POPULARITY
Vier Bücherschätze für gemütliche Nachmittage haben euch Anja und Susi diesmal mitgebracht: ein Erstlesebuch, zwei Erzählungen ab 10 Jahren und ein Kindersachbuch. Ihr erreicht uns per Mail podcast.msb@muenchen.de - Wir freuen uns über Anregungen, Meinungen und Lesetipps. Viel Spaß beim Anhören! Vorgestellte Titel: ab 1:17: „Hilfe! Eine Woche ohne Handy" von Thomas Feibel ; mit Bildern von Josephine Wolff, Carlsen Verlag, 80 Seiten, ab 7 Jahren ab 8:46: „Das magische Pendel“ von Kathrin Tordasi (1. Band der Reihe "Birds of Paris"), mit Vignetten von Heiko Hentschel , FISCHER Sauerländer Verlag, 267 Seiten, ab 10 Jahren ab 16:20: „Oma verbuddeln" von Birgit Schössow, Peter Hammer Verlag, 222 Seiten, ab 10 Jahren ab 24:24: „Pupsende Mikroben und Dinos im Winterschlaf : das Klima unserer Erde von der Urzeit bis heute" von Ola Woldańska-Płocińska ; aus dem Polnischen von Marlena Breuer, Hanser Verlag, 78 Seiten, ab 9 Jahren Alle Titel können bei uns entliehen werden: bit.ly/msb_Katalog
Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant's Chief Analyst. References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate. Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire. Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant. Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal. Learn more about your ad choices. Visit megaphone.fm/adchoices
This week we dive into the hot topic of cyber insurance with Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University The Fletcher School and author of the book “You'll See This Message When it is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches” (MIT Press 2018). We explore the dynamic industry of cyber insurance and key policy areas such as defining cyber war, the impact of the increase of ransomware the last two years (some stats put it at 150% increase!), and how to change security behaviors. She also shares insights on AI and the always looming theme of bias as well as the importance of always keeping a human in the loop. And, be sure to look out for her new book on cyber insurance with MIT Press coming out in August 2022. Josephine Wolff - Associate Professor of Cybersecurity Policy at Tufts University's The Fletcher School Josephine Wolff is an associate professor of cybersecurity policy and has been associated with The Fletcher School at Tufts University since 2019. Her research interests include international Internet governance, cyber-insurance, security responsibilities and liability of online intermediaries, government-funded programs for cybersecurity education and workforce development, and the legal, political, and economic consequences of cybersecurity incidents. Her book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018. Her writing on cybersecurity has also appeared in Slate, The New York Times, The Washington Post, The Atlantic, and Wired. Prior to joining Fletcher, she was an assistant professor of public policy at the Rochester Institute of Technology and a fellow at the New America Cybersecurity Initiative and Harvard's Berkman Klein Center for Internet & Society. She received received a Ph.D. in Engineering Systems and M.S. in Technology and Policy from MIT, and an A.B. in mathematics from Princeton. As a student, she also spent time at Microsoft, the Center for Democracy and Technology, the White House Office of Science and Technology Policy, and the Department of Defense. https://www.linkedin.com/in/josephine-wolff-1baa414b/ For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e271
Der Januar ist da! Anja und Martina starten ins neue Jahr 2024 und stellen fünf neue Kinderbücher vor: zwei Bilderbücher, ein Erstlese-Mitmachbuch, ein chaotisch-lustiger Roman und ein Kindersachbuch. Viel Spaß beim Anhören! Vorgestellte Titel: ab 01:18: „Ida will schlafen“ von Lena Havek, illustriert von Daniela Kunkel, Carlsen Verlag, 32 Seiten, ab 3 Jahren ab 05:45 „Unfair“ von Ole Puls, illustriert von Paul Trakies, Herder Verlag, 28 Seiten, ab 4 Jahren ab 10:13: „Ich bin ein Vampir!“ aus der Reihe „Einfach lesen lernen“, von Sandra Grimm, illustriert von Josephine Wolff, Carlsen Verlag, 56 Seiten, ab 6 Jahren ab 15:35: „Wer ist hier der Alien?“ von Nina Basovic Brown ; mit Bildern von Julia Weinmann, Beltz & Gelberg Verlag, 125 Seiten, ab 10 Jahren ab 21:55: „Jane Goodall : ein Leben mit den Schimpansen“ (aus der Reihe Superleser! - Leseprofis“) von Libby Romero, übersetzt von Simone Heller, DK Verlag, 128 Seiten, ab 8 Jahren Alle Titel können bei uns entliehen werden: bit.ly/msb_Katalog
Guest: Monica Shokrai, Head Of Business Risk and Insurance For Google Cloud Topics: Could you give us the 30 second run down of what cyber insurance is and isn't? Can you tie that to clouds? How does the cloud change it? Is it the case that now I don't need insurance for some of the "old school" cyber risks? What challenges are insurers facing with assessing cloud risks? On this show I struggle to find CISOs who "get" cloud, are there insurers and underwriters who get it? We recently heard about an insurer reducing coverage for incidents caused by old CVEs! What's your take on this? Effective incentive structure to push orgs towards patching operational excellence or someone finding yet another way not to pay out? Is insurance the magic tool for improving security? Doesn't cyber insurance have a difficult reputation with clients? “Will they even pay?” “Will it be enough?” “Is this a cyberwar exception?” type stuff? How do we balance our motives between selling more cloud and providing effective risk underwriting data to insurers? How soon do you think we will have actuarial data from many clients re: real risks in the cloud? What about the fact that risks change all the time unlike say many “non cyber” risks? Resources: Video (LinkedIn, YouTube) Google Cloud Risk Protection program “Cyber Insurance Policy” by Josephine Wolff InsureSec
Josephine Wolff, associate professor, cybersecurity policy, Fletcher School of Law and Diplomacy, Tufts University, discusses how insurers and others can make cyberinsurance a more effective cyberrisk management tool.
