) has made strides in streamlining the approval process for government cloud services, achieving a significant reduction in wait times from over a year to approximately five weeks. This shift is part of a broader trend toward more efficient cloud authorization processes, with FedRAMP already approving more than twice as many services in fiscal year 2025 compared to the previous year. This development presents an opportunity for businesses to leverage FedRAMP-authorized stacks for government-related buyers and to build migration strategies accordingly.OpenAI has recently updated its ChatGPT platform, introducing new models and third-party tool connectors while facing scrutiny over the performance and security of its latest model, GPT-5. Despite the introduction of various user-focused options, security assessments have revealed significant vulnerabilities in GPT-5, prompting concerns about its safety and reliability. As companies like ConnectWise implement new credit card surcharges and adjust their workforce in response to market demands, the overarching theme emphasizes the need for operational discipline and strategic planning in navigating the evolving technology landscape. Four things to know today 00:00 Shrinking Cyber Budgets, Emerging AI Rules, and Streamlined FedRAMP Signal Shifts for IT Providers06:43 From Security to SaaS Management, Vendors Roll Out Agentic Features for IT Service Providers10:25 OpenAI Expands GPT-5 Options, Adds Connectors, but Faces Early Security Backlash13:41 ConnectWise Adds Credit Card Surcharges, Trims Staff in Strategic Realignment  Supported by:  https://syncromsp.com/   Tell us about a newsletter!https://bit.ly/biztechnewsletter  All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.More than 90 state and local government organizations have been targeted in a recent wave of cyberattacks exploiting a vulnerability in Microsoft SharePoint, according to the Center for Internet Security (CIS).Traditional cyber attack methodologies - exploiting endpoints, moving laterally, escalating privileges - are increasingly outdated as enterprise IT shifts toward SaaS and browser-based access.The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533 - a high-severity Cross-Site Request Forgery (CSRF) vulnerability in PaperCut NG/MF print management software - to its Known Exploited Vulnerabilities (KEV) catalog.Researchers at Nozomi Networks have disclosed over a dozen security flaws in Tridium's Niagara Framework, a vendor-agnostic building management platform used in sectors ranging from industrial automation to energy and smart infrastructure.Between April 2024 and April 2025, ransomware attacks on the oil and gas industry increased by an unprecedented 935%, according to new research from cybersecurity firm Zscaler.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform.This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io.

In this episode, the host Jim Love discusses the increasing sophistication of supply chain attacks, starting with an account of a blockchain developer who lost $500,000 due to a malicious extension in a popular AI-powered coding tool. The episode also covers a significant cyber emergency in St. Paul, Minnesota, which required National Guard support, and the City's struggle to comprehend the full scope of the hack. Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has released a new eviction strategies tool to help cybersecurity teams remove persistent threats. The episode concludes with an update on the Ingram Micro breach, where the Safe Pay ransomware gang has threatened to leak 35 terabytes of stolen data. Listeners are encouraged to focus on preventative measures even when ransomware attacks do not involve encryption. 00:00 Introduction and Headlines 00:25 The $500,000 Crypto Heist 01:26 Supply Chain Attack on Open VSX 04:50 Lessons from the Attack 06:16 Oyster Backdoor Threat 07:54 Cyber Attack on St. Paul 09:09 CISA's New Eviction Strategies Tool 10:43 Ingram Micro Data Breach Update 12:18 Conclusion and Contact Information

Alan Rozenshtein, Senior Editor and Research Director at Lawfare, sits down with Sezaneh Seymour, Vice President and head of regulatory risk and policy at Coalition and a former Senior Adviser on the National Security Council staff, and Brandon Wales, Vice President for cybersecurity strategy at SentinelOne and the former Executive Director of the Cybersecurity and Infrastructure Security Agency (CISA), to discuss their new Lawfare Research Report, “Partners or Provocateurs? Private-Sector Involvement in Offensive Cyber Operations.”They talk about why, in the face of escalating cyber threats from state and criminal actors, U.S. officials are reevaluating the policy that currently reserves offensive cyber operations as a government-only function. Rather than endorsing a change, Seymour and Wales propose a structured framework to guide the policy debate. This framework is built on three key factors: first, defining the core policy objectives for involving the private sector; second, determining the appropriate scope of authorized activities, including what actions are permissible and who can be targeted; and third, addressing the complex legal and liability considerations, especially when operations cause harm to innocent third parties. They conclude by weighing the potential for private actors to augment U.S. capabilities against the significant risks of escalation and diplomatic fallout.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/lawfare-institute.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

Please enjoy this encore of Word Notes. A condition announced by the US Cybersecurity and Infrastructure Security Agency (CISA) to draw attention to a temporary period of high alert, associated with expectation of a connected wave of cyberattacks prompted by either a widespread vulnerability or an unusually active and capable threat actor. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/shields-up⁠ Audio reference link: “⁠Star Trek II Wrath of Khan - Reliant vs Enterprise; First Clash⁠” YouTube, YouTube, 11 Apr. 2015,   Learn more about your ad choices. Visit megaphone.fm/adchoices

Roger Lipscomb has led OHIO811, Ohio's “Call Before You Dig” Notification Center, as President and Executive Director since 2006. With over 30 years of experience in the utility infrastructure and excavation sectors, Roger's steadfast commitment to public safety through education and collaboration has made Ohio a national leader in damage prevention. His expertise led to the formation of the Ohio Underground Damage Prevention Coalition (OUDPC), a multistakeholder organization dedicated to advancing excavation safety statutes within the Ohio Revised Code (ORC). Additionally, Roger has forged strong partnerships with state and federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), Ohio Homeland Security, and the Ohio Public Private Partnership (OP3), strengthening the resilience of Ohio's critical energy, communications, water, and wastewater infrastructure.

