Podcasts about national cybersecurity awareness month

Play Episode Listen Later Oct 14, 2025 42:07

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Katherine Henry of Bradley, Arant, Boult, Cummings, and Harold (Hal) Weston of Georgia State University, Greenberg School of Risk Science, who are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview.” Katherine and Hal take the discussion beyond the pages and delve into best cybersecurity practices, cyber insurance, and Safe Harbor laws offered by some states and possibly to be offered soon by others. They discuss frameworks and standards, and what compliance means for your organization, partly based on your state law. Listen for advice to help you be prepared against cybercrime. Key Takeaways: [:01] About RIMS and RIMScast. [:16] About this episode of RIMScast. We will be joined by the authors of the legislative review, “A 2025 Cybersecurity Legal Safe Harbor Overview”, Katherine Henry and Harold Weston. Katherine and Harold are also prominent members of the RIMS Public Policy Committee. [:48] Katherine and Harold are also here to talk about Cybersecurity Awareness Month and safe practices. But first… [:53] RIMS-CRMP Prep Workshops! The next RIMS-CRMP Prep Workshops will be held on October 29th and 30th and led by John Button. [1:05] The next RIMS-CRMP-FED Virtual Workshop will be held on November 11th and 12th and led by Joseph Mayo. Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:23] RIMS Virtual Workshops! RIMS has launched a new course, “Intro to ERM for Senior Leaders.” It will be held again on November 4th and 5th and will be led by Elise Farnham. [1:37] On November 11th and 12th, Chris Hansen will lead “Fundamentals of Insurance”. It features everything you've always wanted to know about insurance but were afraid to ask. Fear not; ask Chris Hansen! RIMS members always enjoy deep discounts on the virtual workshops! [1:56] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [2:08] Several RIMS Webinars are being hosted this Fall. On October 16th, Zurich returns to deliver “Jury Dynamics: How Juries Shape Today's Legal Landscape”. On October 30th, Swiss Re will present “Parametric Insurance: Providing Financial Certainty in Uncertain Times”. [2:28] On November 6th, HUB will present “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World”. Register at RIMS.org/Webinars. [2:40] Before we get on with the show, I wanted to let you know that this episode was recorded in the first week of October. That means we are amid a Federal Government shutdown. RIMS has produced a special report on “Key Considerations Regarding U.S. Government Shutdown.” [2:58] This is an apolitical problem. It is available in the Risk Knowledge section of RIMS.org, and a link is in this episode's show notes. Visit RIMS.org/Advocacy for more updates. [3:12] Remember to save March 18th and 19th on your calendars for the RIMS Legislative Summit 2026, which will be held in Washington, D.C. I will continue to keep you informed about that critical event. [3:24] On with the show! It's National Cybersecurity Awareness Month here in the U.S. and in many places around the world. Cyber continues to be a top risk among organizations of all sizes in the public and private sectors. [3:40] That is why I'm delighted that Katherine Henry and Harold (Hal) Weston are here to discuss their new professional report, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [3:52] This report provides a general overview of expected cybersecurity measures that organizations must take to satisfy legal Safe Harbor requirements. [4:01] It summarizes state Safe Harbor laws that have been developed to ensure organizations are proactive about cybersecurity and that digital, financial, and intellectual assets are legally protected when that inevitable cyber attack occurs. [4:15] We are here to extend the dialogue. Let's get started! [4:21] Interview! Katherine Henry and Hal Weston, welcome to RIMScast! [4:41] Katherine was one of he first guests on RIMScast. Katherine is Chair of the Policyholder Insurance Coverage Practice at Bradley, Arant, Boult, Cummings. Her office is based in Washington, D.C. She works with risk managers all day on insurance issues. [5:05] Katherine has been a member of the RIMS Public Policy Committee for several years. She serves as an advisor to the Committee. [5:12] Justin thanks Katherine for her contributions to RIMS. [5:25] Hal is with Georgia State University. He has been with RIMS for a couple of decades. Hal says he and Katherine have served together on the RIMS Public Policy Committee for maybe 10 years. [5:48] Hal is a professor at Georgia State University, a Clinical Associate in the Robinson College of Business, Greenberg School of Risk Science, where he teaches risk management and insurance. Before his current role, Hal was an insurance lawyer, both regulatory and coverage. [6:05] Hal has a lot of students. He is grading exams this week. He has standards for his class. In the real world, so does a business. [6:46] Katherine and Hal met through the RIMS Public Policy Committee. They started together on some subcommittees. Now they see each other at the annual meeting and on monthly calls. [7:05] Katherine and Hal just released a legislative review during RIMS's 75th anniversary, “A 2025 Cybersecurity Legal Safe Harbor Overview”. It is available on the Risk Knowledge page of RIMS.org. [7:20] We're going to get a little bit of dialogue that extends beyond the pages. [7:31] Katherine explains Safe Harbor: When parties are potentially liable to third parties for claims, certain states have instilled Safe Harbor Laws that say, If you comply with these requirements, we'll provide you some liability protection. [7:45] Katherine recommends that you read the paper to see what the laws are in your state. The purpose of the paper is to describe some of those Safe Harbor laws, as well as all the risks. [8:04] October 14th, the date this episode is released, is World Standards Day. Hal calls that good news. Justin says the report has a correlation with the standards in the risk field. [8:43] Justin states that many states tie Safe Harbor eligibility to frameworks like NIST, the ISO/IEC 27000, and CIS Controls. [9:27] Hal says, There are several standards, and it would be up to the Chief Information Security Officer to guide a company on which framework might be most appropriate for them. There are the NIST, UL, and ISO, and they overlap quite a bit. [9:56] These are recognized standards. In some states, if a company has met this standard of cybersecurity, a lawsuit against the company for breach of its standard of care for maintaining its information systems would probably be defensible for having met a recognized standard. [10:23] Katherine adds that as risk managers, we can't make the decision about which of these external standards is the best. Many organizations have a Cybersecurity Officer responsible for this. [10:44] For smaller organizations, there are other options, including outsourcing to a vendor. Their insurance companies may have recommendations. So you're not on your own in making this decision. [11:14] Katherine says firms should definitely aim for one recognized standard. Katherine recommends you try to adhere to the highest standard. If you are global, you need to be conscious of standards in other countries. [11:46] Hal says California tends to have the highest standards for privacy and data protection. If you're a financial services company, you're subject to New York State's Department of Financial Services Cyber Regulation. [12:02] If you're operating in Europe, GDPR is going to be the guiding standard for what you should do. Hal agrees with Katherine: Any company that spans multiple states should pick the highest standard and stick to that, rather than try to implement five or 52 standards. [12:23] When you're overseas, you may not be able to just pick the highest standard; there are challenges in going from one country or region of Europe back to the U.S. If one is higher, it will probably be easier. [12:38] There are major differences between the U.S., which has little Federal protection, vs. state protection. [13:10] Katherine says if you don't have the internal infrastructure, and you can't afford that infrastructure, the best thing is to pivot to an outside vendor. There are many available, with a broad price range. Your cyber insurer may also have some vendors they already work with. [13:40] Hal would add, Don't just think about Safe Harbors. That's just a legal defense. Think about how you reduce the risk by adopting standards or hiring outside firms that will provide that kind of risk protection and IT management. [13:59] If they're doing it right, they may tell you the standards they use, and they may have additional protocols, whether or not they fall within those standards, that would also be desirable. A mid-sized firm is probably outsourcing it to begin with. [14:21] They have to be thinking about it as risk, rather than just Safe Harbor. You have to navigate to the Safe Harbor. You don't just get there. [14:31] Quick Break! RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through the 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when you register by October 30th! [14:50] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by October 30th, and you will also be entered to win a $500 raffle! Do not miss out on this chance to plan and score some of these extra perks! [15:03] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to join us! Visit RIMS.org/Membership and build your network with us here at RIMS! [15:16] The RIMS Legislative Summit 2026 is mentioned during today's episode. Be sure to mark your calendar for March 18th and 19th in Washington, D.C. Keep those dates open. [15:28] Join us in Washington, D.C., for two days of Congressional Meetings, networking, and advocating on behalf of the risk management community. Visit RIMS.org/Advocacy for more information and updates. [15:41] Let's return to our interview with Katherine Henry and Hal Weston! [15:54] We're talking about their new paper, “A 2025 Cybersecurity Legal Safe Harbor Overview”. Katherine mentions that some businesses are regulated. They have to comply with external regulatory standards. [16:38] Other small brick-and-mortar businesses may not have any standards they have to comply with. They look for what to do to protect themselves from cyber risk, and how to tell others they are doing that. [16:54] If you can meet the standards of Safe Harbor laws, a lot of which are preventative, before a breach, you can inform your customers, “These are the protections we have for your data.” You can tell your board, “These are the steps we're taking in place.” [17:13] You can look down the requirements of the Safe Harbor law in your state or a comparable state, and see steps you can take in advance so you can say, “We are doing these things and that makes our system safer for you and protects your data.” [17:34] Hal says you don't want to have a breach, and if you do, it would be embarrassing to admit you were late applying a patch, implementing multi-factor authentication, or another security measure. By following standards of better cyber protection, you avoid those exposures. [18:07] Hal says every company has either been hacked and knows it, or has been hacked and doesn't know it. If you're attacked by a nation-state that is non-preventable, you're in good shape. [18:26] If you're attacked because you've left some ports open on your system, or other things that are usually caught in cybersecurity analyses or assessments, that's the embarrassing part. You don't want to be in that position. [18:43] Katherine says it's not just your own systems, but if you rely on vendors, you want to ensure that the vendors have the proper security systems in place so that your data, to the extent that it's transmitted to them, is not at risk. [19:07] Also, make sure that your vendors have cyber insurance and that you're an additional insured on that vendor's policy if there's any potential exposure. [19:22] Hal says If you're using a cloud provider, do you understand what the cloud provider is doing? In most cases, they will provide better security than what you could do on your own, but there have been news stories that even some of those have not been perfect. [20:22] Hal talks about the importance of encryption. It's in the state statutes and regulations. There have been news stories of companies that didn't encrypt their data on their servers or in the cloud, and didn't understand encryption, when a data breach was revealed. [20:52] Hal places multi-factor authentication up with encryption in importance. There was a case brought against a company that did not have MFA, even though it said on its application on the cyber policy that the company used it. [21:13] Hal says these are standard, basic things that no company should be missing. If you don't know that your data is encrypted, get help fast to figure that out. [21:51] Hal has also seen news stories of major companies where the Chief Technology Officer has been sued individually, either by the SEC or others, for not doing it right. [22:07] Katherine mentions there are insurance implications. If you mistakenly state you're providing some sort of protection on your insurance application that you're not providing, the insurer can rescind your coverage, so you have no coverage in place at all. [22:23] Katherine says, These are technical safeguards, but we know the human factor is one of the greatest risks in cybersecurity. Having training for everyone who has access to your computer system, virtually everyone in your organization, is very important. [22:49] Have a test with questions like, Is this a spam email or a real email? There are some vendors who can do all this for you. Statistics show that the human element is one of the most significant problems in cybersecurity protection. [23:05] Justin says it's October, Cybersecurity Awareness Month in the U.S. Last week's guest, Gwenn Cujdik, the Incident Response and Cyber Services Lead for North America at AXA XL, said the number one cyber risk is human error, like clicking the phishing link. [23:45] Justin brings up that when he was recently on vacation, he got an email on his personal email account, “from his CEO,” asking him to handle something for them. Justin texted somebody else at RIMS, asking if they got the same email, and they hadn't. [24:14] Justin sent the suspect email to the IT director to handle. You have to be vigilant. Don't let your guard down for a second. [24:48] Katherine has received fake emails, as well. [24:51] Hal says it has happened to so many people. Messages about gift cards or the vendor having a new bank account. Call the vendor that you know and ask what this is. [25:12] Hall continues. It's important to train employees in cybersecurity, making sure that they are using a VPN when they are outside of the office, or even a VPN that's specific to your company. [25:32] Hal saw in the news recently that innocent-looking PDF files can harbor lots of malware. If you're not expecting a PDF file from somebody, don't click on that, even if you know them. Get verification. Start a new thread with the person who sent it and ask if it is a legitimate PDF. [26:08] Justin says of cybercriminals that they are smart and their tactics evolve faster than legislation. How can organizations anticipate the next generation of threats? [26:34] Katherine says, You need to have an infrastructure in your organization that does that, or you need to go to an outside vendor. You need some sort of protection, internally or externally. [27:11] Katherine says she works with CFOs all the time. If an organization isn't large enough to have a risk manager, it's a natural fit for the CFO, who handles finances, to handle insurance. When it comes to cybersecurity, a CFO needs help. [27:46] The CFO should check the cyber policy to see what support services are already there and see if there are any that are preventative, vs. after a breach. If there are not, Katherine suggests pivoting to an outside vendor. [28:07] Hal continues, This interview is for RIMS members who are risk managers and the global risk community. Risk managers don't claim to know all the risk control measures throughout a company. They rely upon the experts in the company and outside. [28:29] If the CFO is the risk manager, he or she has big gaps in expertise needed for risk management. It's the same for the General Counsel running risk management. Risk managers are known for having small staffs and working with everybody else to get the right answers. [28:55] If you're dealing with the CFO or General Counsel in those roles, they need to be even more mindful to work with the right experts for guidance. [29:09] One Final Break! As many of you know, the RIMS ERM Conference 2025 will be held on November 17th and 18th in Seattle, Washington. We recently had ERM Conference Keynote Speaker Dan Chuparkoff on the show. [29:26] He is back, just to deliver a quick message about what you can expect from his keynote on “AI and the Future of Risk.” Dan, welcome back to RIMScast! [29:37] Dan says, Greetings, RIMS members and the global risk community! I'm Dan Chuparkoff, AI expert and the CEO of Reinvention Labs. I'm delighted to be your opening keynote on November 17th at the RIMS ERM Conference 2025 in Seattle, Washington. [29:52] Artificial Intelligence is fueling the next era of work, productivity, and innovation. There are challenges in navigating anything new. This is especially true for risk management, as enterprises adapt to shifting global policies, economic swings, and a new generation of talent. [30:10] We'll have a realistic discussion about the challenges of preparing for the future of AI. To learn more about my keynote, “AI and the Future of Risk Management,” and how AI will impact Enterprise Risk Management for you, listen to my episode of RIMScast at RIMS.org/Dan. [30:29] Be sure to register for the RIMS ERM Conference 2025, in Seattle, Washington, on November 17th and 18th, by visiting the Events page on RIMS.org. I look forward to seeing you all there. [30:40] Justin thanks Dan and looks forward to seeing him again on November 17th and hearing all about the future of AI and risk management! [30:48] Let's Conclude Our Interview about Navigating Cyber and IT Practices to Legal Safe Harbors with Katherine Henry and Hal Weston! [31:17] Katherine tells about how Safe Harbor compliance influences cyber insurance. If your organization applies for cyber insurance and you can't meet some minimum threshold that will be identified on the application, the insurer will not even offer you cyber insurance. [31:34] You need to have some cyber protections in place. That's just to procure insurance. Cyber insurance availability is growing. Your broker can bring you more insurers to quote if you can show robust safeguards. [32:05] After the breach, your insurer is supposed to step in to help you. Your insurer will be mindful of whether or not your policy application is correct and that you have all these protections in place. [32:21] The more protections you have, the quicker you might be able to shut down the breach, and the resulting damage from the breach, and that will lower the resulting cost of the claim and have less of an impact on future premiums. [32:36] If the cyber insurer just had to pay out the limits because something wasn't in place, that quote next year is not going to look so pretty. Your protections have a direct impact on both the availability and cost of coverage. [32:50] Justin mentions that the paper highlights Connecticut, Tennessee, Iowa, Ohio, Utah, and Oregon as the states with Safe Harbor laws. The Federal requirements are also listed. Katherine expects that more states will offer Safe Harbor laws as cybercrime lawsuits increase. [33:42] Hal says Oregon, Ohio, and Utah were the leaders in creating Safe Harbors. Some of the other states have followed. Safe Harbor is a statutory protection against liability claims brought by the public. [34:06] In other states, you can't point to a statute that gives protection, but you can say you complied with the highest standards in the nation, and you probably have a pretty defensible case against a claim for not having kept up with your duty to protect against a cyber attack. [34:55] Hal adds that every company is going to be sued, and the claim is that you failed to do something. If you have protected yourself with all the known best practices, as they evolve, what more is a company supposed to do? [35:18] The adversaries are nation-states; they are professional criminals, sometimes operating under the protection of nation-states, and they're using artificial intelligence to craft even more devious ways to get in. [36:19] Katherine speaks from a historical perspective. A decade ago, cyber insurance was available, but there was no appetite for it. There wasn't an understanding of the risk. [36:32] As breaches began to happen and to multiply, in large amounts of exposure, with companies looking at millions of dollars in claims, interest grew. Katherine would be surprised today if any responsible board didn't take cyber risk extremely seriously. [36:55] The board's decision now is what limits to purchase and from whom, and not, “Should we have cyber insurance at all?” Katherine doesn't think it's an issue anymore in any medium-sized company. [37:17] The risk manager should present to the board, “We benchmark. Our broker benchmarks. Companies of our size have had this type of claim, with this type of exposure, and they've purchased this amount of limits. We need to be at least in that place.” Boards will be receptive. [37:43] If they are not receptive, put on a PowerPoint with all the data that's out there about how bad the situation is. The average cost of a breach is well over $2 million. The statistics are quite alarming. A wise decision-maker will understand that you need to procure this coverage. [38:10] Katherine says, from the cybersecurity side, you procure the coverage, you protect the company, and take advantage of the Safe Harbors. All of those things come together with the preventative measures we've been talking about. [38:24] You can show your decision-makers and stakeholders that if you do all those things, comply with these Safe Harbor provisions, you're going to minimize your exposure, increase the availability of insurance, and keep your premiums down. It's a win-win package. [38:41] Justin says, It has been such a pleasure to meet you, Hal, and thank you for joining us. Katherine, it is an annual pleasure to see you. We're going to see you, most likely, at the RIM Legislative Summit, March 18th and 19th, 2026, in Washington, D.C. [39:01] Details to come, at RIMS.org/Advocacy. Katherine, you'll be there to answer questions. Katherine looks forward to the Summit. She has gone there for years. It's a great opportunity for risk managers to speak directly to decision-makers about things that are important to them. [39:42] Special thanks again to Katherine Henry and Hal Weston for joining us here today on RIMScast! Remember to download the new RIMS Legislative Review, “A 2025 Cybersecurity Legal Safe Harbor Overview”. [39:58] We are past the 30-day mark now, so the review is publicly available through the Risk Knowledge Page of RIMS.org. You can also visit RIMS.org/Advocacy for more information. In this episode's notes, I've got links to Katherine's prior RIMScast appearances. [40:18] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [40:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [41:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [41:22] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [41:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [41:53] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [42:05] Practice good risk management, stay safe, and thank you again for your continuous support! Links: RIMS Professional Report: “A 2025 Cybersecurity Legal Safe Harbor Overview” RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS ERM Conference 2025 — Nov. 17‒18 RISKWORLD 2026 — Members-only early registration through Oct 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RIMS Risk Management magazine | Contribute RIMS Now Cybersecurity Awareness Month World Standards Day — Oct 14, 2025 Upcoming RIMS Webinars: RIMS.org/Webinars “Jury Dynamics: How Juries Shape Today's Legal Landscape” | Oct. 16, 2025 | Sponsored by Zurich “Parametric Insurance: Providing Financial Certainty in Uncertain Times” | Oct. 30, 2025 | Sponsored by Swiss Re “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World” | Nov. 6 | Sponsored by Hub Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Virtual Exam Prep — Oct. 29‒30, 2025 RIMS-CRMP-FED Exam Prep Virtual Workshop — November 11‒12 Full RIMS-CRMP Prep Course Schedule “Risk Appetite Management” | Oct 22‒23 | Instructor: Ken Baker “Intro to ERM for Senior Leaders” | Nov. 4‒5 | Instructor: Elise Farnham “Fundamentals of Insurance” | Nov. 11‒12 | Instructor: Chris Hansen “Leveraging Data and Analytics for Continuous Risk Management (Part I)” | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes about Cyber and with Katherine Henry: “National Cybersecurity Awareness Month 2025 with Gwenn Cujdik” “AI Risks and Compliance with Chris Maguire” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver” “Legal and Risk Trends with Kathrine Henry (2023)” Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company Demystifying Multinational Fronting Insurance Programs | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guests: Katherine Henry, Partner and Chair of the Policyholder Coverage Practice, Bradley, Arant, Boult, and Cummings Harold Weston, Clinical Associate Professor and WSIA Distinguished Chair in Risk Management and Insurance, Georgia State University College of Law Production and engineering provided by Podfly.