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Joining RIMScast today is Josephine Wolff to provide a 2023 outlook on cybersecurity and insurance! Josephine Wolff is an associate professor of cybersecurity policy at The Fletcher School at Tufts University. Her newest book, Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks, came out just this last August and examines the development of cyberinsurance and addresses what governments can do to make it a more effective tool for cyber risk management. Josephine will also be a panelist on RIMS's January 24th, 2023 webinar, “What to Expect from Cyber Insurance in 2023 and Beyond,” linked below under Upcoming Webinars. In this interview, Josephine shares what risk professionals need to rethink or reevaluate in 2023, the top three cybersecurity issues that will have the largest impact on organizational leaders in 2023, her advice regarding cyber and ransomware attacks, and more. Key Takeaways: [:01] About the RIMS Membership. [:14] Registration for RISKWORLD 2023 is now open! [:34] About RIMScast. [:45] About today's episode. [1:00] All about upcoming RIMS webinars, workshops, events, and more! [2:18] All about today's episode with Josephine Wolff. [2:55] Justin Smulison welcomes Josephine to the podcast! [3:07] Josephine shares her career history and what led her to pursue cybersecurity. [5:17] Is it inevitable that we will all become victims of a cyber or ransomware attack at some point in our lives? [6:57] Josephine shares her experiences with risk managers and professionals over the years. [9:00] Top three cybersecurity issues that will have the largest impact on organizational leaders in 2023. [12:22] As an instructor that teaches on the subject of cybersecurity, what is on the minds of Josephine's students currently? [16:05] RIMS plug time! All about upcoming RIMS virtual workshops. [18:00] What risk professionals need to rethink or reevaluate in 2023. [20:32] RIMS and several other organizations want the federal government in the U.S. to have a centralized framework to help prepare for and navigate the aftermath of major cyber attacks. How beneficial does Josephine feel this would be on a grand scale? [23:42] Josephine gives a preview of the upcoming Telos webinar she will be joining RIMS for on January 24th, 2023. [26:01] Josephine's thoughts on whether the CIO is a new best friend for the risk manager. [28:40] Are any of Josephine's students on the path to becoming CIOs? [29:25] Justin thanks Josephine Wolff for joining the podcast and shares some links to check in today's show notes. Mentioned in this Episode: RISKWORLD 2023 — April 30‒May 3 in Atlanta, Georgia! Public registration is now open! RIMS Virtual Workshops in 2023 — a Brief Dialogue with Instructor Elise Farnham Contribute to Risk Management Magazine Prepare for the RIMS-CRMP Certification exam with RIMS and St. John's University from January 24‒25th. Learn about the five core competencies of a risk professional and enhance your risk management skills. Register now! RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play NEW FOR MEMBERS! RIMS Mobile App RIMS Buyers Guide Dan Kugler Risk Manager on Campus Grant Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Related RIMScast Episodes: “2022: The Year in Risk (Part 1)” “Cybersecurity and Data Privacy with Fred Karlinsky & Travis Wong” (2022) “CERT-In Cyber Details to Know with Jyoti Krishnan” “2022 Midyear Risk Review with RIMS Publications Director Morgan O' Rourke” “Getting to Know Jackware with Dan Healy of Anderson Kill” “Cloud Security Risks with Google's Monica Shokrai” “Roadway Risks: AI, Autonomous Vehicles, & Automated Driving” “Ransomware Risks and ‘Responding Gracefully' with Masha Sedova” “Cyber Breach Responses with Kate Fazzini, Flore Albo CEO” “The World of Cybersecurity with NCSA's Kelvin Coleman” “Cybersecurity Frameworks with NIST Fellow, Ron Ross” “Cyber Risk News & Trends with Tony Anscombe, Part 2” More RIMS Resources on Cybersecurity and Cyber Insurance: RIMS Letter to Federal Insurance Office Supports the Development of a Cyber Insurance Backstop From Risk Management Magazine: “Can Cyber Insurance Recovery from a Third Party Satisfy a Self-Insured Retention?” by Joshua Gold” “Insurance Coverage For Jackware Attacks,” by Daniel J. Healy & Robert M. Horkovich “Preparing for New U.S. Data Privacy Laws,” by Ben Richmond “4 Principles to Improve Your Data Privacy Program,” by Ray Pathak Upcoming Webinars: “What to Expect from Cyber Insurance in 2023 and Beyond” | Sponsored by Telos | Jan. 24, 2023 “Demystifying Business Continuity for Risk Managers” | Sponsored by Riskonnect | Feb. 16, 2023 Virtual Workshops: Captives as an Alternate Risk Financing Technique | January 18‒19 | 10:00 am‒5:00 pm ET Registration closes Jan. 17 Fundamentals of Insurance | January 25‒26, 2023 | 9:00 am‒4:30 pm ET Registration closes Jan. 24 Fundamentals of Risk Management | February 14‒15, 2023 | 9:00 am‒3:00 pm ET Registration Closes Feb. 13 See the full calendar of RIMS Virtual Workshops Sponsored RIMScast Episodes: “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. (NEW!) “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL “How to Reduce Lithium-Ion Battery Fire Risks” | Sponsored by TÜV SÜD “Managing Global Geopolitical Risk in 2022 and Beyond” | Sponsored by AXA XL “Keeping Subcontractors Safe Through Partner Elevation” | Sponsored by Highwire “ESG: A Responsibility and a Growing Megatrend” | Sponsored by Prudent Insurance Brokers Ltd. “Prioritizing People: Focusing on Your Team to Deliver Exceptional Quality and Service to Your Clients” | Sponsored by Gallagher Bassett “Bermuda Opportunities in 2022 with BDA Chair Stephen Weinstein” | Sponsored by Bermuda Business Development Agency “SyncR: A Tool to Enhance Your Risk Quality & Insurance Strategy” | Sponsored by Prudent Insurance Brokers Ltd. “RIMScast: Navigating the Risk Landscape in 2022” | Sponsored by AXA XL “RIMScast: Prioritizing People: Expertise and Innovation” | Sponsored by Gallagher Bassett “RIMScast: Risk Findings for the Industrial & Manufacturing Industry” | Sponsored by Aon “RIMScast: Establishing the Right Assurance to Request From Business Partners” | Sponsored by HITRUST “RIMScast: Aon's 2021 Retail Industry Overview” | Sponsored by Aon “RIMScast: A Legacy of Resilience” | Sponsored by J.B. Boda Group “The Golden Era of Insurance” | Sponsored by The Hartford “Insurance Investigation Trends Happening Now” | Sponsored by Travelers “What Could a CRO Do for Your Business?” | Sponsored by Riskonnect “Hard Reality: A Look at Rising Rates in Property & Excess Casualty” | Sponsored by AXA XL “Property Valuation Deep Dive” | Sponsored by TÜV SÜD “Property Loss Control Engineering” | Sponsored by Prudent Insurance Brokers RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops Upcoming RIMS — Virtual Workshops RIMS Webinars On-Demand Webinars RIMS Advisory Services — Ask a Peer Risk Management Magazine Risk Management Monitor RIMS Risk Leaders Series RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Merline Barrington of the Port Authority of NY & NJ! Spencer Educational Foundation RIMS DEI Council RIMS Path to the Boardroom Want to Learn More? Keep up with the podcast on RIMS.org and listen on iTunes. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. Follow up with Our Guests: Josephine Wolff's Profile Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks, by Josephine Wolff Tweetables (For Social Media Use): “I think one of the things that risk managers struggled with for a while now … is really trying to lock down: How do we understand what is a reasonable amount of risk to accept? When it is so hard to quantify.” — Josephine Wolff “I think another [cybersecurity issue] that we're going to see [that's] somewhat linked to the ransomware trend … is this question of state-sponsored cyberattacks.” — Josephine Wolff “I do think there's value in thinking through, in more detail, what a federal backstop for cyber attacks would look like. That's something insurers have been asking for, for a while.” — Josephine Wolff “The cyber insurance policies you can buy today look very different from the ones that you could buy 10‒15, 20 years ago. Part of how that fits in data privacy is understanding how breaches of personal information really drive this market from the beginning.” — Josephine Wolff
This bonus episode is an interview with Josephine Wolff and Dan Schwarcz, who along with Daniel Woods have written an article with the same title as this post. Their thesis is that breach lawyers have lost perspective in their no-holds-barred pursuit of attorney-client privilege to protect the confidentiality of forensic reports that diagnose the breach. Remarkably for a law review article, it contains actual field research. The authors interviewed all the players in breach response, from the company information security teams, the breach lawyers, the forensics investigators, the insurers and insurance brokers, and more. I remind them of Tracy Kidder's astute observation that, in building a house, there are three main players—owner, architect, and builder—and that if you get any two of them in the room alone, they will spend all their time bad-mouthing the third. Wolff, Schwarcz, and Woods seem to have done that with the breach response players, and the bad-mouthing falls hardest on the lawyers. The main problem is that using attorney-client privilege to keep a breach forensics process confidential is a reach. So, the courts have been unsympathetic. Which forces lawyers to impose more and more restrictions on the forensic investigator and its communications in the hope of maintaining confidentiality. The upshot is that no forensics report at all is written for many breaches (up to 95 percent, Josephine estimates). How does the breached company find out what it did wrong and what it should do to avoid the next breach? Simple. Their lawyer translates the forensic firm's advice into a PowerPoint and briefs management. Really, what could go wrong? In closing, Dan and Josephine offer some ideas for how to get out of this dysfunctional mess. I push back. All in all, it's the most fun I've ever had talking about insurance law.