WEDI's Privacy & Security Workgroup Co-Chair Lesley Berkeyheiser (DirectTrust) speakers with Charles Sweat Jr. MD, Healthcare and Public Health Sector Liaison, Cybersecurity and Infrastructure Security Agency (CISA) & Charlee Hess, Director Cybersecurity Division, Critical Infrastructure Protection, US Department Health and Human Services on their organizations' missions, purposes and the resources they have that can help guide best practices for the healthcare industry as it pertains to cybersecurity. 

In this episode, Ryan Williams Sr. and Shannon Tynes discuss the recent budget cuts proposed for the Cybersecurity and Infrastructure Security Agency (CISA) and the implications of these cuts on cybersecurity efforts in the U.S. They highlight CISA's critical role in managing cyber incidents and the importance of maintaining adequate funding for cybersecurity initiatives. The conversation also touches on the challenges CISA faces, including talent retention and the need for continued education in cybersecurity. Article: DHS budget request would cut CISA staff by 1,000 positions https://federalnewsnetwork.com/cybersecurity/2025/05/dhs-budget-request-would-cut-cisa-staff-by-1000-positions/?fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExSk92elhwQm1sVDhUbXJJcQEe9Qs9B2fABpO-SLCON7ZvpkTGX_G3LDZya8eGBtLc_Z8LMScNY35ADkRNIEM_aem_hj20amxI4DCdhfI-MNEEHg Please LISTEN

  In this episode of Cybersecurity Today, host Jim Love explores the intricacies behind phishing emails that cleverly spoof Microsoft addresses, making many fall for scams despite appearing legitimate. Love emphasizes the need for a stringent 'zero trust' approach to counter these advanced tactics. Additionally, the episode delves into the activities of the hacking group Hazy Hawk, which exploits misconfigured DNS records to hijack trusted domains and propagate malware. Organizations are warned about the importance of regular DNS audits to prevent such attacks. The episode also covers the alarming wave of departures at the Cybersecurity and Infrastructure Security Agency (CISA), raising concerns over the agency's effectiveness amid increasing cyber threats. In another segment, Love discusses a sophisticated fraud operation out of Hanoi, where perpetrators manipulated X's Creator Revenue Sharing Program to siphon funds through fraudulent engagement metrics. The need for built-in fraud prevention mechanisms in digital reward systems is stressed. The episode concludes with a call for listener feedback and support. 00:00 Introduction and Overview 00:27 Phishing Scams: Authentic-Looking Emails 02:58 DNS Misconfigurations and Hazy Hawk 05:36 CISA Leadership Exodus 08:16 X's Creator Revenue Sharing Fraud 10:56 Conclusion and Contact Information

Remote work is driving a significant startup boom, reshaping the IT services market. A recent study indicates that companies with higher levels of remote work during the COVID-19 pandemic have seen a notable increase in employee startups, with an estimated 11.6% of new business formations attributed to this trend. Despite major corporations reinstating return-to-office mandates, remote work adoption in the U.S. has risen from 19.9% in late 2022 to 23.6% in early 2025, highlighting a growing demand for tools and services that support distributed teams. This shift presents both opportunities and challenges for employers, as they risk losing key talent to new ventures while also facing higher employee attrition rates.The insurance industry is beginning to address the risks associated with artificial intelligence (AI) by offering new products to cover potential losses from AI-related errors. Lloyds of London has introduced a policy that protects businesses from legal claims arising from malfunctioning AI systems, reflecting a growing recognition of AI as an operational risk. This development raises important questions about accountability and liability when AI systems fail, as seen in recent incidents involving customer service chatbots. As insurers start to underwrite AI risks, companies must adapt their service level agreements and governance structures to meet new requirements.The Cybersecurity and Infrastructure Security Agency (CISA) has announced a significant change in how it shares information, focusing on urgent alerts related to emerging threats while reducing routine updates. This shift, coupled with budget cuts that could reduce CISA's funding by 17%, raises concerns about the agency's capacity to respond to increasing cyber threats. IT services firms and cybersecurity vendors must adapt to this new landscape, as the responsibility for threat detection and response shifts more towards the private sector. Organizations that previously relied on CISA for support may find themselves facing increased operational risks due to reduced visibility and slower response times.In a related development, Microsoft has extended support for its Office applications on Windows 10 until October 2028, allowing users more time to transition to Windows 11. This decision reflects a broader trend in the technology sector, where companies are adapting their support strategies to meet user needs. By decoupling the upgrade cycles for Windows and Office, Microsoft acknowledges the resistance to forced upgrades and the importance of maintaining enterprise customer relationships. This extension provides IT service providers with additional time for operational planning while emphasizing the ongoing need for modernization in the long term. Four things to know today 00:00 Remote Work Fuels Startup Surge, Alters IT Talent Strategies Amid Growing Demand for Flexibility05:07 From Chatbot Lawsuits to Pontifical Warnings: AI Errors Now Seen as Business and Social Risk07:57 CISA Alert Shift and Budget Cuts Signal Rising Cybersecurity Burden for Private Sector10:08 Office Gets a Lifeline on Windows 10: Microsoft Decouples OS and App Upgrades Through 2028 Supported by: https://syncromsp.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

A strong cyber defense is vital to  public- and private-sector activities in the United States. In 2019, in response to an executive order to strengthen America's cybersecurity workforce, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) partnered with the SEI to develop and run the President's Cup Cybersecurity Competition, a national cyber competition that identifies and rewards the best cybersecurity talent in the federal workforce. In six years, more than 8,000 people have taken part in the President's Cup. In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jarrett Booz, technical lead for the President's Cup, and John DiRicco, a training specialist in the SEI's CERT Division, sit down with Matthew Butkovic, the CERT technical director of cyber risk and resilience, to reflect on six years of hosting the cup, including challenges, lessons learned, the path forward, and publicly available resources.  