ceo spotify fear california ai power europe conversations business interview education washington future fall challenges navigating practice ohio data partner philadelphia seattle safe risk north america tennessee pennsylvania oregon events utah legal iowa artificial intelligence companies connecticut summit insurance register practices federal advocacy sec messages cfo analytics statistics committee webinars membership cyber compliance fundamentals boards mfa key takeaways materials hal powerpoint uncertain times c suite new york state gdpr federal government risk management zurich iso hub chief technology officer vpn general counsel cummings new approach government shutdown certifications cfos georgia state university erm nist ul clinical associate professor chief information security officer senior leaders axa chris hansen incident response safe harbor cybersecurity awareness month rims swiss re enterprise risk management harbors national cybersecurity awareness month iso iec boult georgia state university college axa xl clinical associate robinson college podfly risk management magazine katherine henry

National Cybersecurity Awareness Month with Gwenn Cujdik

targeting bad guys bensound cybersecurity awareness month cyber security awareness national cybersecurity awareness month

Play Episode Listen Later Oct 7, 2025 46:20

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Gwenn Cujdik, the Incident Response and Cyber Services Lead for North America at AXA XL. Justin and Gwenn cover various cybersecurity topics, and how her 15 years as an Assistant District Attorney prepared her for her current role of responding to cyber attacks. Listen for tips on securing your organization, large or small, from cyber attacks and responding when, not if, they come. Gwenn shares her experiences and some advice. Listen for Gwenn's insights to help you be vigilant and prepared against cybercrime. Key Takeaways: [:01] About RIMS and RIMScast. [:14] With great sadness, the RIMS family lost a true leader in September. Susan Meltzer was an exceptional risk professional and passionate volunteer with RIMS. She served as the Society's President in 1999 and 2000. [:29] RIMS has established a scholarship fund in her name. You can donate to that fund through RIMS, The Foundation for Risk Management®, at RIMS.org/FRM. [:46] About this episode of RIMScast. This is our National Cybersecurity Awareness Month episode. Here to lend her insight on all things cyber is Gwenn Cujdik. She is the Incident Response and Cyber Services Lead for North America at AXA XL. [1:19] We're also going to talk about her fascinating career that antedates her time in cyber. [1:24] RIMS-CRMP Prep Workshops! The next RIMS CRMP Prep Workshops will be held on October 29th and 30th and led by John Button. [1:36] The next RIMS-CRMP-FED Virtual Workshop will be held on November 11th and 12th and led by Joseph Mayo. Links to these courses can be found through the Certifications page of RIMS.org and through this episode's show notes. [1:53] RIMS Virtual Workshops! RIMS has launched a new course, “Intro to ERM for Senior Leaders.” It will be held again on November 4th and 5th and will be led by Elise Farnham. [2:07] On November 11th and 12th, Chris Hansen will lead “Fundamentals of Insurance”. It features everything you've always wanted to know about insurance but were afraid to ask. Fear not; ask Chris Hansen! RIMS members always enjoy deep discounts on virtual workshops! [2:26] The full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's notes. [2:37] Several RIMS Webinars are being hosted this Fall. On October 9th, Global Risk Consultants returns to deliver “Natural Hazards: A Data-Driven Guide to Improving Resilience and Risk Financing Outcomes”. [2:51] On October 16th, Zurich returns to deliver “Jury Dynamics: How Juries Shape Today's Legal Landscape”. On October 30th, Swiss Re will present “Parametric Insurance: Providing Financial Certainty in Uncertain Times”. [3:08] On November 6th, HUB will present “Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World”. Register at RIMS.org/Webinars. [3:20] On with the show! It's National Cybersecurity Awareness Month here in the U.S. and in many places around the world. Cyber continues to be a top risk among organizations of all sizes in the public and private sectors. [3:35] Joining me today to discuss cybersecurity awareness is Gwenn Cujdik. You may remember her from the RIMS AXA XL webinar on September 4th, “Lock Down & Level Up.” [3:52] During that webinar, we had a brief, fascinating discussion about her time as an Assistant District Attorney in Pennsylvania. [4:01] I wanted to learn more about how someone transitions from a colorful career to cybersecurity and eventually becomes the Incident Response and Cyber Services Lead for North America at AXA XL. [4:15] She's got a lot on her plate. She's got a huge risk radar. We're going to talk all about it and help all the risk managers out there use her insight and perspective to protect their organizations. Let's get to it! [4:28] Interview! Gwenn Cujdik, welcome to RIMScast! [5:09] Gwenn is Incident Response and Cyber Services Lead for North America at AXA XL. When a client has a cyber breach, they call AXA XL and work with Gwenn's teams. [5:42] Gwenn works on training her teams to be able to respond, setting up procedures and processes to make the response seamless and collaborative, and making sure the clients get consistent service, whoever handles the call. [6:16] Gwen's team has 18. Four are in leadership with 14 more team members. Two managers directly supervise the teams to help them with answers to questions about unusual situations. [6:50] Gwenn helps the teams understand massive events and how they might affect AXA XL and their clients, how to interact with brokers, and technical matters. She helps the team understand coverages when it comes to something unique. “It's all hands on deck for us!” [7:55] Gwenn says, Fighting crime is a part of who I am. She is driven by helping others get through some terrible times. She has seen the worst of the worst. Sometimes it takes just one helping hand to get people through tough times. She has seen how impactful that can be. [8:44] Sometimes, in a crisis, how people interact with the victim could be the recipe for them to recover fully from that event. Gwenn has seen people recover, take back their lives, move forward, and be survivors. She has seen corporations and companies do so and become better. [9:39] Justin repeats that Gwenn has seen the worst of the worst: homicides, murders, abuses of women and children, arson, and more. She has seen it all, including things that she wishes she hadn't seen. [10:27] Gwenn compares cyber incident response to her ADA work. A prosecutor has to be able to handle things under pressure. The best prosecutors are looking to do the right thing. Gwenn has met many people who, absent the crime, would have been friends. [11:06] You have to be able to see there's a human on the other side, and there are humans that they hurt. You do right by understanding that there are a lot of players involved, who are humans. [11:26] It helps you understand where somebody might be coming from. It helps you understand why they might be screaming at you. “I'm just the messenger, but let's talk about why you're so upset.” [11:39] Gwenn says one of the cool things about being a prosecutor is that every case you have presents a different set of facts and circumstances. There's a law that's intertwined with it, and that's interesting for Gwenn. [11:54] The first time Gwenn had an arson case, she had to work with the Fire Marshals to understand how they knew the fire started here. How did they know it was a chemical? She started with the Fire Marshals and then went to the crime scene to talk to Forensic Chemists. [12:11] The Forensic Investigators explained the chemistry behind the Molotov Cocktail that was thrown through the window. This was how the fire started, and then it enveloped the room. [12:22] When Gwenn first worked with DNA, she found it to be incredibly complicated. She had to learn it to be able to explain it. Her job was to explain to 12 people why DNA mattered, why it's this guy, and not anybody else, that committed this crime; the numbers are insane. [12:44] It could be one in a hundred quadrillion that it's another person. Those numbers are insane, and it's really hard to understand. [12:56] Gwenn was in the DA's office when cell site analysis came around; being able to triangulate where someone is, using cell towers. The Philadelphia Field Office had one of the pioneers in that science. Gwenn learned from him. [13:13] One of Gwenn's matters was a homicide. They tracked the defendant from the scene of the crime, through public transportation, back to his house, using cell site triangulation. While they were mapping, the actor Joe Piscopo came by, touring the building. Gwenn was an SNL fan. [14:23] Gwenn's prosecutorial experience translates to cyber in that each matter is a little different. There's a bad guy at the other end. Gwenn is not sympathetic to the bad guys because they are anonymous. Nobody sees them or knows them. It's usually a criminal enterprise. [14:59] It's a group of people working together, motivated by money and wreaking havoc on people who are trying to make a living and support their families. The bad guys want to extort millions of dollars and put businesses and livelihoods in danger. [15:42] In Philadelphia, the elite of the elite prosecutors worked in homicide. Some spend 20 or 30 years there. Gwenn was an ADA for 15 years, but couldn't see herself doing it for 20 or 30 years. She wanted to stay positive and be a force for good when she was dealing with bad. [16:34] She wondered where she could go to have a similar impact for good, investigating, and helping people get through an awful time. [16:45] Gwenn had a friend who worked with her in the Family Violence and Sexual Assault Unit. She had left the office to work for a new law firm doing cyber incident response. She called Gwenn and said she would be really good at it. She explained it to Gwenn. [17:50] Gwenn interviewed with the firm and got an offer the day she interviewed. She realized that was what she wanted to do. Some former prosecutors were doing it. There were some amazing people, and she wanted to be a part of that, something new, interesting, and growing. [18:15] Gwenn wanted to be challenged and get to help people. Once she discovered it, she couldn't think of a better transition for people who are in law enforcement than going into cybersecurity. [18:39] RIMS Events! On November 17th and 18th, join us in Seattle, Washington, for the RIMS ERM Conference 2025. The agenda is live. Check out Episode 357 for Justin's dialogue with ERM Conference Keynote Presenter Dan Chuparkoff on AI and the future of risk. [18:59] Visit the Events page of RIMS.org to register. [19:02] RISKWORLD 2026 will be in Philadelphia, Pennsylvania, from May 3rd through May 6th. RIMS members can now lock in the 2025 rate for a full conference pass to RISKWORLD 2026 when you register by October 30th! [19:16] This also lets you enjoy earlier access to the RISKWORLD hotel block. Register by October 30th, and you will also be entered to win a $500 raffle! Do not miss out on this chance to plan and score some of these extra perks! [19:30] The members-only registration link is in this episode's show notes. If you are not yet a member, this is the time to join us! Visit RIMS.org/Membership and build your network with us here at RIMS! [19:42] Let's return to our interview with Gwenn Cujdik! [20:14] Gwenn says cybersecurity takes a village. What she learned in criminal prosecution is that as long as there have been humans, there has been crime. We're fortunate as a society to have laws, law enforcement, governing bodies, and organizations to keep crime down. [20:54] It's not dissimilar to cybersecurity. If Gwenn were talking to a board, she would say, It takes everybody in your community, in your organization, to build resilience, protect yourself from cybercrime, and react to it. [21:12] Gwenn says a big mistake people often make is thinking incident response is a job for just their tech team. The IT team is not trained in all the various fields you need to be an expert in to get through a cyber incident. [21:41] Your IT team will be able to get you up and running, collaborate, and be a good foundation for the incident response, working with outside experts. It takes people who understand the law and who understand communications. [21:54] It takes people who understand the brand, who are the heart of the organization, to be able to respond. Your CISO may say, Here's how I think that we should respond, but your CEO may say, This isn't how I think we would respond to an event like this. Keep in mind who we are. [22:32] Your legal team is there to say, Here's why we can't do that, the risk is too great; It will be worse if you do X, Y, Z; You shouldn't do that because you need to be compliant with the law. [23:11] Gwenn says good leaders lead best when they model. If you expect people to be open-minded and collaborative, you