This bonus episode is an interview with Josephine Wolff and Dan Schwarcz, who along with Daniel Woods have written an article with the same title as this post. Their thesis is that breach lawyers have lost perspective in their no-holds-barred pursuit of attorney-client privilege to protect the confidentiality of forensic reports that diagnose the breach. Remarkably for a law review article, it contains actual field research. The authors interviewed all the players in breach response, from the company information security teams, the breach lawyers, the forensics investigators, the insurers and insurance brokers, and more. I remind them of Tracy Kidder's astute observation that, in building a house, there are three main players—owner, architect, and builder—and that if you get any two of them in the room alone, they will spend all their time bad-mouthing the third. Wolff, Schwarcz, and Woods seem to have done that with the breach response players, and the bad-mouthing falls hardest on the lawyers. The main problem is that using attorney-client privilege to keep a breach forensics process confidential is a reach. So, the courts have been unsympathetic. Which forces lawyers to impose more and more restrictions on the forensic investigator and its communications in the hope of maintaining confidentiality. The upshot is that no forensics report at all is written for many breaches (up to 95 percent, Josephine estimates). How does the breached company find out what it did wrong and what it should do to avoid the next breach? Simple. Their lawyer translates the forensic firm's advice into a PowerPoint and briefs management. Really, what could go wrong? In closing, Dan and Josephine offer some ideas for how to get out of this dysfunctional mess. I push back. All in all, it's the most fun I've ever had talking about insurance law.
In this episode, Daniel Schwarcz, Fredrikson & Byron Professor of Law at the University of Minnesota Law School, Josephine Wolff, Associate Professor of Cybersecurity Policy at the Fletcher School at Tufts University, and Daniel W. Woods, Lecturer of Cybersecurity at the University of Edinburgh School of Informatics, discuss their article "How Privilege Undermines Cybersecurity," which will be published in the Harvard Journal of Law & Technology. They begin by explaining what the attorney-client privilege and work product doctrines are and how they negatively affect cybersecurity investigations and the implementation of lessons learned from those investigations. They describe their qualitative study of lawyers and cybersecurity professionals conducting cybersecurity investigations. And they make recommendations about how courts could amend their approach to privilege to improve cybersecurity outcomes.This episode was hosted by Brian L. Frye, Spears-Gilbert Professor of Law at the University of Kentucky College of Law. Frye is on Twitter at @brianlfrye. Hosted on Acast. See acast.com/privacy for more information.
Adding regulations to cryptocurrency Josephine Wolff, associate professor of cybersecurity policy at the Fletcher School at Tufts University, discusses what regulating cryptocurrency in the U.S. could look like Opposition efforts from the National Resistance Front of Afghanistan against the Taliban Ali Nazary, head of foreign relations for the National Resistance Front of Afghanistan, explains how the organization is fighting against the Taliban in Afghanistan Congress reauthorizes the SBIR program for three more years Michael Crosby, CEO of Leadership Connect, discusses funding for the Small Business Innovation Research programSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Missed our exciting CYBER CON event with the WiCyS Privacy, Law, and Policy Affiliate?The Tech Policy Grind has you covered. Foundry Fellows Reema Moussa, Allyson McReynolds, Grant Versfeld & Lama Mohammed discuss highlights from the Foundry's first ever virtual cybersecurity convention, starring Amie D'souza, Josephine Wolff, Kassi Burns, Eva Galperin and Siena Anstis. They chat about the event's key theme; cybersecurity risk mitigation in law and policy, as well as particular practices around of cyber insurance, cyber hygiene for lawyers, and spyware. Coming soon from the Foundry: keep an eye out for the next round of applications to become a Foundry Fellow! If you'd like to sponsor an episode or propose a guest for the show, get in touch with us: foundrypodcasts@ilpfoundry.us If you'd like to support the show, consider donating to the Foundry; you can do so here. Resources Mentioned: Scraping Suit Hinges On When LinkedIn Discovered Violations [Law360]
Join Rob and Lee as they talk with Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at The Fletcher School at Tufts University; and author of the book “Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks”. Don't miss this great episode as they discuss cybersecurity and cyberinsurance, two interesting topics that have only drawn more attention and discussion in the insurance, technology, and their intersection. Check out “Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks”, available on Amazon, MIT Press, and most book retailers. Like what you hear on FNO: InsureTech? Know someone who would be a great guest for the podcast? Let us know: Email us at almoss@alacritysolutions.com.