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.During a talk at RSA, DHS Secretary Kristi Noem provided an update on the future direction of the Cybersecurity and Infrastructure Security Agency (CISA) under the new Trump administration.During the panel discussion titled “AI and Cyber Defense: Protecting Critical Infrastructure” which brought together federal research leaders to talk about how AI and automation are being leveraged to address mounting cyber risks across the U.S. critical infrastructure landscape. A new report titled The Rise of State-Sponsored Hacktivism provides a detailed analysis of how hacktivist operations have become an increasingly prominent feature of geopolitical cyber conflict.

Kaseya has launched a series of AI-driven tools and policy changes at its Connect 2025 event, aimed at enhancing operational efficiencies for IT service providers. The Kaseya 365 Ops platform utilizes AI to help customers improve their operational efficiency, with early users reportedly saving an average of 160 hours per month, equivalent to the productivity of one additional technician. Additionally, Kaseya is introducing free-to-use Datto backup hardware for up to three devices per customer, significantly reducing upfront costs for partners. The relaunch of the Datto Alto 5, a 2TB encrypted backup device offered at the price of a 1TB unit, provides better value and security for small to medium-sized businesses.SentinelOne, Huntress, and Microsoft have also made significant updates in cybersecurity and operational tools. SentinelOne unveiled its next-generation Purple AI Athena release, which automates critical processes such as threat triaging and investigation, while Huntress enhanced its managed identity threat detection and response solution to combat the rising threat of identity-based attacks. Microsoft announced that paid subscriptions will be required for its Windows Server 2025 hotpatching service, which allows administrators to install security updates without rebooting their servers, transitioning to a subscription model after June 30th.Homeland Security Secretary Kristi Noem announced plans to refocus the Cybersecurity and Infrastructure Security Agency (CISA) on protecting critical infrastructure from sophisticated threats, particularly those posed by China. She criticized previous leadership for mission drift and emphasized the need for improved information sharing across government agencies. Additionally, the Take It Down Act has passed the House, mandating social media companies to remove flagged non-consensual sexual images within 48 hours, raising concerns about potential misuse and the impact on smaller platforms.OpenAI has rolled back an update to its GPT-4.0 model due to concerns over overly flattering responses that compromised user trust. The company aims to refine its approach based on long-term user feedback, emphasizing the importance of accuracy and directness in AI interactions, especially for professionals in decision-making roles. This rollback serves as a reminder for IT leaders to ensure that AI-generated communications are truthful and not merely affirming, as the tone of AI can significantly shape trust in client relationships. Four things to know today 00:00 Kaseya Connect 2025: AI Ops Push, Free Backup Hardware, and Fred Voccola's Ongoing Presence Signal Business-as-Usual with a New Toolkit04:14 SentinelOne's AI Analyst, Huntress's Identity Defense, and Microsoft's Paid Patching 07:24 Noem Refocuses CISA on Infrastructure Threats as Congress Advances AI Image Takedown Law10:29 OpenAI Walks Back GPT-4o Update After Sycophantic Shift, Raising Critical Questions for AI Use in IT Services Supported by:  https://getnerdio.com/nerdio-manager-for-msp/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Zendesk has made a significant shift in its pricing model by moving away from traditional seat licenses to an outcome-based pricing structure. This change, articulated by CEO Tom Eggemeier, means that customers will only pay when an AI agent successfully resolves a business problem. This approach aligns with a broader industry trend towards consumption-based pricing, where costs are directly linked to the value delivered rather than the number of licenses or usage. As organizations increasingly adopt AI technologies, this model could reshape the software landscape, pushing providers to rethink their value propositions and focus on delivering tangible business outcomes.The Cybersecurity and Infrastructure Security Agency (CISA) is facing challenges as two high-ranking officials resign amid budget cuts that threaten to reduce its workforce by nearly 40%. The agency's Secure by Design initiative, aimed at enhancing software security, may be impacted by these changes, raising concerns about the future of national cybersecurity efforts. Additionally, CISA has halted the use of certain threat-hunting tools, which could further hinder its ability to address cyber threats effectively. The situation highlights the critical need for managed service providers (MSPs) to adapt their business models to incorporate security measures that align with evolving regulatory and customer demands.Kaseya and other companies are introducing AI-driven tools designed to enhance IT management and cybersecurity for managed service providers. Kaseya's Spring 2025 release includes features that automate workflows and improve user experience, while Cork Protection has launched a tool to help MSPs quickly assess cyber insurance policies. These innovations reflect a growing trend in the industry to leverage AI for operational efficiency and improved service delivery. As MSPs adopt these technologies, they can better position themselves to meet client needs and navigate the complexities of cybersecurity.OpenAI has partnered with The Washington Post to enable ChatGPT to summarize and link to the newspaper's reporting, marking a significant development in the relationship between AI and journalism. This collaboration aims to enhance the quality of information provided to users while raising questions about copyright and the reliability of AI-generated content. Despite OpenAI's advancements in research capabilities, concerns remain about the accuracy of AI in complex tasks. The partnership underscores the ongoing tension between the demand for high-quality information and the challenges of integrating AI into content creation and dissemination. Four things to know today 00:00 Zendesk Drops Per-User Pricing—Now It's Pay When AI Gets the Job Done03:56 Cyber Shakeup: CISA Faces Staff Exodus and Tool Loss While Pentagon Tightens Software Security Standards06:52 From Cyber Orchestration to Frontline AI: New Releases Highlight MSP-Centric Innovation Across the Ecosystem10:35 As OpenAI Partners with Major Newsrooms, Benchmark Reveals Deep Research Still Struggles with Accuracy  Supported by: https://timezest.com/mspradio/ https://www.huntress.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