need to be the same. For the most part, organization leadership is very aware that cybersecurity is an important part of who they are and will be. [23:55] Gwenn has met a ton of CEOs who admit they don't know what they don't know and ask for help to understand cybersecurity so they can help their organizations in the best way possible. Some CEOs are thinking ahead and putting teams together that understand their role. [24:20] Gwenn has encountered CEOs who are just messing up the process. One wanted to invite his wife, not an employee, to the conversation because she would like to hear about it. From a legal and business perspective, it's very risky for the company. [25:04] One Final Break! The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved, in part, by its collaboration with risk management and insurance educators across the U.S. and Canada. [25:23] Since 1999, Spencer has awarded over $2.9 million to create more than 570 Risk Management Internships. The Internship Grants application process is now open through October 15th, 2025. [25:39] To be eligible, risk managers must be based in the U.S., Canada, or Bermuda. A link to the Internship Grants page is in this episode's show notes. You can always visit SpencerEd.org, as well. [25:53] Let's Conclude Our National Cybersecurity Awareness Month Interview with Gwenn Cujdik! [26:05] It's National Cybersecurity Awareness Month 2025, here in the U.S. It's a big month for everyone in Gwenn's house; they have to pull their own weight a little more because she's traveling a lot, she's out a lot, and there are a lot of conferences and meetings going on! [26:29] Gwenn tries not to shove everything cyber just into October. October is busy, and she loves it. [26:56] On October 29th, at the Sheraton New York Times Square Hotel in Manhattan, Gwenn will be the Conference Co-Chair for the Zywave Cyber Risk Insights New York event. It's a full day with a lot of very knowledgeable individuals from a range of companies. [27:50] It is one of Gwenn's favorite events. It's a day packed with good information. She would love to see more risk managers and CISOs join it. The amount of information you can get in one day is almost unbelievable. The content is pretty diverse. [28:21] It covers claims, the state of the market, the different ways threat actors are attacking, how to prepare better for attacks and for business continuity, and how to organize invoices and costs as you're going through an incident response. [29:01] Gwenn says, Get the small things right so you can deal with the big things. While you tackle the small things, you can talk about whether or not the law requires you to file notifications to seven million people and how to get through that as a company. [29:22] Gwen says it's a great event. Gwenn will be there, giving opening remarks. Justin will be there, after attending a heavy metal concert the night before. The link is in this episode's show notes. [30:52] When Gwenn entered the cybersecurity field, she was surprised at the female presence. One of the managing partners who interviewed her was a female. There are also savvy female hackers out there. [31:35] Gwenn says that in criminal law, people have trouble understanding that women can commit crimes, the same way that men can. Gwenn points out Elizabeth Holmes and the book Bad Blood, about Theranos. [32:23] Gwenn mentions a woman in government who embezzled $22 million from her community to show horses. [32:42] Gwenn says, in terms of cybersecurity being a male-dominated field, we're all learning together; anybody who tries and is committed to it can do it. Because it's new, people come from different backgrounds with diverse experiences. [33:11] Gwenn says, We're seeing value in people coming from different careers and different industries and seeing their skillsets translate to cybersecurity. In this field, you need great diversity with people from all different backgrounds to be able to tackle this. [33:38] It's not one-size-fits-all. There are personalities involved. There are different businesses involved, from small to large, public to government. You have to be able to understand a huge variety of people and businesses. You have to understand a huge amount of technology. [34:00] Gwenn talks about the differences between cybersecurity and other industries. eDiscovery for cyber is not the same as eDiscovery for litigation. You need special people and tooling, and you have to understand what the tooling is, which helps you figure out timing. [34:43] Technology is always developing. Gwenn compares it to cat and mouse. We're constantly chasing the bad guys to figure out what they're doing. Sometimes it's reactive. They'll think of something new, and we've never seen it before. This is how we get through it. [35:04] The tools and a skillset you've used dealing with everything before help you tackle what's coming. Even the way we investigate and respond to things has changed. [35:16] Gwenn says when we came on the scene, we would grab images of all the computers. If there were 50 computers, you would have 50 images, which would mean people going through a massive amount of data, taking a really long time. [35:30] We don't do that now. We have tools and technology that can get through a system programmatically, to pull the evidence we need to do these investigations without having to go into a shop and take copies of laptops or servers to get through that. [35:49] That makes a potential difference of millions of dollars in responding. It's the difference between months and a month to respond. [36:15] Gwenn has not seen a malicious actor with technology or an algorithm that is beyond what she has seen before. She says, We have the technology they have. You'd be surprised how much private industry gives to our community in terms of intelligence and technology. [36:35] Gwenn adds, We work with the government to find out solutions. The industry is armed pretty well. Gwenn has seen some things that have impressed her. One attacker was pulling searches from a legal hold, getting into sensitive information. [37:16] Their searches looked legitimate, like what an attorney would look for, so it didn't set off bells and whistles. Gwenn wonders how they knew to look in a legal hold. Were they lawyered? That was something small but ingenious to Gwenn. [37:46] Seeing a smart attack invigorates Gwenn to use her brain and try to be as smart or smarter. She says that's what is great about this job. It's constantly changing. You're constantly moving. It's not for weak minds. [38:11] To excel, you have to be smart, tenacious, and love learning. You have to love that you may be an expert in this, but you may become obsolete. You've got to keep your game up. Gwenn says she is just a big nerd for it. [38:33] Attackers are using AI more. Gwenn recalls two incidents recently where two different groups, for two different reasons, were attacking Salesforce. That's the rub of being popular. One group used AI to search quickly for sensitive information to leverage attacks on companies. [39:27] Unfortunately, people are reusing passwords, and the bad guys know that. Gwenn says you'd better not! [39:57] Justin comments that AI being used for a cyber attack should be on companies' risk radars. How can they adjust defense strategies to stay ahead of something like that? [40:08] Gwenn is dealing with that at this moment. If you are a big company with subsidiaries and locations around the country or the world, segregate the networks. If an attack hits your facility in Oklahoma, they won't have access to your facility in Belgium. [40:38] If your locations are networked, it's a domino effect. If one goes down, they all go down. In terms of business resilience, that is the one factor that can tumble everything with the press of a button. [40:55] The tools that bad guys are using are meant to get them through fast. They get in, use AI to conduct reconnaissance, and get terabytes of data out quickly. It's important to take every effort to reduce the severity of an attack in its spread and the amount of data stolen. [41:40] Can they move laterally within a company or elevate privileges by getting to the admin, who has access to everything? It's great to focus on how to prevent it, but the reality is, they're going to find a way. It's not if, it's when. [42:09] While you have to prevent the attack from happening, and be vigilant. If you get an attack, you have to make sure it's small, you respond quickly, and it's not going to hit every facet of your company. Attacks that hit every facet of the company are the most devastating. [42:39] Justin says you've been wonderful. You've given us so much to think about when it comes to National Cybersecurity Awareness Month. You do great work! I look forward to seeing you in more AXA XL RIMS collaborative webinars! [42:55] We'll see you in the city for the Zywave Cyber Risk Insights New York, on October 29th, delivering the opening address and mingling with attendees. [43:04] Gwenn says, I'll be there all day, attending sessions, supporting my friends on panels, my cyber family, and for folks who want to meet me. I'm always happy to talk cyber! [43:24] Justin says, Lock Down & Level Up: Turn Up Your Cybersecurity Game Against Creative Cyber Criminals. [43:30] You've been such a wonderful guest, and I appreciate all your time and insight today. Thank you, Gwenn! [43:43] Special thanks to Gwenn Cujdik of AXA XL for joining us here to discuss all things cyber. The AXA XL RIMS webinar, “Lock Down & Level Up: Turn Up Your Cybersecurity Game Against Creative Cyber Criminals,” is now available on demand through the RIMS.org/Webinars page. [44:05] A link is also in this episode's show notes. [44:07] Gwenn will deliver the opening address at the Zywave Cyber Risks Insights New York Conference on October 29th in Manhattan. A link is in this episode's show notes. [44:19] Plug Time! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in the show notes. [44:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [45:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [45:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [45:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [45:54] Justin Smulison is the Business Content Manager at RIMS. Please remember to subscribe to RIMScast on your favorite podcasting app. You can email us at Content@RIMS.org. [46:06] Practice good risk management, stay safe, and thank you again for your continuous support! Links: RIMS ERM Conference 2025 — Nov. 17‒18 Spencer Internship Program — Registration Open Through Oct. 15. RISKWORLD 2026 — Members-only early registration through Oct 30! RIMS-Certified Risk Management Professional (RIMS-CRMP) The Strategic and Enterprise Risk Center RIMS Diversity Equity Inclusion Council RISK PAC | RIMS Advocacy | RIMS Legislative Summit SAVE THE DATE — March 18‒19, 2026 RIMS Risk Management magazine | Contribute RIMS Now Zywave's 2025 Cyber Risk Insights Conference — Oct. 29, 2025 | New York City StaySafeOnline.org “RIMS Issues Statement on the Passing of Legendary Risk Leader and Former RIMS President Susan Meltzer” Upcoming RIMS Webinars: RIMS.org/Webinars Natural Hazards: A Data-Driven Guide to Improving Resilience and Risk Financing Outcomes | Oct. 9 | Sponsored by Global Risk Consultants Jury Dynamics: How Juries Shape Today's Legal Landscape | Oct. 16, 2025 | Sponsored by Zurich Parametric Insurance: Providing Financial Certainty in Uncertain Times | Oct. 30, 2025 | Sponsored by Swiss Re Geopolitical Whiplash — Building Resilient Global Risk Programs in an Unstable World | Nov. 6 | Sponsored by Hub “Lock Down & Level Up: Turn Up Your Cybersecurity Game Against Creative Cyber Criminals” Upcoming RIMS-CRMP Prep Virtual Workshops: RIMS-CRMP Virtual Exam Prep — Oct. 29‒30, 2025 RIMS-CRMP-FED Exam Prep Virtual Workshop — November 11‒12 Full RIMS-CRMP Prep Course Schedule “Risk Appetite Management” | Oct 22‒23 | Instructor: Ken Baker “Intro to ERM for Senior Leaders” | Nov. 4‒5 | Instructor: Elise Farnham “Fundamentals of Insurance” | Nov. 11‒12 | Instructor: Chris Hansen “Leveraging Data and Analytics for Continuous Risk Management (Part I)” | Dec 4. See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes about Cyber: “AI Risks and Compliance with Chris Maguire” “Data Privacy and Protection with CISA Chief Privacy Officer James Burd” “Cyberrisk Trends in 2025 with Tod Eberle of Shadowserver” Sponsored RIMScast Episodes: “The New Reality of Risk Engineering: From Code Compliance to Resilience” | Sponsored by AXA XL (New!) “Change Management: AI's Role in Loss Control and Property Insurance” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Demystifying Multinational Fronting Insurance Programs” | Sponsored by Zurich “Understanding Third-Party Litigation Funding” | Sponsored by Zurich “What Risk Managers Can Learn From School Shootings” | Sponsored by Merrill Herzog “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS President Kristen Peed! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Gwenn Cujdik, Incident Response and Cyber Services Lead for North America at AXA XL Production and engineering provided by Podfly.