Apple patches its software. Reviewing the cyber phase of a hybrid war. The return of the (ShadowPad) alumni. Phishing from the Static Expressway. The state of cloud security. Overconfidence comes at a cost. Ann Johnson of Afternoon Cyber Tea speaks with Dr. Josephine Wolff from the Fletcher School about cyber insurance past. My conversation with FBI special agents Tom Sobocinski and Tom Breeden. And Charming Kitten and group-think in social engineering. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/176 Selected reading. Apple security updates (Apple Support) Ukraine Cyber War Update September 2022 (CyberCube) New Wave of Espionage Activity Targets Asian Governments (Broadcom Software Blogs) Chinese gov't hackers using ‘diverse' toolset to target Asian prime ministers, telecoms (The Record by Recorded Future) Leveraging Facebook Ads to Send Credential Harvesting Links (Avanan) Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities (FBI) CFO Cyber Security Survey: Over-Confidence is Costly (Kroll) Snyk's State of Cloud Security Report Reveals 80% of Organizations Have Experienced a Severe Cloud Security Incident in Past Year (Snyk) Look What You Made Me Do: TA453 Uses Multi-Persona Impersonation to Capitalize on FOMO (Proofpoint) Iranian military using spoofed personas to target nuclear security researchers (The Record by Recorded Future) Alleged cyber commander of Iran's Revolutionary Guard named by opposition outlet (Times of Israel)
Dr. Josephine Wolff, associate professor of cybersecurity policy within The Fletcher School at Tufts University, joins Afternoon Cyber Tea this week to discuss the history, challenges, and opportunities in cyber insurance. What was first developed in the late 1990s as protection against computer viruses, cyber insurance has evolved into an incredibly complex and, in some cases, tension-filled industry. Ann and Dr. Wolff discuss the cyber insurance industry's initial goals, the differences in cyber insurance policies, and the points of view on ransomware insurance directly funding cybercrime. In This Episode You Will Learn: What types of risks do insurers cover, and how they are designing and charging for policies How can we help policymakers get ahead of the curve and drive change in security Why we need greater cooperation and data sharing when it comes to threat intelligence Some Questions We Ask: What were the initial motivations behind cyber insurance providers? What is some practical advice you would give to insurers looking to better support their customers? Are cyber insurers positively motivating businesses and leaders for the better? Resources: Dr. Wolff's new book, Cyberinsurance Policy is available now. View Dr. Wolff on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Listen to: Uncovering Hidden Risks Listen to: Security Unlocked Listen to: Security Unlocked: CISO Series with Bret Arsenault Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.
Last week saw multiple major cryptocurrency hacks, one affecting wallets mostly linked to solana coins. Another hit Nomad, a blockchain bridge where users exchange assets on different blockchains. The losses totaled about $200 million. And these are just the latest hacks. So far this year, there’s been more than $1 billion stolen. So, why is this industry such a target? Marketplace’s Meghan McCarty Carino speaks with Josephine Wolff, associate professor of cybersecurity policy at the Fletcher School at Tufts University.
Last week saw multiple major cryptocurrency hacks, one affecting wallets mostly linked to solana coins. Another hit Nomad, a blockchain bridge where users exchange assets on different blockchains. The losses totaled about $200 million. And these are just the latest hacks. So far this year, there’s been more than $1 billion stolen. So, why is this industry such a target? Marketplace’s Meghan McCarty Carino speaks with Josephine Wolff, associate professor of cybersecurity policy at the Fletcher School at Tufts University.
In February of this year, the DOJ made the largest financial seizure in the department's history - $3.6 billion worth of cryptocurrency that had been stolen from the Bitfinex crypto exchange nearly 6 years earlier. They traced the laundered money through a complex web of currency swaps, darknet markets, and fiat bank accounts, all of which led them to arrest NYC-based couple Heather Morgan and Ilya Lichtenstein. While the outcome of this case is touted as a win for law enforcement over cybercriminals, it also reveals a lot about the state of cryptocurrency in the United States - fractured regulatory schemes, technical complexities, even the idiosyncratic culture that surrounds it. This week, The Buzz is joined by Josephine Wolff, Assistant Professor of Cybersecurity at the Fletcher School at Tufts University, to discuss what the arrests of Morgan and Lichtenstein show about crypto's place in financial crime and how law enforcement and regulators can respond. Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on Twitter @ACTIAC or visit http://www.actiac.org.