The U.S. government has renewed funding for the Common Vulnerabilities and Exposures (CVE) Program, a critical database for tracking cybersecurity flaws, just hours before its funding was set to expire. Established 25 years ago, the CVE program assigns unique identifiers to security vulnerabilities, facilitating consistent communication across the cybersecurity landscape. The renewal of funding comes amid concerns that without it, new vulnerabilities could go untracked, posing risks to national security and critical infrastructure. In response to the funding uncertainty, two initiatives emerged: the CVE Foundation, a nonprofit aimed at ensuring the program's independence, and the Global CVE Allocation System, a decentralized platform introduced by the European Union.In addition to the CVE funding situation, Oregon Senator Ron Wyden has blocked the nomination of Sean Planky to lead the Cybersecurity and Infrastructure Security Agency (CISA) due to the agency's refusal to release a crucial unclassified report from 2022. This report details security issues within U.S. telecommunications companies, which Wyden claims represent a multi-year cover-up of negligent cybersecurity practices. The senator argues that the public deserves access to this information, especially in light of recent cyber threats, including the SALT typhoon hack that compromised sensitive communications.The cybersecurity landscape is further complicated by significant layoffs at CISA, which could affect nearly 40% of its workforce, potentially weakening U.S. national security amid rising cyber threats. Recent cuts have already impacted critical personnel, including threat hunters, which could hinder the agency's ability to share vital threat intelligence with the private sector. Meanwhile, the Defense Digital Service at the Pentagon is facing a mass resignation of nearly all its staff, following pressure from the Department of Government Efficiency, which could effectively shut down the program designed to accelerate technology adoption during national security crises.On the technology front, OpenAI has released new AI reasoning models, O3 and O4 Mini, but notably did not provide a safety report for the new GPT-4.1 model, raising concerns about transparency and accountability in AI development. The lack of a safety report is particularly alarming as AI systems become more integrated into client-facing tools. Additionally, SolarWinds Corporation has been acquired by Ternerva Capital, prompting managed service providers (MSPs) to reassess their dependencies on SolarWinds products and consider the implications for product roadmaps and support guarantees. Four things to know today 00:00 From Panic to Pivot: U.S. Saves CVE Program at the Eleventh Hour04:17 A Cybersecurity Meltdown: One Senator Blocks, Another Leader Quits, and a Whole Pentagon Team Walks Out08:54 OpenAI Just Leveled Up AI Reasoning—But Left Out the Fine Print11:45 SolarWinds Is Private Again: What That Means for MSPs Watching the Roadmap  Supported by:  https://www.huntress.com/mspradio/ https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship   Join Dave April 22nd to learn about Marketing in the AI Era.  Signup here:  https://hubs.la/Q03dwWqg0 All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

In this week's Security Sprint Andy and Hunter talk about the following topics:Warm Open:• How Healthcare Facilities Can Be Truly Disaster-Resilient. Healthcare Facilities Today spoke with Jon Crosson, director of health sector resilience at Health-ISAC, on what makes a solid resiliency program for healthcare facilities, the importance of real-time information sharing and how healthcare facility managers can use partnerships to improve response and recovery efforts. • Healthcare cybersecurity needs a total overhaul, by Errol Weiss, Chief Security Officer, Health-ISAC• Addressing Risks from Chris Krebs and Government Censorshipo Fact Sheet: President Donald J. Trump Addresses Risks from Chris Krebs and Government Censorshipo Trump Revenge Tour Targets Cyber Leaders, Electionso Gate 15: Cybersecurity & Infrastructure Security: Time to Make This Happen, December 15, 2017 Following the House of Representatives, the US Senate needs to approve the re-designation of DHS's National Protection and Programs Directorate (NPPD) to become the Cybersecurity and Infrastructure Security Agency (CISA); The President should nominate, and the Senate should confirm, Christopher Krebs as Under Secretary for NPPD and then as the first Director of National Cybersecurity and Infrastructure Security.Main Topics: Hacktivism & Nation-State Influence• CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide• IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities• Top 10 Advanced Persistent Threat (APT) Groups That Dominated 2024• The rising tide: A 2024 retrospective of hacktivismPolitical Violence, Executive Protection• ‘Save the white race': Teen who gunned down his parents was plotting a ‘political revolution' that included ‘getting rid of' President Trump, police say• Pennsylvania Man Charged with Making Threats to Assault and Murder President Donald J. Trump, Other U.S. Officials, and Immigration and Customs Enforcement Agents & ‘Going to assassinate him myself': Man ‘buying 1 gun a month since the election' threatened to kill Trump in multiple YouTube comments under name ‘Mr Satan,' FBI says• Suspect in custody after overnight arson at Pennsylvania Gov. Josh Shapiro's residenceo Was Cody Balmer 'Upset' With Gov Josh Shapiro Over Property Seizure? o Harrisburg man to be charged with attempted murder of Gov. Josh Shapiro for setting fire to official residenceo Suspect in arson at Pennsylvania Gov. Josh Shapiro's residence planned to beat him, documents sayo Suspected arsonist Cody Balmer accused of firebombing Gov. Shapiro's home shared disturbing photos onlineo Cody Balmer's Social Media Reveals Anti-Joe Biden Posts• Protect Democracy: How does Gen Z really feel about democracy? 11% believe that it political violence is sometimes necessary to achieve progress.• Arrest made at UnitedHealthcare headquarters after reports of an intruder Quick Hits:• Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit• 8 April 2025 NCSC, FBI, DCSA bulletin – Online Targeting of Current & Former U.S. Government Employees. • FAA Drone Detection Testing. The FAA will conduct drone-detection testing in Cape May, New Jersey, between April 14-25. • Top homeland security lawmaker calls for cautious cuts to CISA• CISA cuts: ‘Open season' for US? • Senator puts hold on Trump's nominee for CISA director, citing telco security ‘cover up' • OCC Notifies Congress of Incident Involving Email Systemo Treasury bureau notifies Congress that email hack was a ‘major' cybersecurity incidento Hackers lurked in Treasury OCC's systems since June 2023 breach• US Cyber Command: Posture Statement of Lieutenant General William J. Hartman