ceo spotify fear canada president ai power conversations interview education washington technology fall challenges practice society data philadelphia foundation fighting seattle dna risk north america pennsylvania events oklahoma ceos manhattan insurance register saturday night live passing belgium analytics attacks webinars membership cyber compliance fundamentals salesforce key takeaways materials uncertain times c suite risk management zurich bermuda hub new approach bad blood elizabeth holmes certifications theranos attackers erm senior leaders axa chris hansen incident response cisos family violence cyber security awareness assistant district attorney ediscovery rims swiss re joe piscopo molotov cocktail gwenn frm national cybersecurity awareness month axa xl your it podfly risk management magazine

How Nonprofits Protect Their Mission's Cyber Presence: Building a Security Culture

The Nonprofit Show

Play Episode Listen Later Oct 1, 2025 29:35

Cybersecurity isn't just firewalls and tech jargon—it's people, habits, and everyday choices. Kicking off National Cybersecurity Awareness Month, we bring together two voices who live this every day: Michael Nouguier, Partner, Cybersecurity Services at Richey May, and Tony Rehmer, Senior VP of IT at Children's Miracle Network Hospitals (CMN Hospitals). Their message is clear: strong security starts with culture.Tony sets the tone early: “We take a major part, but it is everyone.” In other words, security isn't a back-office task—it's a shared responsibility. With hospitals, HIPAA, and multi-state operations in the mix, CMN Hospitals treats staff as the front line. That means training that actually sticks: shorter, “microlearning” nudges delivered through internal channels, real examples, and peer-to-peer conversations. As Tony puts it, “We never, ever shame a person.” Instead, they use supportive coaching after incidents to encourage fast reporting and continuous learning.Michael maps the big picture. Attacks have matured, and wishful thinking won't cut it. “Hope has then become a liability when it's your only defense.” The antidote? Make security part of the mission—top-down and day-to-day. That looks like updating mission statements (“do the work securely”), enabling multifactor for everyone (leaders included), and building a culture where staff quickly raise their hand when something feels off. He provides memorable visual: “Everybody needs a pitchfork… so they can do what they need to do to protect your organization.”The conversation gets real with a story from CMN Hospitals at the start of COVID-19. Threat actors bought credentials on the dark web, slipped into a mailbox, swapped a message body for malware, and re-sent it. Because staff had been invited into the security effort, the team was alerted within five minutes. That fast reporting changed the outcome. Culture wasn't a slogan; it was the safety net.Both guests agree: this is ongoing work. Threats keep shifting—from credit cards to ransomware and data theft—so messaging, training, and audience targeting must evolve too. Practically, that means appointing security champions, aligning IT with communications pros who can translate across departments, and weaving security into leadership conversations and board funding decisions.Takeaways you can use: treat people as partners, keep learning in snackable moments, celebrate fast reporting, and put “securely” in your strategy—not just in your tech stack.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

Keeping Cybersecurity Simple With Up-To-Date Password Practices

The Tool Belt

Play Episode Listen Later Oct 9, 2024 26:04

Not only is it Manufacturing Month, but October also is National Cybersecurity Awareness Month. To mark the occasion, Smart Industry Managing Editor Scott Achelpohl recruited Joe Anderson of Ohio-based TechSolve to talk about how robust cyber defenses can start with up-to-date password practices and policies. Anderson is a big “get” for Smart Industry—an IT and info security pro with over 25 years of industry experience, possessing several cybersecurity certifications. His company, among other IT services, helps small manufacturers (TechSolve is part of the Manufacturing Extension Partnership in Ohio) tackle cybersecurity compliance challenges and risk management. For manufacturers and the shop floor, cybersecurity and secure OT and IT requires constant vigilance. One of the most common-sense strategies for this is password security—and for lots of companies, mandatory policies relating to passwords often become necessary. Look at examples like Clorox recently: A breach, any breach, can cost millions in “ransom” to cyberattackers and in production downtime. And passwords are often easily hacked.

ohio simple practices cybersecurity ot passwords uptodate clorox joe anderson national cybersecurity awareness month manufacturing month smart industry

Episode 154 - The Bad Guys Are Targeting You: Michael Perdunn (Cybersecurity Awareness Month)

The Resilient Journey

Play Episode Listen Later Oct 7, 2024 31:11

This is the 20th year of National Cybersecurity Awareness Month! While technology has changed in the last two decades, the threat and impact of cybercriminals has not gone away. If you don't think a cyberattack can happen to you – think again. Hello everyone and welcome to episode 154 of the Resilient Journey podcast, presented by the Resilience Think Tank. This week Mark is joined by cybersecurity thought leader Michael Perdunn. Michael and Mark discuss society's desensitization to news of a data breach and how organizations cannot afford to take that same approach. Michael gives some expert advice on how to provide better phishing training. And they do a deep dive into a real-life and very scary extortion email. Michael explains how the bad actors make them look so real. Be sure to follow The Resilient Journey! We sure do appreciate it! Learn more about the Resilience Think Tank here. Want to learn more about Mark? Click here or on LinkedIn or Twitter. Special thanks to Bensound for the music.

Get Ahead on Cybersecurity: Exploring Business Central's Security Features

A Shot of Business Central and A Beer

Play Episode Listen Later Sep 19, 2024 38:49

security cybersecurity get ahead national cybersecurity awareness month business central

Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST

Play Episode Listen Later Aug 13, 2024 45:13

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin Smulison interviews Daniel Eliot of NIST about NIST, its new publications on cybersecurity, including two Quick Start Guides, the Cybersecurity Framework 2.0, and more, Daniel's history with cybersecurity for small businesses and his career-long passion for helping small businesses protect themselves against cybercrime. Listen in for the latest information on NIST and cybersecurity guidelines for your organization. Key Takeaways: [:01] About RIMS. [:14] RISKWORLD 2025 will take place in Chicago, Illinois from May 4th through May 7th. The call for submissions is now open through August 27th. A link to the submission form is in this episode's show notes. [:30] About this episode. We will be joined by Daniel Eliot from the National Institute of Standards and Technology, or NIST. [:52] First, let's talk about RIMS Virtual Workshops. The full calendar of virtual workshops is at RIMS.org/VirtualWorkshops. August 15th starts the three-part series, Leveraging Data and Analytics for Continuous Risk Management. Other dates for the Fall and Winter are available on the Virtual Workshops full calendar at RIMS.org/VirtualWorkshops. [1:14] Let's talk about prep courses for the RIMS-CRMP. On September 10th and 11th, the RIMS-CRMP Exam Prep will be held with NAIT. There is another RIMS-CRMP Exam Prep on September 12th and 13th. [1:29] The next RIMS-CRMP-FED Exam Prep course will be hosted along with George Mason University on December 3rd through 5th, 2024. Links to these courses can be found on the Certification Page of RIMS.org and in this episode's show notes. [1:44] We've got the DFW RIMS 2024 Fall Conference and Spa Event happening on September 19th in Irving, Texas. Learn more about that event in Episode 299, which features an interview with the Texas State Office of Risk Management. [2:02] Also on September 19th is the RIMS Chicago Chapter's Chicagoland Risk Forum 2024. Register at ChicagolandRiskForum.org. [2:12] Registration opened for the RIMS Canada Conference 2024 which will be held from October 6th through the 9th in Vancouver. Visit RIMSCanadaConference.ca to register. [2:25] Registration is also open for the RIMS Western Regional, which will be held from September 29th through October 1st at the Sun River Resort in Oregon. Register at RIMSWesternRegional.com. [2:38] We want you to join us in Boston on November 18th and 19th for the RIMS ERM Conference 2024. The agenda is live. The keynote will be announced soon. We want to see you there! A link is in this episode's show notes. [2:53] The nominations are now open for the RIMS ERM Award of Distinction 2024. Nominations are due August 30th. A link to the nomination form is in this episode's show notes. [3:07] If you or someone you know manages an ERM program that delivers the goods, we want to hear about it. A link is in this episode's show notes. All RIMS regional conference information can be found on the Events page at RIMS.org. [3:24] On with the show! In October, we will celebrate National Cybersecurity Awareness Month. You should observe it all year round, of course. My guest today has a lot of great insight into risk frameworks. He is Daniel Eliot, the Lead for Small Business Engagement in the Applied Cybersecurity Division of The National Institute of Standards and Technology (NIST). [3:48] NIST is part of the U.S. Department of Commerce. Today, we will discuss some of the publicly available risk management frameworks and how they've evolved through the years and the new frameworks that address AI, as well. [4:05] You may remember Daniel from his appearance on an episode in April 2020, when he was with the National Cybersecurity Alliance. He is back to provide some new tips for the global risk management community. [4:18] Daniel Eliot, welcome back to RIMScast! [4:42] Justin and Daniel comment on some things that have changed since April 2020. Daniel was at the National Cybersecurity Alliance (NCA). [5:50] Now Daniel is the Lead for Small Business Engagement in the Applied Cybersecurity Division of The NIST. He shares his journey from NCA to NIST via the National Cybersecurity Center of Excellence, a NIST facility operated by Mitre. [6:52] Daniel is happy to be back supporting the small business community. [7:04] Daniel had worked in a small tech startup for almost seven years. He helped them scale the business and manage the development of their product. Next, Daniel joined the University of Delaware's Small Business Development Center, helping tech businesses start and scale. [8:16] Daniel applied for an SBA grant to help small businesses with cybersecurity. This was in 2014. The Cybersecurity Framework was published in 2014. Daniel applied the Cybersecurity Framework to small businesses. That started Daniel's career in small business cybersecurity. [9:32] There's a new NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide. Daniel's role at NIST is to coordinate across NIST, government, and the private sector, to create opportunities for the small business community to engage with NIST expertise. [10:19] The RMF Small Enterprise Quick Start Guide is a product of that coordination across NIST, government, and the private sector community. In February, NIST produced the Cybersecurity Framework 2.0 Small Business Quick Start Guide. [10:44] NIST decided to do a Quick Start Guide for a risk management framework for small to medium enterprises. The Risk Management Framework is a process. It's a holistic and repeatable seven-step process for managing security and privacy risks. [11:23] The NIST RMF Quick Start Guide provides an overview of the seven steps of the process, the foundational tasks for each step, tips for getting started with each step, a sample planning table, key terminology and definitions, questions to consider, and related resources. [11:53] It's RIMS plug time! Webinars! All RIMS Webinar registration pages are available at RIMS/org/Webinars. On August 27th, Riskonnect returns to discuss How To Successfully Deploy AI in Risk Management. [12:12] On September 5th, Merrill Herzog makes their RIMS Webinars debut with the Role of Insurance in Building Resilience Against an Active Assailant Attack. On September 19th, Origami Risk returns to deliver Leveraging Integrated Risk Management For Strategic Advantage. [12:28] Justin jumped ahead a bit. On September 12th, HUB International returns to deliver the third part of their Ready for Tomorrow series, Pivot and Swerve: Staying Agile During Shifting Market Dynamics. [12:44] Justin is delighted to be joined by the moderator for that session, the Chief Marketing Officer for Canada at HUB International, Linda Regner Dykeman. Justin welcomes Linda to RIMScast! [13:13] The webinar will be at 1:00 p.m. Eastern Time on September 12th. Linda says they will be discussing current market trends and challenges. The industry has been able to produce some very strong profits over the last few years. [13:29] The market needed correction after many years of unprofitability driven by weather events in the property line where rates seemed to be unsustainable. Casualty also had its issues, particularly with Directors and Officers Liability. [13:47] As a result of the profitability the industry was able to achieve over the last few years, most carriers have become more competitive in growing their books of business. This competition is not being seen in all lines, segments, or geographies. [14:04] Some catastrophe-prone zones such as BC and Alberta have not seen the same level of competition across the board. As the market transitions from a hard market to a competitive environment, there is some unusual and inconsistent behavior. [14:21] Carriers in Canada are being more flexible with their appetite. London is looking to grow significantly over the next couple of years with goals of hitting $100 billion by 2025. Add to that NGAs who are seeing their market share change as local carriers become more competitive. [14:39] As we transition out of what was considered to be a hard market, we see a lot of inconsistency in this market. [14:48] Add to this the supply chain issues, which are not what they once were, the economy is flat with spending, once normalized for an increase in population, it reflects that of a market in a recession. [15:02] We, as brokers are finding competitive solutions to protect our clients. We have to pivot and swerve to discover the right opportunities. [15:13] We had a significant rain event in Toronto, followed by one of the worst wildfires Jasper has ever seen, seemingly a once-in-a-hundred-year event; weather catastrophes are more severe and more frequent. [15:27] How is this going to change the availability of capacity and pricing? Time will tell, as insurers try to figure out if their pricing models included the right loadings for these events. [15:49] Being informed by what is happening in the market; the trends, the opportunities, what's available, and partnering with the right broker, will help a risk manager make an informed decision, appropriate for their business. [16:11] The panelists have decades of experience and expertise across North America. They work with clients, markets, and other experts and bring a much broader perspective and experience to this session. [16:26] Steve Pottle is the risk manager on the panel. He's been omnipresent in RIMS Canada for years. He's a former RIMS VP and is currently the Director for Risk and Safety Services at Thompson Rivers University. Justin says he's one of the best and Linda agrees. [16:57] Linda will moderate. She'll ask the panelists questions HUB International has received from its clients, based on what they are seeing happening in the environment around them. She would also like the audience to pose some questions. Audience participation is encouraged. [17:21] Justin thanks Linda Regner Dykeman of HUB International, and will see her again on September 12th, 2024 for the third installment of HUB's Ready for Tomorrow series, Pivot and Swerve: Staying Agile During Shifting Market Dynamics. [17:37] Let's return to today's interview with Daniel Eliot from NIST. [17:53] Daniel states that the Risk Management Framework is a repeatable seven-step process for managing security and privacy risks. It starts with preparation, categorizing, and understanding the information that your organization processes, stores, and transmits. [18:20] Then you select controls, and implement those controls to protect the security and privacy of the systems. Then you assess, authorize, and monitor the controls. Are the selected controls producing the desired results? Are there changes to the organization that require new controls? [18:45] You follow the seven steps of the framework in order and repeat them in a cycle. Keep going through it. Every organization regularly changes. Technologies change. People change. That's why the framework has to be repeatable and flexible. [19:05] NIST published this Risk Management Framework Smal Enterprise Quick Start Guide as a tool to raise awareness within the Small and Medium Enterprise (SME) Community about what the Risk Management Framework is and how to get started with it. [19:26] This Quick Start Guide is not intended to guide you on your journey from start to finish for a comprehensive risk management implementation. It is a starting point. [19:41] The Guide has an overview of the steps of the Risk Management Framework, some foundational tasks for each of the RMF steps, some tips for getting started, some sample planning tables, and graphics to help people understand concepts that might be new to them. [20:02] NIST spent a lot of time defining key terminology, extracting terms out of the Risk Management Framework, and highlighting them in this Quick Start Guide. There are phrases and terms in the Risk Management Framework that some people new to it might not understand. [20:24] For example, “authorization boundary.” The Guide highlights and illustrates what these terms mean in the Risk Management Framework and adds questions for organizations to consider and use internally for discussion. The answers may be different for every organization. [21:12] This Guide is a derivative tool from the existing publication that went out for public comment. The Quick Start Guide did not go out for public comment but NIST has circulated Quick Start Guides to some small businesses they know to make sure it's hitting the right note. [21:56] Daniel monitors commentary and looks at how the Guide is received out in the world once it's published. In every Quick Start Guide, there is an opportunity for people to contact NIST if they have questions or if there is an error. NIST is always open to feedback. [23:03] In small businesses, Daniel finds the owner or operator is the Chief Risk Officer, the Janitor, the CISO, and the Chief Marketing Officer. Anyone can use the Risk Management Framework. It's a process. [23:25] Federal agencies, contractors to the federal government, and other sources that use or operate a federal information system typically use the suite of NIST Risk Management Standards and Guidelines to develop and implement a risk-based approach. [23:48] A lot of the audience for this Small Enterprise Quick Start Guide might be small universities, small municipalities, or small federal agencies implementing this Risk Management Framework. [24:27] We have time for one more break! The Spencer Educational Foundation's goal is to help build a talent pipeline of risk management and insurance professionals. That is achieved, in part, by a collaboration with risk management and insurance educators across the U.S. and Canada. [24:45] Whether you want to apply for a grant, participate in the Risk Manager on Campus program, or just learn more about Spencer, visit SpencerEd.org. [24:55] On September 12th, 2024, we look forward to seeing you at the Spencer Funding Their Future Gala at The Cipriani 42nd Street in New York City. Our recent guest from Episode 293, Lilian Vanvieldt-Gray, will be our honoree. [25:11] Lilian is the Executive Vice President and Chief Diversity, Equity, and Inclusion Officer at Alliant Insurance Services and she will be honored for her valuable contributions to supporting the future of risk management and insurance. [25:28] That was a great episode, so after you finish this one, please go back and listen to Episode 293. [25:34] Let's conclude our interview with Daniel Eliot of NIST. [26:10] Daniel introduces the U.S. AI Safety Institute, housed within NIST. It's tasked with advancing the science, practice, and adoption of AI safety across the spectrum of risks, including those to national security, public safety, and individual rights. [26:39] The efforts of the U.S. AI Safety Institute initially focused on the priorities assigned to NIST under President Biden's Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. [26:51] On July 26th, 2024, they released resources for a variety of aspects of AI technology. Two are new to the public. The first is an initial public draft of a guidance document intended to help software developers mitigate the risks of generative AI and dual-use foundation models. [27:19] The other is a testing platform intended to help AI system users and developers measure how certain types of attacks can degrade the performance of an AI system. These are two opportunities for the public to provide comments on these publications and tools. [27:49] There is a link to the call for comments in this episode's show notes. [28:03] At NIST, foundational publications go out for public comment. NIST wants to hear from U.S. citizens and people all over the world to get their perspectives on NIST's approach to what they're addressing. This is a community effort. Comment periods are important. [28:37] From Daniel's perspective of small business, he seeks the comments of small businesses on these publications. Authors need to hear from organizations, large and small. [28:53] These two new publications are open for public comment. [28:59] three releases are final publications. One is The AI Risk Management Framework Generative AI Profile, which helps organizations identify unique risks posed by generative AI. It includes actions for generative AI risk management. [29:34] A second publication is the Secure Software Development Practices for Generative AI and Dual Use Foundation Models. It addresses concerns about Generative AI systems being compromised with malicious training data that would adversely affect system performance. [30:16] The third publication is A Plan for Global Engagement on AI Standards. It's intended to drive worldwide development and implementation of AI-related consensus standards. Standards require global input from businesses, governments, non-profits, and academia. [30:57] These three final publications have been informed by public comment periods. They're ready to hit the ground running and people can put them into action. [31:15] Daniel is part of the Applied Cybersecurity Division of NIST. The U.S. AI Safety Institute is a different part of NIST. [31:44] Every once in a while, public comments receive spammy messages. [32:23] Daniel says all cybersecurity and privacy risk management comes back to governance and having policies and procedures in place, knowing your contractual and legal responsibilities. Organizations need policies that guide behavior for the appropriate use of AI in their business. [32:59] Individuals in companies have pasted confidential company information into publicly available AI systems. That creates a vulnerability. Have a policy around the use of these tools. [33:31] Criminals have used AI to upgrade phishing scams, reduce grammatical errors, and craft more convincing appeals. [35:00] NIST is raising awareness of different ways of identifying phishing attacks besides looking for grammatical errors, such as looking at the links and the calls to action and other factors that show it is a phishing scam. AI is contributing to their increasing sophistication. [35:43] Daniel shares his tip for new risk professionals. Familiarize yourselves with the suite of resources that NIST has available for cybersecurity and privacy risk management. They have a broad variety of risk management frameworks and resources, like the Quick Start Guide. [36:42] There are online courses, extensive FAQs with answers, and archived talks from SMEs. Take advantage of these resources. Also, let NIST know what other resources might be helpful to you. The core of NIST guidance for any framework is good governance. [37:21] Understand your mission and requirements. Create and maintain policies for good behavior. Understand your supply chain dependencies and vulnerabilities. Good governance sets your organization up for success when implementing and monitoring risk-mitigating controls. [37:56] NIST offers consistent, clear, concise, and actionable resources to small businesses. Since 2018, they have maintained a website, NIST Small Business Cybersecurity Corner, with over 70 resources on the site, all tailored to small businesses. The Quick Start Guides are there. [38:32] The resources include short videos, tip sheets, case studies, and guidance organized by both topic and industry. All the resources are free and produced by federal agencies, such as NIST, FBI, CISA, as well as nonprofit organizations. It's a one-stop shop for this information. [39:04] The resources are regularly updated and expanded to keep the content fresh and relevant. The resource library has the Cybersecurity Basics Section, with eight basic steps businesses can inexpensively implement to reduce cybersecurity risks. [39:28] The Cybersecurity Framework Page highlights the CSF and small business resources related to the CSF. There is topical guidance on Multi-Factor Authentication, Ransomware, Phishing, Government Contracting Requirements, and Choosing a Vendor or Service Provider. [39:53] All the resources are available at NIST.gov/ITL/SmallBusinessCyber. The link is in this episode's show notes. The resources are there for you to use in your organization. [40:30] Justin says, “It has been such a pleasure to reconnect with you here on RIMScast! I always love it when you post on LinkedIn! I think you're great! You're keeping me informed. Happy National Cybersecurity Awareness Month to you!” [40:55] With developments in tech and AI, cybersecurity has taken a back seat, but Justin says it will come back pretty hard. Justin feels it will be sooner than four-and-a-half years for Daniel to return to RIMScast. [41:23] Whatever new technology comes out, cybercriminals are looking at it to see how they can exploit it. There will always be a cybersecurity component to it. [42:05] Daniel Eliot, thank you so much for rejoining us here on RIMScast! [42:10] Special thanks again to Daniel Eliot of NIST for rejoining us here on RIMScast. Lots of links are in this episode's show notes to aid small enterprise owners and risk professionals. [42:25] These resources are publicly available and complimentary, so by all means, use them and leverage them to ensure your organization's cyber resilience. I've got lots of links in this episode's show notes for more cybersecurity coverage from RIMS, as well. [42:44] It's RIMS plug time! The RIMS App is available to RIMS members exclusively. Go to the App Store and download the RIMS App with all sorts of RIMS resources and coverage. It's different from the RIMS Events App. Everyone loves the RIMS App! [43:18] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [44:02] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [44:20] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [44:36] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [44:58] Thank you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: DFW RIMS 2024 Fall Conference and Spa Event | Sept 19‒20 Chicagoland Risk Forum 2024 — Presented by RIMS Chicago Chapter — Sept. 19, 2024 RIMS Western Regional — Sept 29‒Oct 1, Oregon | Registration is open! RIMS Canada Conference 2024 — Oct. 6‒9 | Registration is open! Spencer Educational Foundation — Funding Their Future Gala 2024 | Sept. 12, 2024 RIMS ERM Conference 2024 will be in Boston, MA Nov. 18‒19 | Register Now RIMS ERM Award of Distinction — Nominations Open Through Aug. 30, 2024! RISKWORLD 2025 will be in Chicago! May 4‒7 Education Content Submissions for RISKWORLD 2025 NIST Risk Management Framework Small Enterprise Quick Start GuideCybersecurity Framework 2.0 Small Business Quick Start Guide NIST Small Business Cybersecurity Corner U.S. Artificial Intelligence Safety Institute New Guidance and Tools to mitigate AI Risks Managing Misuse Risk for Dual-Use Foundation Models Testing How AI System Models Respond to Attacks Users can send feedback to: dioptra@nist.gov RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS Strategic & Enterprise Risk Center NEW FOR MEMBERS! RIMS Mobile App RIMS Webinars: How to Successfully Deploy AI in Risk Management | Sponsored by Riskonnect | Aug. 27, 2024 Role of Insurance in Building Resilience Against an Active Assailant Attack | Sponsored by Merrill Herzog | Sept. 5, 2024 HUB Ready for Tomorrow Series: Pivot and Swerve — Staying Agile During Shifting Market Dynamics | Sept. 12, 2024 Leveraging Integrated Risk Management For Strategic Advantage | Sponsored by Origami Risk | Sept. 19, 2024 RIMS.org/Webinars Upcoming Virtual Workshops: Leveraging Data and Analytics for Continuous Risk Management (Part I) 2024 — Aug 15 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Daniel Eliot's 2020 RIMScast Debut: Cybersecurity Tips for Small Businesses” “300th Episode Spectacular with RIMS CEO Gary LaBranche” “Mid-Year Risk Update with Morgan O'Rourke and Hilary Tuttle” “Emerging Cyber Trends with Davis Hake” “Cybersecurity Awareness Month with Pamela Hans of Anderson Kill” Sponsored RIMScast Episodes: “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL (New!) “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company (New!) “Partnering Against Cyberrisk” | Sponsored by AXA XL (New!) “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response “Cyberrisk Outlook 2023” | Sponsored by Alliant “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interviews featuring RIMS Risk Management Honor Roll Inductee Mrunal Pandit! RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guests: Daniel Eliot, Lead for Small Business Engagement Small Business Cybersecurity CornerApplied Cybersecurity DivisionNational Institute of Standards and Technology U.S. Department of Commerce Linda Regner Dykeman, HUB International, Chief Marketing Officer for Canada Tweetables (Edited For Social Media Use): I'm happy to be back at NIST, supporting the small business community. — Daniel Eliot The industry has been able to produce some very strong profits over the last few years, after many years of unprofitability driven by weather events in the property line. — Linda Regner Dykeman Follow the seven steps of the framework in order and repeat them in a cycle. Keep going through it. Every organization regularly changes. Technologies change. People change. That's why it has to be repeatable and flexible. — Daniel Eliot There are phrases and terms associated with the Risk Management Framework that some people who are new to this might not understand. — Daniel Eliot When talking about small businesses, the owner or operator is the Chief Risk Officer, the Janitor, the CISO, and the Chief Marketing Officer. — Daniel Eliot An AI system is only as good as the information that's put into it. — Daniel Eliot

director university spotify time texas canada new york city ai chicago power conversations education technology guide future fall joe biden data toronto tools safe risk north america oregon events plan illinois fbi artificial intelligence excellence equity vancouver insurance register commerce small business audience federal criminals secure standards pivot bc cybersecurity campus analytics webinars delaware organizations individuals harnessing guidelines national institutes app store key takeaways chief marketing officers materials executive orders c suite risk management faqs irving distinction hub ransomware nominations smes eliot george mason university frameworks sba vendor gig economy phishing carriers ciso service providers casualty janitors erm nist cisa mitre inclusion officer csf chief diversity cyber security awareness chief risk officer small business development centers nca global engagement rims nait familiarize quick start guide cipriani risk manager technology nist fall conference hub international thompson rivers university rmf national cybersecurity awareness month from daniel cybersecurity framework subrogation safety services risk management framework national cybersecurity center virtual workshops risk management magazine riskonnect