Sometimes a fun game, a friendly email, or an innocuous link can be the most convenient place for an enemy to hide. And its prey is none the wiser—until it strikes. The trojan horse uses many layers of deception to do damage. The ingenuity of these attacks keeps an alarming pace with the technology we use every day. But as long as we stick to trusted sites and sources, we can better the odds against those who use our trusting nature against us. Steve Weisman tells us about how trojans still keep security professionals on the defensive. Josephine Wolff details how these attacks have evolved, and keep evolving, to catch victims off guard. And Yanick Franantonio takes on the new frontier for trojan attacks. If you want to read up on some of our research on trojans, you can check out all our bonus material over at redhat.com/commandlineheroes.Follow along with the episode transcript.
This week we dive into the hot topic of cyber insurance with Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University The Fletcher School and author of the book “You'll See This Message When it is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches” (MIT Press 2018). We explore the dynamic industry of cyber insurance and key policy areas such as defining cyber war, the impact of the increase of ransomware the last two years (some stats put it at 150% increase!), and how to change security behaviors. She also shares insights on AI and the always looming theme of bias as well as the importance of always keeping a human in the loop. And, be sure to look out for her new book on cyber insurance with MIT Press coming out in August 2022. Josephine Wolff - Associate Professor of Cybersecurity Policy at Tufts University's The Fletcher School Josephine Wolff is an associate professor of cybersecurity policy and has been associated with The Fletcher School at Tufts University since 2019. Her research interests include international Internet governance, cyber-insurance, security responsibilities and liability of online intermediaries, government-funded programs for cybersecurity education and workforce development, and the legal, political, and economic consequences of cybersecurity incidents. Her book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018. Her writing on cybersecurity has also appeared in Slate, The New York Times, The Washington Post, The Atlantic, and Wired. Prior to joining Fletcher, she was an assistant professor of public policy at the Rochester Institute of Technology and a fellow at the New America Cybersecurity Initiative and Harvard's Berkman Klein Center for Internet & Society. She received received a Ph.D. in Engineering Systems and M.S. in Technology and Policy from MIT, and an A.B. in mathematics from Princeton. As a student, she also spent time at Microsoft, the Center for Democracy and Technology, the White House Office of Science and Technology Policy, and the Department of Defense. https://www.linkedin.com/in/josephine-wolff-1baa414b/ For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e168
The International Risk Podcast is a weekly podcast for senior executives, board members and risk advisors. In these podcasts, we speak with risk management specialists from around the world. Our host is Dominic Bowen, originally from Australia, is one of Europe's leading international risk specialists. Having spent the last 20 years successfully establishing large and complex operations in the world's highest risk areas and conflict zones, Dominic now joins you to speak with exciting guests from around the world to discuss risk.The International Risk Podcast – Reducing risk by increasing knowledgeFollow us on Facebook, Twitter, Instagram, and LinkedIn for all our great updates.Josephine Wolff is an associate professor of cybersecurity policy at the Fletcher School of Law and Diplomacy at Tufts University. Her book "You'll See This Message When It Is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches" was published by MIT Press in 2018. Her writing on cybersecurity has also appeared in Slate, The New York Times, The Washington Post, The Atlantic, and Wired.You can read more about Josephine Wolff at https://fletcher.tufts.edu/people/josephine-wolff Thank you for listening to another International Risk Podcast. Do you know someone who would like to listen to this episode? Share it with them now.Connect with us on LinkedIn here The International Risk Podcast: LinkedInThank you for listening.
Save Meduza!https://support.meduza.io/enOur main story this week is the treason case against Ilya Sachkov, the 35-year-old CEO of the cybersecurity firm Group-IB. On Wednesday morning, September 29, hours after officials raided the company's Moscow office, a local court jailed Sachkov for the next two months, pending trial. That will likely be extended several times, as the authorities collect more evidence. The Naked Pravda explores why Sachkov may have been arrested and asks what his case means for Russia's cybersecurity industry and Moscow's troubled cooperation with the United States against cybercrime. Timestamps for this week's episode: (2:12) Developments in Russia's expanding regulation of “foreign agents” (7:57) A blogger's scandalous offense, plus RT enlists the might of Russia's federal censor in its battle with YouTube (13:00) Dr. Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School of Law and Diplomacy (16:58) Dr. Julien Nocetti, an associate fellow at the French Institute of International Relations (19:45) RFE/RL journalist Mike Eckel “The Naked Pravda” comes out on Saturdays (or sometimes Fridays). Catch every new episode by subscribing at Apple Podcasts, Spotify, Google Podcasts, or other platforms. If you have a question or comment about the show, please write to Kevin Rothrock at kevin@meduza.io with the subject line: “The Naked Pravda.”