Cybersecurity and Infrastructure Security Agency (CISA) staff tell Forbes they're stunned by the leak, amid calls for heads to roll. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Google has officially confirmed its acquisition of cloud security firm Wiz for a staggering $32 billion, marking the largest deal in the company's history. This strategic move aims to bolster Google Cloud's security and multi-cloud capabilities, especially as the demand for cloud security intensifies. Wiz, founded in 2020, has quickly gained traction, serving nearly half of the Fortune 100 companies and projecting a significant increase in annual recurring revenue. However, the acquisition comes with risks, including potential regulatory scrutiny and a substantial reverse termination fee, reflecting the challenges Google may face in integrating Wiz into its existing cloud infrastructure.In a related development, the Cybersecurity and Infrastructure Security Agency (CISA) is working to contact over 130 former employees after a federal court ruled their layoffs were unlawful. This decision is part of a broader legal challenge against workforce cuts made during the Trump administration. The reinstated employees will receive full pay and benefits while on administrative leave, but the agency has already lost a significant portion of its workforce, raising concerns about its ability to combat cyber threats effectively. The situation highlights the ongoing challenges faced by CISA in maintaining a capable workforce amid increasing cyberattacks.Cloudflare has launched a new threat events platform called Cloudforce One, designed to enhance real-time intelligence on cyberattacks. This platform leverages Cloudflare's extensive global network, which has blocked billions of cyber threats daily. Additionally, Logic Monitor has partnered with Amazon Web Services to facilitate the migration of VMware workloads to AWS, aiming to optimize cloud performance for global enterprises. Meanwhile, RingCentral has introduced several AI features to improve business communications, including a virtual assistant for managing inbound calls and tools for real-time knowledge retrieval.Lastly, a London court held a secret hearing regarding Apple's appeal against a UK government order to create a backdoor in its encrypted cloud storage systems. This case raises significant concerns about government surveillance, encryption, and data privacy, with potential global implications for cloud security and regulatory compliance. Civil rights organizations have criticized the secrecy of the proceedings, emphasizing the importance of strong encryption in protecting individuals from harassment and oppression. The outcome of this case could have far-reaching effects on the balance between security and privacy in the digital age. Four things to know today 00:00 Google's Biggest Deal Ever: $32B on Wiz to Secure the Cloud. Will It Work?03:25 CISA Scrambles to Contact Wrongfully Laid-Off Employees Amid Cybersecurity Workforce Strain05:27 Cloudflare, AWS, and RingCentral Drop Major Updates07:39 UK Court Holds Secret Hearing on Apple's Encryption Backdoor Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorshiphttps://www.huntress.com/mspradio/ Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Significant changes are underway at the Cybersecurity and Infrastructure Security Agency (CISA), and the cybersecurity community is paying close attention. In this episode, we break down the recent funding cuts, layoffs, and restructuring efforts that could reshape the agency's mission—and potentially impact national cybersecurity.Join Rob Aragao as he analyzes:

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of the LimaCharlie community.The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant operational challenges as budget constraints force it to scale back key cybersecurity programs.Scammers are taking a new approach to extortion by mailing physical ransom letters to victims, claiming to be the operators of the BianLian ransomware group.A newly identified advanced persistent threat (APT) group, dubbed "Crafty Camel," has been targeting aviation operational technology (OT) systems using a sophisticated technique involving polyglot files. A new malvertising campaign is leveraging deceptive online ads to distribute information-stealing malware hosted on GitHub, highlighting an ongoing evolution in cybercriminal tactics.Security researchers have disclosed details of multiple vulnerabilities in Supervisory Control and Data Acquisition (SCADA) systems that could be exploited to facilitate attacks on industrial environments.

Former Trump administration cybersecurity official Sean Planky has been nominated to lead the Cybersecurity and Infrastructure Security Agency (CISA). His nomination comes amid significant layoffs at the agency, where over 100 employees were let go, including key members of the Red Team responsible for simulating cyberattacks. These cuts raise concerns about CISA's ability to maintain cybersecurity amid ongoing federal budget constraints, potentially leading to increased threats in the private sector as federal infrastructure and intelligence sharing weaken.In the realm of artificial intelligence, the General Services Administration (GSA) has introduced a custom chatbot named GSAI to automate various government tasks, coinciding with significant job cuts within the agency. While the chatbot aims to enhance efficiency, internal memos have warned employees against inputting sensitive information. This trend reflects a broader movement in the federal government towards tech-driven workforce reductions, raising questions about data privacy and the reliability of AI tools in government operations.Utah has made headlines by passing legislation requiring App Store operators to verify the ages of users and obtain parental consent for minors downloading apps. This law, aimed at enhancing online safety for children, has garnered support from major tech companies but has also faced criticism regarding potential infringements on privacy rights. The Supreme Court is expected to examine age verification issues, particularly concerning adult content websites, highlighting the ongoing debate over online safety regulations.The podcast also discusses the competitive landscape of AI, with Google reporting continued growth in search queries despite the rise of ChatGPT. New benchmarks have been developed to measure the honesty of AI models, revealing that larger models do not necessarily correlate with higher honesty rates. As companies like Microsoft and Amazon introduce advanced AI tools, the implications for businesses are significant, emphasizing the need for oversight and governance in AI deployment to mitigate risks associated with inaccuracies and compliance issues. Three things to know today00:00 Cybersecurity Jobs Cut, AI Hired, and Kids Get ID'd—Welcome to the Future of Tech Policy05:45 ChatGPT Isn't Killing Google Search—And AI Lies More Than You'd Think08:27 Microsoft and OpenAI: A Rocky Relationship, While AI Prices Tumble Supported by:  https://getflexpoint.com/msp-radio/  Event: https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