Emerging Cyber Trends with Davis Hake

The Catalyst by Softchoice

Play Episode Listen Later Nov 7, 2023 30:47

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Davis Hake, Co-Founder of Resilience, about his career in national security work, including working with former Congressman Langevin, Homeland Security, and Obama's National Security staff. Davis tells about co-founding Resilience in the private sector to help organizations build cybercrime resilience. He introduces the Resilience Midyear 2023 Claims Report, revealing important trends discovered in cybercrime through claims data, Reliance research, and partner research. Davis closes the interview with a look to 2024, his plans for pushing the flywheel faster, and his analysis of what it will take to break the new cybercrime business model. Key Takeaways: [:01] About RIMScast. [:27] About today's episode, where we will discuss cyber security trends from Resilience's Midyear 2023 Claims Report. [:36] First, a quick shoutout to the RIMS New Zealand Pacific Island Chapter and Marsh Australia and New Zealand, who welcome you to Embrace The Unknown: Unleashing the Power of Risk, a one-day event on February 12, 2024 at the Pullman Hotel in Auckland, NZ. [1:00] It will be a gathering of experts, thought leaders, and professionals from various industries to explore and discuss the critical role of risk management in today's dynamic and uncertain world. There will be sessions on AI, Resilience, and Adaptability, highlighted by case studies and insights. See the link in this episode's show notes. [1:21] It's never too early to talk about RISKWORLD 2024! Save the date, May 5th–8th, 2024 in sunny San Diego, California. Booth and sponsorship sales are open. Member registration opens this month, November 2023 and public registration opens in December 2023. Visit RIMS.org/RISKWORLD to learn all about it. [1:51] Our guest today, Davis Hake, is the Co-Founder of Resilience, which recently released its Midyear 2023 Claims Report. They say ransomware is entering a new era as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions. [2:14] They're big game hunting again and we're going to talk all about it with Davis Hake. Davis had a fascinating career in government and we will learn about that, as well. [2:33] Davis Hake, welcome to RIMScast! This episode was recorded in October, National Cybersecurity Awareness Month, but as Davis says, every month is National Cybersecurity Awareness Month! [3:18] Davis grew up working in politics on the Hill, for Congressman Jim Langevin. Congressman Langevin was one of the first on the Hill to identify we had serious problems in our critical infrastructure in everything from power plants to communication. At about that time, Stuxnet became a public concern. [3:50] Congressman Langevin dove into looking at what we need to do as a nation to secure these larger problems. He realized cyber is an economic problem of incentives, cost, and how businesses manage their digital innovation. He set Davis on a path to be passionate about trying to fix it. [4:14] Davis worked for a time in the Obama administration for the National Security Council. He came to the private sector to work in cybersecurity and got together with his Co-Founders to build something that would take this technical problem to understand a company's risk and how they invest against it. [4:41] They looked at the insurance industry for how to drive better risk management practices and applied RM to cyber. They started in 2016. Now, in 2023, they have an amazing insurance team with some of the best folks in the industry, serving clients in the U.S., the EU, and the UK with close to 200 staff members. [5:32] Davis praises former Congressman Langevin for his intense concern about national security, not as a politician but as one who served not only his constituents but the nation. He worked across the aisle to serve the national good. Most importantly, he got things done. [6:18] Congressman Langevin left Congress in 2023. Before he left, he worked on the Cyber Solarium Commission, helped establish the office of the National Cyber Director, and helped establish some of the authorities that allowed DHS to build CISA. Congressman Langevin has retired to work on issues in the state of Rhode Island. [7:43] Resilience's Midyear 2023 Claims Report covers events from January through June of 2023. They wanted to report the data with actionable analysis on top of it. Besides Resilience claims data, they analyzed public data from other organizations to understand Resilience's data in the context of the broader cybercrime trends. [9:08] Third-party vendor risk has always been a concern. The change is that fewer and fewer companies are paying extortions to ransomware actors. So now groups are targeting critical vendors and running data extortions with thousands of victims. They don't encrypt. Resilience clients have filed incident reports on these attacks from Clop. [9:47] How do you protect against vendor risk? Risk transfer through cyber insurance is so important. Don't just look at the risk mitigation side, but also the risks out of your control. Insurance helps absorb environmental risks. With vendors, you can require that they prove verification from certain audits, like the SOC 2 Audit. [10:30] You can have vendors tell you best practices they follow with other clients. Are they practicing what they're preaching with their data security? You can limit the data you share with them. By just working with any vendor, which we all have to do, you are assuming their risk if they're holding your data and they're not your company. [11:22] The ransomware criminal marketplace is a bunch of startups, taking the easiest path to revenue. Running a negotiation, locking up a company, and ensuring that you get access to their backups all take a lot of time. [11:52] It is easier to target companies that have highly sensitive data they wouldn't want exposed and threaten to release it. Resilience sees a lower rate of payment for these types of attacks but those who pay, end up paying large amounts. The Moveit attack and following attacks are estimated to have made Clop around $100 million. [12:44] The Resilience report discusses data from other groups that show less than 40% of encryption victims are paying ransom, down from 80% in 2022. Resilience works to prepare their clients against ransomware attacks and about 15% of their clients attacked by ransomware pay the ransom. That number has gone down since 2022. [15:06] Resilience helps clients to imagine the worst day for their clients. Let's work backward to ensure that the worst day doesn't happen. That thinking has been core in helping companies reduce paying extortions. When executives pay extortions, it's usually in a panic, thinking they can make this worst day immediately go away. [15:49] If criminal groups have access to your data, they will do everything they can to use it against you. Prepare to protect that data in a way that is incredibly secure or resilient or make your organization resilient to this type of pressure. That's the best thing you can do to limit financial loss and protect your customers from their worst day. [16:21] RIMS plug time! Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. December 7th starts the three-part course, Leveraging Data and Analytics for Continuous Risk Management, which will be led by our friend Pat Saporito. [16:42] Fundamentals of Insurance returns on December 12th and 13th. It will be led by our good friend Gail Kyomura. Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register! [16:59] Metrics That Matter has cyber on their minds with Enhance Decision-Making Across Your Cybersecurity Program on November 7th. CLARA Analytics makes its RIMS debut on November 9th with Risk Management in the Era of Artificial Intelligence. [17:22] On November 16th, Nationwide returns to present U.S. Customs Surety Bonds: A Primer for Risk Professionals. On November 21st, Beazley returns to present Business Risk: Helping Your Executives to Navigate Today's Volatile Risk Environment. [17:41] On December 12th, Prepare Yourself for the New Generation of Risk with Riskonnect. On December 14th, Aon will be Addressing Today's Risks While Preparing for the Risks of Tomorrow. [17:54] Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members. [19:01] After the Colonial Pipeline attack, the U.S. security establishment got much more serious about ransomware. Defense against cybercrime was something that had been left up to the private sector. The administration started to take cybercrime seriously and cooperate with industry, working with CISA and the FBI heavily to fight back. [19:48] When the War in Ukraine happened, the cooperation between the public and private sectors in the fight against ransomware intensified. As organizations have become more resilient against paying extortion, cybercriminals have to go after the big guys to get a payment. Cybercrime is indiscriminate between industries it targets. [20:29] In Q1, 2023 there was a tide of cybercrime targeting healthcare organizations. In Q2, there was a big tide against manufacturing organizations. Clop then hit a few vendors for educational organizations. Organizations like MGM and Caesar's which were hit, have massive networks full of devices they monitor, with different networks. [21:13] MGM refused to pay, while Caesar's paid the extortion. The reporting shows that Caesar's has had an easier road to recovery. It may make more economic sense for large companies to pay the extortion. But that's a bad message. That's what has Resilience concerned. More complex clients, though better defended, are likely to pay. [22:02] Groups like Clop are choosy about their targets and prioritize large organizations with a lot to lose. To successfully defend cyber in an enterprise, all the tech teams must work together and not remain siloed. Incentives have to come from the top that get the CIO, Risk, and Finance planning budgets together. It's how your team works together. [23:06] Davis served briefly on the National Security staff in the Obama Administration after working in Homeland Security. [23:22] After the Obama Administration, a lot of the National Security staff moved to the private sector. Some continued to fight the security fight. The CEO of Resilience is a part-time Reservist working in Cyberdefense. He sees the national-level mission and the larger cyber trends. [24:18] Most insurance is not operational; it's reactionary, working with prior data to price the risk. In cyber, you're too late if you're taking that approach. Resilience has a threat intelligence team, taking in data much faster than a traditional insurance organization. [25:07] Resilience is standing up a team that is working to provide technical analysis and trend analysis. They will show the large trends and the reasons they are happening, and validation from Resilience data and partner data. They're combining financial loss and impact with threat intelligence they are monitoring from the security team. [26:59] Davis says the tactic of encryptionless distortion is an evolution of the cybercrime business model, making it more efficient and effective. It's a call to action for security. Building better widgets will not out-innovate these guys. We have to build better strategies and better business models that take their business models down. [27:28] Resilience is working to build a better resilient flywheel, with insurance, visibility, and working with clients to address that will ultimately lead to lower financial loss for clients and the Resilience insurance company. They want to push the flywheel faster and faster until they can get inside the adversary's business model. [28:03] Special thanks again to Davis Hake for joining us on RIMScast. The link to the Midyear Report is in this episode's show notes. [28:13] Go to the App Store and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS App! [28:37] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate! Contact pd@rims.org for more information. [29:21] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store. [29:46] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [30:02] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [30:25] Thank you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: Riskworld 2024 — San Diego, CA | May 5–8, 2024 Embrace The Unknown: Unleashing the Power of Risk | Hosted Live & In-Person by RIMS NZ & PI | Feb 12, 2024 | Register early to save 18%: Dan Kugler Risk Manager on Campus Grant RIMS-Certified Risk Management Professional (RIMS-CRMP) NEW FOR MEMBERS! RIMS Mobile App Resilience Midyear 2023 Claims Report RIMS Webinars: Enhance Decision-Making Across Your Cybersecurity Program | Sponsored by Metrics That Matter | Nov. 7, 2023 Risk Management in the Era of Artificial Intelligence | Sponsored by CLARA Analytics | Nov. 9, 2023 An Introduction to U. S. Custom Surety Bonds | Sponsored by Nationwide | Nov. 16, 2023 Business Risk: Helping your Executives Navigate Today's Volatile Risk Environment | Sponsored by Beazley | Nov. 21, 2023 Prepare Yourself for the New Generation of Risk | Sponsored by Riskonnect | Dec. 12, 2023 Addressing Today's Risks While Preparing for Tomorrow | Sponsored by Aon | Dec. 14, 2023 RIMS.org/Webinars Upcoming Virtual Workshops: Leveraging Data and Analytics for Continuous Risk Management | Dec 7 See the full calendar of RIMS Virtual Workshops All RIMS-CRMP Prep Workshops — Including Chris Mandel's Dec 13–14 Course Related RIMScast Episodes: “Cybersecurity Awareness Month 2023 with Pamela Hans of Anderson Kill” “Cybersecurity Reporting Updates with Hilary Tuttle of Risk Management Magazine” “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff” “Genuine Generative AI Talk with Tom Wilde of Indico Data” “Getting to Know Jackware with Dan Healy of Anderson Kill” Sponsored RIMScast Episodes: “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. (New!) “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response “Cyberrisk Outlook 2023” | Sponsored by Alliant “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster “Technology, Media and Telecom Solutions in 2023” | Sponsored by Allianz “Analytics in Action” | Sponsored by Alliant “Captive Market Outlook and Industry Insights” | Sponsored by AXA XL “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars Risk Management Magazine Risk Management Monitor RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Darius Delon! Spencer Educational Foundation RIMS DEI Council RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play RIMS Buyers Guide Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org and listen on Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest Davis Hake Co-Founder of Resilience Tweetables (Edited For Social Media Use): Instead of encryption for ransom, it is easier to target companies that have highly sensitive data they wouldn't want to be exposed and threaten to release it. — Davis Hake Most insurance is not operational; it's reactionary, working with past data to price the risk. In cyber, you're too late if you're taking that approach. — Davis Hake The current tactic of encryptionless distortion is an evolution of the cybercrime business model, making it more efficient and effective. It's a call to action for security. — Davis Hake

ceo california ai power conversations uk education media future running building war co founders ukraine european union risk new zealand barack obama san diego finance resilience congress fbi defense artificial intelligence member insurance register risks era groups analytics webinars emerging cyber organizations rhode island fundamentals caesar app store audit key takeaways cio booth homeland security incentives materials nz c suite auckland risk management national security zurich nationwide midyear mgm adaptability new generation dhs cybercrime gig economy reliance obama administration soc rm national security council colonial pipeline cisa aon stuxnet move it rims metrics that matter hake langevin reservist beazley clop national cybersecurity awareness month prepare yourself subrogation national cyber director jim langevin tom wilde risk management magazine riskonnect

Iowa Business Report Friday Edition -- October 27, 2023

Iowa Business Report

Play Episode Listen Later Oct 27, 2023 2:00

Iowa Business Report Friday EditionOctober 27, 2023 Iowa Secretary of State Paul Pate discusses initiatives tied to National Cybersecurity Awareness Month.

business government radio iowa economy business report national cybersecurity awareness month iowa secretary state paul pate

“CISO therapy” and the real reasons security talent is so hard to find

Play Episode Listen Later Oct 25, 2023 39:43 Transcription Available

As a CISO, how do you know when you're getting through to the board and the C-suite? One way is to look at the quality of the questions they ask you. Are they learning? This is just one of the questions Kevin Magee fields a lot during “CISO therapy,” a discipline he finds himself practicing more often as Chief Security Officer at Microsoft Canada. Aside from the technology components, the thing his “clients” want to talk about most is how to build, sustain and grow those all-important executive relationships. To conclude National Cybersecurity Awareness Month on the Catalyst, host Cheryl Stookes chats with Kevin about how CISOs can break through with boards and leadership. He also dives into the cybersecurity skills shortage, which he names a symptom of too narrow an approach to finding candidates. Instead, he says, those seeking cybersecurity talent should look beyond the relatively small pool of technologists and consider backgrounds in psychology, criminology and law enforcement – that is, people who understand how cybercriminals think, behave and operate. Universities and other training institutions have a part to play here, too. He discusses “reverse mentoring relationships” with younger members on the team. After all, the security leader's job is not to be the best technical problem-solver, but to define the problem and empower others to solve it. Featuring: Kevin Magee, Chief Security Officer, Microsoft Canada The Catalyst by Softchoice is the podcast dedicated to exploring the intersection of humans and technology. This episode is brought to you by Microsoft's Workplace Security Solutions. See how Softchoice can help you get started with Zero Trust and fill every gap in your security infrastructure with Microsoft. Reach out to a Softchoice Solutions Specialist or visit softchoice.com/microsoft-zerotrust to learn about our custom workshops and services.

reach microsoft therapy security talent universities catalyst ciso zero trust cisos real reasons chief security officer national cybersecurity awareness month microsoft canada kevin magee softchoice