“Trust no one,” sounds like the tagline for a paranoid spy thriller, but when it comes to protecting your company, cybersecurity experts say it might just be sound advice.“Zero trust” is a security concept from the nineties having a renaissance today, as companies try to deal with bolder and more sophisticated cyberattacks. Since threats can now come from anywhere, say zero trust proponents, the suspicion that’s normally reserved for strange attachments and fishy emails must now extend to all parts of your business. Remote employee logins, external software updates, even hardware from reputable dealers—everything is under scrutiny. But how deep does the rabbit hole go? How can a regular business implement zero-trust architecture? And most importantly, will your CEO be locked out of their email?In this episode, host Michael Bird speaks with Josephine Wolff, Assistant Professor of Cybersecurity Policy at Tufts University about the broad-reaching SolarWinds security breach, which has shown the need for zero trust strategies. We learn about how the changing workforce affects the evolving world of enterprise security from Simon Wilson, Chief Technology Officer of Aruba Networks in the UK & Ireland. In addition, HPE Chief Technologist Chris Dando stops by to scare us to bits about all the potential compromises in our supply chain.The long show notes for this episode can be found here: https://community.hpe.com/t5/HPE-Blog-UK-Ireland/Zero-Trust-An-impossible-goal/ba-p/7134167#.YKNXp6hueUk
The International Law Journal and National Security Law Journal, in partnership with NSI, presented a Fall 2020 virtual symposium – Running Interference: Protecting the Integrity of American Elections.This panel was focused on the recent Senate Intelligence Committee Report and addressed Russia’s infiltration of the U.S. election process, investigations into particular destabilization techniques, the DNC hack, international legal ramifications, and lessons learned. This panel occured on Friday, October 23rd, and featured:Andy Keiser – NSI Fellow and Former Senior Advisor on the House Intelligence CommitteeMegan Stifel, NSI Visiting Fellow and Executive Director, Americas, at the Global Cyber AllianceProf. Josephine Wolff, Assistant Professor of cybersecurity policy at the Tufts University Fletcher School of Law and Diplomacymoderated byJamil N. Jaffer, NSI Founder and Executive Director See acast.com/privacy for privacy and opt-out information.
The relationship between China and the US has been a rollercoaster since the beginning of the Trump administration. Tensions have escalated with a trade war, and the US has repeatedly blamed China for the coronavirus pandemic. But could this powerful relationship improve after the 2020 presidential election? We're exploring what an administration change, or not, could mean for foreign relations between the world's biggest economies.In this episode:Azhar Sukri, Asia business editor for Al Jazeera Digital; Katrina Yu (@Katmyu), Al Jazeera journalist in Beijing, China; and Josephine Wolff (@josephinecwolff), assistant professor of cybersecurity policy at Tufts University.Connect with The Take: Twitter (@ajthetake), Instagram (@ajthetake) and Facebook (@TheTakePod)
Elizabeth Dykstra-McCarthy interviews Josephine Wolff and Peter Chase to discuss how the COVID-19 pandemic has catalysed a shift toward virtual life, what the implications of such a change are for data collection, how we might wrest back control of our personal information, and what the future of technological sovereignty might look like. This episode was presented and edited by Elizabeth Dykstra-McCarthy with lead researchers for this episode, Manisha Vepa and Sulagna Basu. The Executive Producer is Elizabeth Dykstra and Associate Producer, Max Klaver, with Rachel Carp as Assistant Editor. Many thanks to this week's interviewees, Josephine Wolff and Peter Chase. Opening music: Tango de Manzana by Kevin MacLeod Link: https://incompetech.filmmusic.io/song/4460-tango-de-manzana License: http://creativecommons.org/licenses/by/4.0/
Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discuss how liability and blame is a serious obstacle to keeping the internet secure with our guest, professor and published author, Josephine Wolff.
The federal government has lost a lot of its cybersecurity talent to the private sector. They've departed The Department of Homeland Security and the White House, and there's no more office of the chief information security officer. Tufts University Fletcher School professor Josephine Wolff has been following this with alarm, and she joined Federal Drive with Tom Temin to discuss.
In this episode we meet Josephine Wolff, author of a new book on financial and economic cybercrime, You'll See This Message When It Is Too Late (https://mitpress.mit.edu/books/youll-see-message-when-it-too-late) . We discuss two important case studies from the book. First, GameOver Zeus (https://en.wikipedia.org/wiki/Gameover_ZeuS) - a massive financial fraud botnet which innovated by using P2P to distribute its command and control infrastructure, and a network of money mules to route funds to its owners, making it extremely hard to detect. The evolution of this botnet in response to Bitcoin demonstrates how cryptocurrency has produced a real paradigm shift in cybercrime - not least in shifting the financial impact of the crime onto the individuals and away from credit card companies and banks. Moving on to the case of PLA 61398 (https://en.wikipedia.org/wiki/PLA_Unit_61398) , we discuss the Chinese deployment of hacking resources for economic advancement via China's so-called APT or Advanced Persistent Threat Units. What started with phishing attacks on the email accounts of company offices eventually obtained -- via privilege escalation -- intelligence on pricing, methods, and enough information to tip the balance on crucial trade negotiations. What I found most interesting of all here is that the way China responded to detection shows that it brooks no distinction between political and economic espionage, or America's idea of what is 'okay' and 'not-okay' digital spying. Wrapping up, we discuss the question of international law and order in the context of massive, distributed cyber operations that remain extremely hard to detect and police. Will multinationals be forced into service as proxies for international co-operation at state level, and into taking responsibility as intermediaries in cybercrime? How would such politicisation of platforms and services look -- and are we in its first stages already? And finally, could there be a new detente as the great powers understand the leverage they have available to affect each other's critical infrastructures through cyberwarfare? Josephine Wolff is an assistant professor in the Public Policy department at RIT and a member of the extended faculty of the Computing Security department as well as a fellow at the New America Cybersecurity Initiative. Wolff received her Ph.D. in Engineering Systems: Technology, Management and Policy and M.S. in Technology and Policy from the Massachusetts Institute of Technology, as well as her A.B. in Mathematics from Princeton University. Grab Josephine’s book, ‘You’ll See This Message When It Is Too Late,’ here at Amazon (https://www.amazon.com/Youll-this-message-when-late/dp/0262038854) or at any other traditional online retailers.