What does it mean to be secure by design? Richard chats with Karinne Bessette about the scope of the problem around making more secure software. Karinne talks about the US government's Cybersecurity and Infrastructure Security Agency (CISA) push to promote more secure software products. The conversation digs into some of the more famous exploits in recent years and some of the challenges of dealing with development tools that require super-user privileges, getting security testing done promptly and responding to exploits effectively when they happen.LinksWomen in TeamsCISA Secure by DesignAzure Kubernetes ServiceMicrosoft Security Response CenterRecorded February 21, 2025

U.S. Cyber Command has been ordered to halt all planning against Russia, marking a significant shift in the country's cyber policy. This decision, directed by Defense Secretary Pete Hedgeset, comes as the focus of U.S. cybersecurity efforts pivots away from Russia and towards threats from China and other adversaries. Reports indicate that this change has raised concerns about potential vulnerabilities, especially as Russian cybercriminal groups remain active. The Cybersecurity and Infrastructure Security Agency (CISA) has denied claims that it is reducing its focus on Russian threats, asserting its commitment to defending against all cyber threats to U.S. critical infrastructure.The podcast also discusses the challenges faced by IT service providers in retaining new talent. A recent report highlights that employees with one to three years of experience have a significantly higher churn rate compared to their more experienced counterparts. This situation underscores the need for managed service providers (MSPs) to enhance their onboarding processes, career progression paths, and workplace culture to improve employee retention. Additionally, the limited role of remote work in the industry suggests that MSPs must compete on factors beyond salary, such as workplace environment and benefits.Furthermore, the episode touches on the financial performance of Enable, a key player in the MSP software market. Despite reporting a year-over-year revenue growth of 7% and transitioning a significant portion of its revenue to annual contracts, Enable's stock price plummeted by over 25% following its earnings call. Analysts have adjusted their price targets downward, indicating a lack of confidence in the market for MSP-focused software companies. This trend suggests that the dream of an IPO resurgence for such companies may be fading, with a shift towards private equity consolidation becoming more prevalent.Finally, the podcast emphasizes the importance of resilience, vendor risk management, and strategic alignment for MSPs in light of these market dynamics. As the landscape evolves, providers are encouraged to focus on enhancing their cybersecurity offerings and adapting to regulatory changes. The episode concludes with a reminder for MSPs to be proactive in their approach to business, as the days of passive compliance are over, and security and regulation are becoming critical factors in the IT services industry. Three things to know today 00:00 U.S. Cyber Policy Shifts—Providers May Need to Step Up as Government Focus Changes05:27 IT Service Providers Are Hiring—But Can They Keep Their New Talent?08:25 MSP IPOs? The Market Says No—N-able's Stock Drop Tells the Story Supported by:  https://cometbackup.com/?utm_source=mspradio&utm_medium=podcast&utm_campaign=sponsorship https://getflexpoint.com/msp-radio/  Event: : https://www.nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple's decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the […] The post Cybersecurity Impact of DOGE, Apple's Stand Against Encryption Backdoors appeared first on Shared Security Podcast.

The episode delves into the impact of artificial intelligence (AI) on cybersecurity, particularly focusing on the rise of AI-driven phishing attacks. Bryant G. Tow, Chief Security Officer at LeapFrog Services, discusses how cybercriminals are leveraging generative AI to create more convincing phishing schemes, which can lead to identity theft. Despite the advancements in attack methods, Tao emphasizes that the fundamental defenses against these threats remain unchanged. He highlights the importance of understanding the evolving landscape of cyber threats and the necessity for organizations to adapt their security measures accordingly. Tow elaborates on the concept of an "arms race" in cybersecurity, where defenders must continuously improve their strategies to keep pace with increasingly sophisticated attacks. He points out that while phishing remains a common entry point for cyber threats, the use of AI is transforming these attacks into more personalized and effective schemes. The conversation shifts to the implications of deepfake technology, which can create realistic impersonations of individuals, further complicating the security landscape. Tao warns that the ability to produce convincing deepfake videos and audio can lead to significant risks for organizations. The discussion also touches on the challenges of insider threats, particularly when employees intentionally disregard security policies. Tao stresses the importance of establishing clear acceptable use policies and implementing a zero-trust framework to mitigate these risks. He notes that most insider threats are accidental, but organizations must be prepared to address malicious actions as well. Effective governance, training, and monitoring are essential components in managing insider threats and ensuring compliance with security protocols. Finally, the episode highlights the evolving role of government agencies like the Cybersecurity and Infrastructure Security Agency (CISA) in addressing cybersecurity challenges. Tow reflects on recent changes in leadership and the potential for new perspectives on cybersecurity governance. He expresses hope that the shift in focus will lead to more accessible resources and support for organizations navigating the complex landscape of cyber threats. The conversation underscores the need for continuous adaptation and vigilance in the face of emerging technologies and evolving attack methods. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Season 3 is here!On this episode of Virtual Sentiments, host Kristen Collins interview Kris Rose on deliberative democracy and Meta's community forums. Kris discusses Meta's efforts to incorporate public input into decision-making through the Oversight Board and Community Forums. The Oversight Board, an independent body with binding authority over content moderation decisions, provides external accountability, while Community Forums proactively engage users on emerging technologies and policies. In particular, they focus on Meta's Generative AI Community Forum, held in the US, Germany, Spain, and Brazil, which aimed to gather diverse perspectives on the principles that should guide AI development and use. Kristen also raises several concerns including selection biases, lacking transparency, and the potential influence of political pressures on corporate decision-making.**This conversation was recorded in August 2024Kris Rose is a Governance Director at Meta, where he works across the company to drive thought on emerging trends at the intersection of technology, society, and governance. He also leads the team's community governance work, including community forums and other pilots focused on empowering user voice in the company's decision making. Prior to this role, Kris helped launch the company's Oversight Board, served as a geopolitical analyst at the Central Intelligence Agency for a decade—to include a secondment as the President's Daily Brief (PDB) briefer to then US Vice President Mike Pence—and most recently served as a Senior Advisor at the Cybersecurity & Infrastructure Security Agency (CISA) during the Biden administration. Kris holds a Master's in Public Policy from Georgetown University and is a Term Member with the Council on Foreign Relations.Read more work from Kristen Collins.Notes: Stanford University's Deliberative Democracy Lab's Deliberative Polling MethodologyMeta's 2023 Community Forum on Generative AI, conducted in collaboration with Stanford University's Deliberative Democracy Lab and the Behavioral Insights TeamMeta's January 7, 2025 Policy AnnouncementMeta's Transparency ReportsIf you like the show, please subscribe, leave a 5-star review, and tell others about the show! We're available on Apple Podcasts, Spotify, Amazon Music, and wherever you get your podcasts.Follow the Hayek Program on Twitter: @HayekProgramLearn more about Academic & Student ProgramsFollow the Mercatus Center on Twitter: @mercatus