Ep. 69-How to Avoid Being the Victim Of a Cybercrime

Missing in the Carolinas

Play Episode Listen Later Oct 20, 2023 44:14

October is National Cybersecurity Awareness Month. The FBI reported that North Carolina citizens lost $18 million in 2022, making it the ninth highest state for romance scams alone. We talk to two experts to learn how can we protect ourselves from the various cybercrimes that are so prevalent in today's society, from Zelle scams to phishing scams to the role AI plays in technology solutions. Show Notes: Marshmallo Dating App https://marshmallo.com/ SlashNext https://slashnext.com/ Co-writer: Erin Settlemier

ai north carolina fbi victim cybercrime zelle national cybersecurity awareness month

Cyber Voices - a conversation with Vishvas Nayi, CyberQ Group

The Trowers Podcast

Play Episode Listen Later Oct 19, 2023 15:39

In the final instalment in our Cyber Voices series, Associate Amy-Rose Hayden speaks to Vishvas Nayi, Head of Cyber Operations at CyberQ, about the biggest takeaways from National Cyber Security Awareness Month and the advice he would give to a board of directors on how best to manage cyber risks.

head conversations voices cyber cyber operations national cybersecurity awareness month

Insider Threats, Critical Infrastructure and Evolving AI, Oh My! with Grant Schneider Halloween Series Part II

Tech Transforms

Play Episode Listen Later Oct 18, 2023 44:49 Transcription Available

In the second episode of our 3-part Halloween series, Grant Schneider, Senior Director of Cybersecurity Services at Venable and former federal CISO, discusses the frightening implications of insider threats, how we are protecting critical infrastructure, and what it was like working on cybersecurity in the White House under both President Obama and President Trump.Key Topics00:03:59 Increased consequences led to rise of cybersecurity00:08:47 Insider threat, screening, hiring, malicious actor, Manning, Snowden00:09:53 Snowden challenges legality of government surveillance00:15:00 Adversary gains access, steals information, demands ransom00:19:19 Different levels of readiness present challenges00:23:15 Helping clients & coalitions for cybersecurity policy00:24:58 Consistency in technology and cybersecurity under past presidents00:27:47 Cybersecurity is like warfare or terrorism00:32:30 AI tools and data drive persuasive information00:34:50 National Cybersecurity Awareness Month raises awareness on cybersecurity and encourages action to protect businesses00:42:40 Diversity of experiences leads to career growth00:44:01 Adaptive, willing, and able to learnIntroduction to National Cybersecurity Awareness MonthPurpose of Raising Awareness About CybersecurityGrant explained that one of the great things about National Cybersecurity Awareness Month is exactly raising awareness and providing an opportunity to hopefully spend time thinking about and discussing cybersecurity. He noted that for organizations already focused on cybersecurity daily, the awareness month may not raise their awareness much more. However, many organizations don't constantly think about cybersecurity, so for business leaders and executives who may now recognize the existential threat a cyber incident poses, the awareness month offers a chance to have important conversations they may have previously avoided due to lack of understanding.National Cybersecurity Awareness Month: "You're only one bad kind of cyber incident away from your organization not existing anymore."— Grant SchneiderOpportunities for Organizations to Have Conversations About CybersecurityAccording to Grant, leaders who don't grasp cybersecurity risks may personally fear initiating conversations to ask what the organization needs to do to address risks. National Cybersecurity Awareness Month provides an opportunity for these leaders to have the necessary conversations and gain education. Grant said the awareness month is a chance to discuss basics, like implementing multifactor authentication, patching and updates. He observed that much of the content produced for the awareness month focuses on cybersecurity fundamentals, so it allows organizations to dedicate time to shoring up basic defenses. Overall, Grant emphasized National Cybersecurity Awareness Month facilitates essential cybersecurity conversations for organizations and leaders who otherwise may not prioritize it consistently.Evolution of Insider Threat in the Intelligence CommunityScreening Out Bad Actors During the Hiring ProcessGrant explains that in the early days of his career at the Defense Intelligence Agency (DIA), insider threat mitigation focused on screening out bad actors during the hiring process. The belief was that malicious insiders were either people with concerning backgrounds trying to get hired, or nation-state actors attempting to plant individuals within the intelligence community. The screening process aimed to identify and reject potentially problematic candidates.Nation-State Actors Planting Individuals Within the CommunityHe mentions the...

Cyber Voices - a conversation with Dean Armstrong KC, Maitland Chambers

The Trowers Podcast

Play Episode Listen Later Oct 16, 2023 20:08

Welcome to Trowers & Hamlins' Cyber Voices Series, a dynamic exploration of all things cybersecurity, in celebration of National Cyber Security Awareness Month. Join us as we engage with the brightest minds, experts, and leaders in the field, offering insights, best practices, and the latest trends to help you stay safe in our digitally connected world. In the first episode, Partner Charlotte Clayson speaks to Dean Armstrong KC from Maitland Chambers about the current threats and opportunities for the UK cyber security sector.

conversations uk voices cyber armstrong chambers maitland national cybersecurity awareness month hamlins trowers

Cybersecurity Awareness Month with Pamela Hans of Anderson Kill

The Checklist by SecureMac

Play Episode Listen Later Oct 10, 2023 43:39

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Pamela Hans of Anderson Kill on the many aspects of Cybersecurity, including who is responsible for it. (If you have a networked device, it's you!) The discussion covers the effects of the new SEC ruling requiring many companies to report a cybersecurity event within four days of discovering that a material event has occurred, and what that means to you and your organization. Justin and Pamela also review her presentation at the RIMS Canada Conference 2023 and how a potential problem became a fun opportunity. Lots to cover in today's episode. Let's get to it. Key Takeaways: [:01] About RIMScast. [:14] Register for the RIMS ERM Conference 2023, which will be held in Denver, Colorado on November 2nd–3rd. RIMS will also host an ERM-based tour of Ball Arena in Denver on November 1st. Limited seating is available. Visit RIMS.org/ERM to register and listen to this episode to hear the code for 10% off your registration! [:41] About today's episode on cybersecurity and presentation skills with Pamela Hans of Anderson Kill. [1:01] All about exciting, upcoming RIMS events! Would you like funding to hire a risk management intern in 2024? If so, take a moment to apply for a Spencer Internship Grant. The application form will close on October 15th. The link is in this episode's notes. [1:28] If you will be attending RISKWORLD 2024 in San Diego, California, take a moment to sign up as a volunteer judge in the Spencer-RIMS Risk Management Challenge 2024. This is our annual international student competition. Full details can be found on the Spencer website at Spencered.org. Get involved; participate. We want to see you there! [1:52] Head to the RIMS.org/Advocacy page to register for The RIMS Legislative Summit, which is returning to Washington, D.C. on October 25th and 26th. [2:04] The RIMS ERM Conference 2023 will be held November 2nd and 3rd in Denver, Colorado. On November 1st, RIMS is hosting an ERM-based tour of Ball Arena, where the Denver Nuggets and Denver Avalanche play. There is limited seating. Register at RIMS.org/ERM2023. At checkout, type code 2023RIMSCAST for 10% off registration! [2:52] The ERM Conference 2023 will be different than years past. We've got some great changes. Book your travel plans now! RIMS will host a Post-conference Workshop for the RIMS CRMP from 9:00 to 4:00 MT on November 4th and 5th. Save $100 when you register for the conference and workshop in one transaction. Links are in the notes. [3:24] It is October; it's cybersecurity awareness month in the U.S. and several other areas of the world and that's why I'm so excited to introduce our guest, Pamela Hans, managing shareholder of the Philadelphia office of the law firm Anderson Kill. She focuses on insurance coverage, which includes cyber. [3:45] We're going to talk about cyber trends. I met Pamela at the RIMS Canada Conference in Ottawa last month where she was delivering a session on “Getting the Deal Done.” We're also going to hear her tips on how to handle the curveballs that might be thrown at you ahead of a live presentation and how to turn them into opportunities. [4:16] Justin met Pamela Hans of Anderson Kill on the last day of the RIMS Canada Conference 2023 when she was hosting a session. Pamela knows cybersecurity and October is National Cybersecurity Awareness Month in the U.S. [5:57] The trend of the phone calls Pamela gets is all about ransomware. A threat actor freezes up the system, completely takes control, and demands a ransom in return for a description key. But the trend in cybersecurity is data breaches to steal personal data. Recently Topgolf, Freecycle, Forever21, Duolingo, and Discord.io suffered breaches. [6:41] Those are just a few examples of cybersecurity incidents where personal sensitive data has been grabbed by the threat actor, with threats to use the data to do more damage to the individuals whose data was taken. [7:03] Pamela has also seen distributed denial of service attacks. The army of bots seems to be increasing in number while the cost is decreasing to rent a bot to execute a distributed denial of service attack. [7:50] When there is an exfiltration of personal data, that data can be used by the threat actor to do more damage to the individuals by impersonating the user and fraud. [8:29] Pamela addresses the SEC rules on the disclosure of cybersecurity events and the annual obligation imposed on publicly traded and registered companies to disclose their cybersecurity governance. That has an impact on the company and its stock price. The public may then decide which companies to trust by their cybersecurity protocols. [9:30] Justin refers to the RIMScast episode with Hilary Tuttle on the SEC cybersecurity reporting rules. They discussed the four-day reporting rule. Four days after the company finds out they were attacked in a material fashion they have to report the breach. [10:09] Pamela notes that a material breach is one that investors would want to know about before investing in the company, as the breach may affect the value of the stock and the company. This is an important SEC rule on cybersecurity governance. [11:41] Risk professionals should be asking questions about this rule now. Prepare to make these required reports. Run tabletop exercises with your response team. Ascertain now what “material,” in the cyber context, looks like to your company. Getting ready now is important, for when you experience a cybersecurity event. [13:23] Pamela speaks about the need for cybersecurity awareness. Any individual can be the gateway to a cybersecurity event. Everyone who has a device needs to be aware of cybersecurity risks to help prevent infiltration by cybercriminals of our phones, laptops, and businesses. [14:54] Cybersecurity is as simple as multi-factor authentication. Don't give away your passwords. Be thinking about cybersecurity, Don't click on the puppy dog. [15:58] Justin presents a special message from Bob Roitblat in case you missed his RIMScast episode. [16:16] Bob Roitblat is excited to be the keynote speaker for the RIMS ERM Conference 2023, in Denver, on November 2nd and 3rd. His keynote is “Elevate, Revolutionize, Maximize: Harnessing Innovation's Promise.” Bob reveals what to expect and asks you to bring your “A game,” be ready to ask questions and interact to get value. [17:34] Go to RIMS.org/ERM2023 to register. If you enter the code 2023RIMSCAST at checkout, you will get 10% off your registration! It's value with a discount! Bob looks forward to helping you elevate and evolve your risk management processes and your career! Be there in Denver, November 2nd and 3rd! Links are in the show notes. [18:36] Pamela reviews her career path, with degrees in civil engineering and then law school. She knew she wanted to solve technical problems for companies. Cybersecurity is a natural fit for her background. Cybersecurity is everywhere. [21:07] Pamela foresees two things from these new reporting rules. One will be SEC subpoenas to companies for information about their cybersecurity reporting and governance. Another will be shareholder scrutiny and lawsuits around failure to disclose or poor evaluation of materiality. The rule is self-enforcing through shareholder suits. [22:35] Pamela predicts we'll see more D&O coverage activity because of this rule. Risk professionals need to be looking at that when renewing or placing new D&O coverage, asking their brokers about the impact of the new SEC requirement around disclosure and materiality. Risk managers will need to explain this if there is a subpoena or claim. [23:52] Risk managers also need to be thinking of looking across the entire insurance program, to see which insurance policies may respond in the event of an SEC subpoena or a claim related to disclosure. Now is the time to prepare for what may be coming. [24:40] Pamela says risk professionals need to ask their insurance broker what is new in their policy since last year. Are there new endorsements or policy language? New policy language or endorsements for 2024 will be enormously important. Risk managers should also run tabletop exercises with the insurance pre-approved response team. [26:53] Risk professionals should look at your policies now to see what policies will respond if you have an SEC claim and what the policy limits are. Your policies need to be on paper, not on your computer network, and not named “Cyber Policy 1,” or “Cyber Policy 2,” where threat actors can find and read them on the network. [27:54] RIMS plug time! Sponsor an episode of RIMScast! Contact us at pd@rims.org. Justin is pleased, humbled, and excited to announce that RIMS and RIMScast have won the 2023 Excellence in MarCom Award on October 24, 2023, from the New York Society of Association Executives (NYSAE)! [28:41] On Friday, November 10th, from 10 to 11, NYSAE is presenting a virtual program called ”Podcasting — A Revenue Stream for Your Association.” Justin is honored to be one of the panelists. A link is in this episode's notes. [28:57] Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. Our friend Elise Farnham returns on October 24th and 25th to lead the two-day course Fundamentals of Risk Management. [29:20] Our friend Chris Hansen was recently on RIMScast. He will be leading Managing Worker Compensation, Employer's Liability, and Employment Practices in the US on November 7th and 8th. Be sure to register for that course! Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register! [29:49] On October 12th, AXA XL returns to present Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals. [30:06] On October 26th, our friends from Zurich return to present a session on PFAS, Forever Chemicals, and PFAS Litigation. On October 31st, Resolver returns to present Building Your Business Case for GRC Software in 2024. Metrics That Matter has Enhanced Decision-Making Across Your Cybersecurity Program on November 7. [30:36] There is a lot of great educational content for you in the next month. Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members. [31:08] About Pamela Hans presenting the last session on the last day of the RIMS Canada Conference 2023. The session was “Do You Want to Get the Deal Done? Obstacles and Opportunities in Contract Negotiation.” She had a packed house for the session. She discussed deal-breakers and opportunities. [33:58] You have tools as a risk professional to deal with risk transfer provisions you might not want. The session talked about how to make insurance work for you in this context and how to indemnify a counterparty that is 10,000 times larger than you. How can your insurance respond to make these provisions opportunities, not deal-breakers? [35:03] People left the session with ideas about what to ask their insurance broker and the business side, to know what they should be ready for. [36:09] Pamela was scheduled to present with two co-presenters but neither of them could attend. For Pamela, it was an opportunity to have fun with the people who were in the room. Presentations are better when they are conversations with the people in the room. It was terrific! [38:34] Justin suggests if you are going to present and your co-presenters back out, look at it as an opportunity. If you need additional materials get them from the organization you represent, but be confident you can do 20 minutes by yourself. Open it up to Q&A and that will take care of a lot of dialog. Pamela went past 60 minutes. [39:18] Justin fell asleep twice in the 17-minute flight back to the U.S. He was disappointed the flight attendant didn't wake him! [40:54] Special thanks to Pamela Hans of Anderson Kill for joining us on RIMScast for National Cybersecurity Awareness Month coverage. The session handout from her RIMS Canada Conference session, “Do You Want to Get the Deal Done?” is available via the RIMS Canada Conference 2023 Attendees Service Center. See link in show notes. [41:16] Go to the App Store on your phone and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS app! [41:36] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate! Contact pd@rims.org for more information. [42:17] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store. [42:41] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [42:56] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:17] Justin thanks you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS ERM Conference 2023 | Nov 2–3 in Denver, CO! Enter 2023RIMSCAST at checkout for 10% off registration! NEW FOR MEMBERS! RIMS Mobile App RIMS Legislative Summit — Oct 25 & 26, Washington, D.C. RIMS-Certified Risk Management Professional (RIMS-CRMP) Dan Kugler Risk Manager on Campus Grant Spencer Educational Foundation — Hire A Risk Intern 2024 | Deadline Oct. 15, 2023 Spencer-RIMS Risk Management Challenge 2024 — Be a Case Study or Join Judging Panel! “Do You Want To Get The Deal Done?” — Session handouts still available via the RIMS Canada Conference Attendee Service Center RIMScast to receive the 2023 Excellence in MarCom Award from the New York Society of Association Executives (NYSAE)! “NYSAE Webinar: Podcasting — A Revenue Stream for Your Association” RIMS Webinars: Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals | Sponsored by AXA XL | Oct. 12, 2023 PFAS Forever Chemicals — Regulations, Litigation, New Technologies | Sponsored by Zurich | Oct. 26, 2023 Building Your Business Case for GRC Software in 2024 | Sponsored by Resolver | Oct. 31, 2023 Enhance Decision-Making Across Your Cybersecurity Program | Sponsored by Metrics That Matter | Nov. 7, 2023 RIMS.org/Webinars Upcoming Virtual Workshops: Claims Management | Oct 10–11 Fundamentals of Risk Management | Oct 24–25 Managing Worker Compensation, Employer's Liability and Employment Practices in the US | Nov 7 See the full calendar of RIMS Virtual WorkshopsAll RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Harnessing Innovation's Promise with ERM Conference Keynote Bob Roitblat” ‘Cybersecurity Reporting Updates with Hilary Tuttle of Risk Management Magazine” “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff” “Genuine Generative AI Talk with Tom Wilde of Indico Data” “Getting to Know Jackware with Dan Healy of Anderson Kill” Sponsored RIMScast Episodes: “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response (New!) “Cyberrisk Outlook 2023” | Sponsored by Alliant (New!) “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster “Technology, Media and Telecom Solutions in 2023” | Sponsored by Allianz “Analytics in Action” | Sponsored by Alliant “Captive Market Outlook and Industry Insights” | Sponsored by AXA XL “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL “How to Reduce Lithium-Ion Battery Fire Risks” | Sponsored by TÜV SÜD “Managing Global Geopolitical Risk in 2022 and Beyond” | Sponsored by AXA XL RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars Risk Management Magazine Risk Management Monitor RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Roland Teo! Spencer Educational Foundation RIMS DEI Council RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play RIMS Buyers Guide Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org and listen on Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn About our guest, Pamela Hans LinkedIn Pamela HansSenior Shareholder, Cyber practice Pennsylvania office of Anderson Kill Tweetables (Edited For Social Media Use): Consumers are giving their personal information to a company they want to do business with and then that company is attacked and the individual's information can be used by the threat actor to do more damage to the individual by way of fraud. — Pamela Hans A material breach is one that investors would want to have information about that might influence their decision to buy or not to buy a stock, because it may impact the value of the stock and the value of the company going forward.— Pamela Hans Risk professionals should look at your policies now to understand what policies will respond if you have an SEC claim because of the reporting requirement and what the policy limits are. What are the requirements of notice? — Pamela Hans