On today’s show, hosts April Glaser and Will Oremus will talk reader mail! The hosts take a look at some of your questions and comments from the year, in particular about how your relationship to technology and social media has changed in a year that has been tumultuous for tech companies like Facebook, Google, and Twitter. Then, they’ll talk about cybersecurity, hacks, and the sometimes bizarre legal battles that ensue after a big data theft. They’re be joined by Josephine Wolff, a professor of public policy at Rochester Institute of Technology and the author of “You'll see this message when it is too late: The Legal and Economic Aftermath of Cybersecurity Breaches.” They’ll talk to her about some of the most significant breaches in the last decade, how those companies holding that information have been held accountable, and what it means for the everyday user who just wants to shop at Target. Podcast production by Max Jacobs If Then plugs: You can get updates about what’s coming up next by following us on Twitter @ifthenpod. You can follow Will @WillOremus and April @Aprilaser. If you have a question or comment, you can email us at ifthen@slate.com. If Then is presented by Slate and Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, follow us on Twitter and sign up for our weekly newsletter. Listen to If Then via Apple Podcasts, Overcast, Spotify, Stitcher, or Google Play. This episode is brought to you by Merrill Lynch. Get started today at ML.com/you. Learn more about your ad choices. Visit megaphone.fm/adchoices
If Then | News on technology, Silicon Valley, politics, and tech policy
On today’s show, hosts April Glaser and Will Oremus will talk reader mail! The hosts take a look at some of your questions and comments from the year, in particular about how your relationship to technology and social media has changed in a year that has been tumultuous for tech companies like Facebook, Google, and Twitter. Then, they’ll talk about cybersecurity, hacks, and the sometimes bizarre legal battles that ensue after a big data theft. They’re be joined by Josephine Wolff, a professor of public policy at Rochester Institute of Technology and the author of “You'll see this message when it is too late: The Legal and Economic Aftermath of Cybersecurity Breaches.” They’ll talk to her about some of the most significant breaches in the last decade, how those companies holding that information have been held accountable, and what it means for the everyday user who just wants to shop at Target. Podcast production by Max Jacobs If Then plugs: You can get updates about what’s coming up next by following us on Twitter @ifthenpod. You can follow Will @WillOremus and April @Aprilaser. If you have a question or comment, you can email us at ifthen@slate.com. If Then is presented by Slate and Future Tense, a collaboration among Arizona State University, New America, and Slate. Future Tense explores the ways emerging technologies affect society, policy, and culture. To read more, follow us on Twitter and sign up for our weekly newsletter. Listen to If Then via Apple Podcasts, Overcast, Spotify, Stitcher, or Google Play. This episode is brought to you by Merrill Lynch. Get started today at ML.com/you. Learn more about your ad choices. Visit megaphone.fm/adchoices
A lot of personal information about you is completely invisible, intangible, and racing around cyberspace on a mission to pay your bills and geolocate your Facebook status. And, of course, this is useful and in a lot of ways really cool. But today on Radio Berkman we’re going to talk about the obstacles presented by a data-driven society. How can we keep mountains of information out of the wrong hands without compromising all the great benefits we get everyday? First, we talk to Bruce Schneier, a fellow at the Berkman Center and the author of Data and Goliath, The Hidden Battles to Capture Your Data and Control Your World. In this book, Schneier notes that the bulk collection of data isn’t going away, but changes in policy and public perception could allow citizens to have more control over how this information gets used. And in the second half of the show we talk to Josephine Wolff, who is also a Berkman Fellow and PhD candidate in the Engineering Systems Division at MIT studying cybersecurity and Internet policy. If you were concerned by the major credit card or email breaches of the last few years, you’ll want to hear this. Credits for this episode here: http://blogs.law.harvard.edu/mediaberkman/2015/06/08/radio-berkman-218-the-threats-and-tradeoffs-of-big-data/