Matthew Rogers, ICS Cybersecurity Strategy & R&D Lead at the Cybersecurity & Infrastructure Security Agency (CISA) joins the Nexus Podcast to discuss the agency's latest publication: “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This guide features 12 cybersecurity recommendations that OT owners and operators should be looking for during procurement cycles with automation and control system vendors. Read Claroty's blog on the guide.Listen to every episode of the Nexus Podcast here. 

The FBI successfully hacked approximately 4,200 computers across the U.S. to eliminate the PlugX malware, which has been a tool for state-sponsored hackers in China since 2012. This operation, conducted in collaboration with French law enforcement, marks a proactive approach to combating cyber threats and underscores the importance of government intervention in mitigating advanced persistent threats.Sobel also discusses the ongoing struggles of the LockBit cybercriminal organization following a major takedown last year. The U.S. Justice Department's efforts to dismantle LockBit's infrastructure have left the group reeling, with a significant reduction in their operational capacity. This case serves as a powerful example of how coordinated law enforcement actions can disrupt ransomware-as-a-service operations, providing IT providers with a narrative to educate clients on effective ransomware defense strategies.The episode further explores the dual pressures faced by Chief Information Security Officers (CISOs) regarding the adoption of generative artificial intelligence (AI). While a majority of C-suite executives recognize the potential benefits of generative AI, they also express deep concerns about the associated security risks. The Cybersecurity and Infrastructure Security Agency (CISA) has introduced a new initiative aimed at addressing these vulnerabilities, emphasizing the need for effective risk management strategies as companies increasingly integrate AI technologies into their operations.Finally, Sobel highlights the recent developments from Gradient MSP and Citricom, both of which are addressing critical pain points for managed service providers (MSPs). Gradient MSP has launched a Managed Billing Reconciliation Service to streamline billing processes, while Citricom's acquisition of Televi aims to enhance its cybersecurity offerings. These initiatives reflect the evolving landscape of MSP services, where operational efficiency and robust security measures are paramount for success in a competitive market. Three things to know today00:00 Good News Alert: FBI Crushes PlugX Malware, LockBit Stumbles, and Cybersecurity Gains Momentum06:15 Billing, Breaches, and Bots: How MSPs and AI Security Are Tackling 2025's Biggest Challenges08:58 From Billing to Cybersecurity: Gradient MSP and Cytracom Address Critical MSP Pain Points  Supported by:  https://getnerdio.com/nerdio-manager-for-msp/   All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Chinese hacker group Salt Typhoon's breach of telecommunications networks has given it unprecedented access to networks across the US and around the world – but there is something you can do about it. If your work involves confidential and sensitive information – or if records of who you are communicating with could be valuable information for outsiders – the Verge reports that the FBI and Cybersecurity and Infrastructure Security Agency (CISA) are recommending that you use encrypted messaging and calling apps where possible. That means using services like Signal and WhatsApp to make sensitive calls instead of regular phone services. These services bypass cell phone networks and use the Internet instead, encrypting all data sent between your phone and that of the person you're calling – meaning that even if the hackers wanted to listen to your call, they wouldn't be able to. If you're not sure how to use them, whether your company policies prevent their use, or whether your company prefers that you use a different system, check with your IT department. The 60-second "Security Nudge" is brought to you by CybSafe, developers of the Human Risk Management Platform. Learn more at https://cybsafe.com

In this episode of Security Visionaries, we're joined by Kiersten Todt, President at Wondros and former Chief of Staff for the Cybersecurity and Infrastructure Security Agency (CISA) to discuss predictions for 2025 and beyond.Topics include  the role of artificial intelligence in security, the potential for an AI bubble burst, and reclassifying the cloud as critical infrastructure. Kiersten also predicts an increase in detections of  cyber intrusions from nation-state actors, especially China, underscoring the need for readiness and global cooperation. The discussion concludes with Kiersten's resolution for 2025, emphasizing the role of individuals in demanding more safety and security measures.

The findings of a recent report highlight the challenges faced by C-suite executives regarding aging IT systems amidst a surge in AI adoption. While 90% of executives believe their technology is top-notch, nearly two-thirds acknowledge that outdated infrastructure poses significant issues, with many critical IT systems nearing the end of their life cycle. The report also reveals that although 75% of organizations are investing in AI and machine learning, less than half report a positive return on investment, raising concerns about cyber attack preparedness among executives.The episode also delves into a growing trend of cloud repatriation, as organizations grapple with unexpected costs and performance issues in cloud environments. A recent IDC report indicates that 50% of companies spent more on cloud services than anticipated, prompting some to transition specific workloads back in-house. The case of SaaS company 37Signals, which plans to save $10 million over five years by moving away from cloud services, exemplifies this trend. Sobel emphasizes the importance of differentiating between various levels of AI adoption, noting that many organizations may only be conducting small-scale experiments rather than full-scale implementations.Host Dave Sobel highlights the rising threat of voice-based AI scams, referencing a study from the University of Illinois that demonstrates how OpenAI's ChatGPT-4 can be exploited for financial scams with success rates between 20% to 60%. Additionally, he discusses a new threat campaign where hackers impersonate IT support on Microsoft Teams, urging organizations to implement training programs to raise awareness of evolving social engineering threats. The Cybersecurity and Infrastructure Security Agency (CISA) has also issued warnings about a large-scale spear-phishing campaign targeting federal executives, emphasizing the need for protective measures.Finally, the episode covers significant developments in automation and AI within the managed services sector, particularly at DattoCon, where Kaseya projected that up to 70% of repetitive tasks performed by managed service providers will be automated by 2026. Sobel also discusses Runway's innovative AI tool that customizes outreach to potential clients, reflecting a broader trend of leveraging AI to optimize sales processes. The episode concludes with a discussion on the general availability of Windows Server 2025, which introduces significant advancements and is positioned as a robust solution for on-premises and hybrid cloud deployments. Four things to know today00:00 Kyndryl Report Reveals Struggle with Aging IT as AI Adoption Soars but ROI Falls Short, Fueling Demand for Service Support04:18 Voice-Based AI Scams Rise as Study Shows ChatGPT Vulnerability; New Tactics on Microsoft Teams and Spear Phishing Surge06:20 At DattoCon, Kaseya Emphasizes Automation as Core to MSP Efficiency, Parallel to Runway's AI-Enhanced Sales Tactics08:50 Microsoft Launches Windows Server 2025 with Hybrid Enhancements as KnowBe4 Unveils New Security Training Post-Breach  Supported by:  https://www.huntress.com/mspradio/https://mspradio.com/engage/    All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social

The US presidential election is upon the American public, and with it come fears of “election interference.”But “election interference” is a broad term. It can mean the now-regular and expected foreign disinformation campaigns that are launched to sow political discord or to erode trust in American democracy. It can include domestic campaigns to disenfranchise voters in battleground states. And it can include the upsetting and increasing threats made to election officials and volunteers across the country.But there's an even broader category of election interference that is of particular importance to this podcast, and that's cybersecurity.Elections in the United States rely on a dizzying number of technologies. There are the voting machines themselves, there are electronic pollbooks that check voters in, there are optical scanners that tabulate the votes that the American public actually make when filling in an oval bubble with pen, or connecting an arrow with a solid line. And none of that is to mention the infrastructure that campaigns rely on every day to get information out—across websites, through emails, in text messages, and more.That interlocking complexity is only multiplied when you remember that each, individual state has its own way of complying with the Federal government's rules and standards for running an election. As Cait Conley, Senior Advisor to the Director of the US Cybersecurity and Infrastructure Security Agency (CISA) explains in today's episode:“There's a common saying in the election space: If you've seen one state's election, you've seen one state's election.”How, then, are elections secured in the United States, and what threats does CISA defend against?Today, on the Lock and Code podcast with host David Ruiz, we speak with Conley about how CISA prepares and trains election officials and volunteers before the big day, whether or not an American's vote can be “hacked,” and what the country is facing in the final days before an election, particularly from foreign adversaries that want to destabilize American trust.”There's a pretty good chance that you're going to see Russia, Iran, or China try to claim that a distributed denial of service attack or a ransomware attack against a county is somehow going to impact the security or integrity of your vote. And it's not true.”Tune in today.You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.Show notes and credits:Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/Outro Music: “Good God” by Wowa (unminus.com)Listen up—Malwarebytes doesn't just talk cybersecurity, we provide it.Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and

On the GZERO World podcast, Ian Bremmer sits down with Jen Easterly, the top US official behind America's election security infrastructure. As Director of Homeland Security's Center for Cybersecurity and Infrastructure Security Agency (CISA), she is on the frontlines of safeguarding the voting process. In their conversation, Easterly talks about the massive improvements to the nation's voting systems and emphasizes “with great confidence that election infrastructure has never been more secure.” Yet what worries Easterly is the potential for election meddling and disinformation after voting ends and before certification is complete.Easterly discusses how the "firehose of disinformation" can have serious consequences on the country. She calls out Trump and other political leaders who have peddled false narratives pushed by foreign actors—a move that risks eroding public trust in our democracy. Again, though, her main concern is for that volatile period after the votes are cast and before they're certified. She argues that "between November 5th and January 6th—when the Congress is going to certify the vote—our foreign adversaries are going to go hog wild.” In particular, threats coming from Russia, China, and Iran. So as voters head to the polls, Easterly and her agency are making it a priority to rebuild trust and confidence with American voters.Host: Ian BremmerGuest: Jen Easterly Subscribe to the GZERO World with Ian Bremmer Podcast on Apple Podcasts, Spotify, or your preferred podcast platform, to receive new episodes as soon as they're published.

The Cybersecurity and Infrastructure Security Agency (CISA) has taken a leading role in coordinating efforts to secure the 2024 election—from ensuring the physical security of election workers, to protecting election systems from cyber threats, to identifying foreign influence campaigns and preparing for deepfakes. With a week until Election Day, Senior Editors Quinta Jurecic and Eugenia Lostri spoke with CISA's Cait Conley, Senior Advisor to the agency's director, about how CISA is working to protect the vote. To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft has recently confirmed that a software bug caused the loss of more than two weeks' worth of critical security logs from several of its cloud services.Brazil's Federal Police have arrested a hacker suspected to be "USDoD," a notorious cybercriminal involved in several high-profile data breaches.A critical vulnerability has been discovered in SolarWinds' Web Help Desk (WHD) software, involving hardcoded credentials that could be exploited by attackers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that these flaws are being actively used in cyberattacks.