Make Your Business Safe & Secure

Late Night Health

Play Episode Listen Later Oct 7, 2023 8:41

Each October, National Cybersecurity Awareness Month provides a timely reminder that criminals are trying to steal information and money from small businesses and their customers. Cybercrime u on the rise, and 60% of small businesses that experience a cyberattack go out of business within 6 months. That's why it's important to take proactive measures to protect data (and your business) from criminals.Cybersecurity expert Mike Caralis of Verizon Business jins Mark Alyn to offer essential tips for keeping small businesses safe from criminals. Learn how to implement cybersecurity practices, bolster cyber hygiene, and safeguard against threats. Plus, see the new technology, solutions and resources now available to help small businesses protect themselves.

safe secure cybersecurity verizon cybercrime national cybersecurity awareness month verizon business mark alyn

Make Your Business Safe & Secure

Late Night Health Radio

Play Episode Listen Later Oct 7, 2023 8:41

safe secure cybersecurity verizon cybercrime national cybersecurity awareness month verizon business mark alyn

Checklist 346 - Cybersecurity Awareness Month 2023

Play Episode Listen Later Oct 5, 2023 18:34

It's National Cybersecurity Awareness Month. This week, we'll pay a visit to the good folks at CISA.gov for a list of tips to keep businesses safe and a list to keep individuals safe. Tell a friend! It's Checklist No. 346, brought to you by SecureMac. Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

checklist cisa cybersecurity awareness month cyber security awareness national cybersecurity awareness month

Mike Caralis

The ALL NEW Big Wakeup Call with Ryan Gatenby

Play Episode Listen Later Oct 4, 2023 8:24

October is National Cybersecurity Awareness Month, and Mike Caralis, nationally renowned cybersecurity expert with Verizon, shared important information on how individuals and small businesses can keep their information safe from criminals.

verizon national cybersecurity awareness month

Harnessing Innovation's Promise with ERM Conference Keynote Bob Roitblat

ABA Banking Journal Podcast

Play Episode Listen Later Oct 2, 2023 24:10

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin is delighted to welcome innovation thought leader Bob Roitblat to RIMScast. Bob is the keynote speaker at RIMS ERM Conference 2023. He speaks about his keynote, “Elevate, Revolutionize, Maximize: Harnessing Innovation's Promise.” Bob shares how innovation ties into strategy and risk, and how you can harness the great potential of innovation through careful strategy and risk management. Bob is an engaging speaker who asks his audience to be prepared to participate and learn. Get set for a dynamic keynote presentation on harnessing innovation's promise for your organization! Key Takeaways: [:01] About RIMScast. [:14] Register for the RIMS ERM Conference 2023, which will be held in Denver, Colorado on November 2nd–3rd. RIMS will also host an ERM-based tour of Ball Arena in Denver on November 1st. Limited seating is available. Visit RIMS.org/ERM to register and listen to this episode to hear the code for 10% off your registration! [:41] About today's episode with RIMS ERM Conference 2023 keynote Bob Roitblat. [1:01] All about exciting, upcoming RIMS events! Would you like funding to hire a risk management intern in 2024? If so, take a moment to apply for a Spencer Internship Grant. The application form will close on October 15th. The link is in this episode's notes. [1:27] If you will be attending RISKWORLD 2024 in San Diego, California, take a moment to sign up as a volunteer judge in the Spencer-RIMS Risk Management Challenge 2024. This is our annual international student competition. Full details can be found on the Spencer website at Spencered.org. Get involved; participate. We want to see you there! [1:51] Head to the RIMS.org/Advocacy page to register for The RIMS Legislative Summit, which is returning to Washington, D.C. on October 25th and 26th. [2:03] The RIMS ERM Conference 2023 will be held November 2nd and 3rd in Denver, Colorado. On November 1st, RIMS is hosting an ERM-based tour of Ball Arena, where the Denver Nuggets and Denver Avalanche play. There is limited seating. Register at RIMS.org/ERM2023. At checkout, type code 2023RIMSCAST for 10% off registration! [2:51] The ERM Conference 2023 will be different than years past. We've got some great changes. Book your travel plans now! RIMS will host a Post-conference Workshop for the RIMS CRMP from 9:00 to 4:00 MT on November 4th and 5th. Save $100 when you register for the conference and workshop in one transaction. Links are in the notes. [3:21] Bob Roitblat is a multiple business owner and well-known TEDx speaker. Bob will kick off the RIMS ERM Conference 2023 on November 2nd with his keynote, “Elevate, Revolutionize, Maximize: Harnessing Innovation's Promise.” Bob is very engaging and I am looking forward to the energy he will bring to the keynote address on November 2nd! [4:30] Bob Roitblat has started a dozen companies. Each company focused on three areas: innovation, strategy, and risk. The three areas are closely tied together. You can't be successful in one without the other two. It's a three-legged stool. [5:03] Bob describes innovation as doing something new and different that makes a difference. It could be new products or services, a new business model, or a new organizational structure. It's something that you haven't done before that will make a difference to your organization. (A positive difference, preferably!) [6:00] Most of the time when people innovate within an organization, they don't call attention to it, they just run more efficiently. Amazon is a huge logistics company that runs smoothly. They spend billions on innovation. They bought a robotics company to have robots to deliver products on schedule. [6:28] There is also the innovation of developing products and services for external consumption by customers. Bob cites Zia Chisti, who invented Invisalign braces. Orthodontia hadn't changed for 100 years until a Stanford student wanted to change the experience of braces. Within 10 years, he completely altered orthodontia. [7:20] Richard Montañez, a janitor who worked for Frito-Lay, invented Flaming Hot Cheetos. He altered the landscape for focus marketing. He went after a segment of the market people didn't think to go after. Now we're not just marketing to people but to segments of those people. Richard retired as the VP of Multicultural Affairs at Pepsico. [10:05] Bob describes the upcoming influence of AI digital workers on innovation. In terms of efficiency, we are underselling the capabilities of digital workers. Let's elevate our perspective. How do we use digital workers to drive the top line, open new markets, and address new submarkets like Montañez did? [11:44] Software bots may or may not use AI but they are digital workers. [11:57] RIMS plug time! Sponsor an episode of RIMScast! Contact us at pd@rims.org. Justin is pleased, humbled, and excited to announce that RIMS and RIMScast have won the 2023 Excellence in MarCom Award on October 24, 2023, from the New York Society of Association Executives (NYSAE)! [12:41] On Friday, November 10th, from 10 to 11, NYSAE is presenting a virtual program called ”Podcasting — A Revenue Stream for Your Association.” Justin is honored to be one of the panelists. A link is in this episode's notes. [12:57] Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. October 2nd is the last day to register for Applying and Integrating ERM, a two-day course on October 3rd and 4th, led by Elise Farnham. On October 10th and 11th, our friend Gail Kiyomura will host a two-day workshop on Claims Management. [13:28] Our friend Chris Hansen was recently on RIMScast. He will be leading Managing Worker Compensation, Employer's Liability, and Employment Practices in the US on November 7th and 8th. Be sure to register for that course! Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register! [13:56] On October 12th, AXA XL returns to present Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals. [14:10] On October 26th, our friends from Zurich return to present a session on PFAS, Forever Chemicals and PFAS Litigation. Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members. [15:11] Bob's November 2nd keynote preview: Imagine that innovation is a lake. It's full of potential. Unless you harness that flow in some way, you can't take advantage of it. Your strategy is a dam. You set it so the flow doesn't wipe out the town below. That's good risk avoidance. [15:57] Maybe your strategy is to use irrigation pipes to make the surrounding land tillable and farmable. That generates revenue. Maybe your strategy is a hydroelectric plant inside the dam and generate electricity to sell. Unless you have a strategy to extract value from your lake of innovation, it only has potential value. [16:46] The theme of the keynote is how to build your dam strategy to extract value from the innovation that you can identify. [17:11] Bob says to attend the keynote and be prepared to participate! It will not be a one-way data dump! You won't be bored! There will be a QIOS session. Bob won't have all the answers, but he'll answer your Questions with Ideas, Opinions, and Suggestions! Let's start the conversation! [18:00] With Bob's keynote and the following sessions by other speakers, the people who show up will be overloaded with value, and knowledge, and be prepared to go back to their organizations and “take over the world.” [18:29] Bob uses lots of images in his keynote, produced by Gen AI and edited in Photoshop and enhanced with Adobe Illustrator. But digital isn't always the answer. Sometimes analog images are the best way. [19:47] October is National Cybersecurity Awareness Month. It's a subject of the Conference and Bob will address it. Listen in the keynote for the top ten innovations Bob thinks will have the biggest impact on Enterprise Risk Management. Two of the ten deal with cybersecurity. [20:12] Bob shares a point. If you sign up for ChatGPT and you want to have access to the latest LLM, it's a subscription of $20.00 a month. If you subscribe to FraudGPT, a chatbot that helps you hack into things and be fraudulent, you pay a subscription of $200 a month. Don't tell Bob that crime doesn't pay! [21:04] Bob's parting words: “If you see me in the hall, grab me, tell me what you want to talk about. If you disagree with me, please speak up, let's have the conversation. And I've already changed my airfare to stay a little longer 'cause I just saw a new session popped up that I want to go to! So this will be the event of the season! Let's do it!” [21:26] Special thanks again to Bob Roitblat, our RIMS ERM Conference 2023 keynote speaker for joining us. Register today at RIMS.org/ERM2023. You get to hear Bob first thing in the morning on November 2nd and you'll have the chance to connect with him after the keynote, possibly in some other sessions. Links are in the show notes. [21:49] Go to the App Store on your phone and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS app! [22:08] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate! Contact pd@rims.org for more information. [22:50] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store. [23:13] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [23:29] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [23:49] Justin thanks you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS ERM Conference 2023 | Nov 2–3 in Denver, CO! Enter 2023RIMSCAST at checkout for 10% off registration! NEW FOR MEMBERS! RIMS Mobile App RIMS Legislative Summit — Oct 25–26, Washington, D.C. RIMS Western Regional — Oct 4–6, Vail Colorado RIMS-Certified Risk Management Professional (RIMS-CRMP) Dan Kugler Risk Manager on Campus Grant RIMScast to receive the 2023 Excellence in MarCom Award from the New York Society of Association Executives (NYSAE)! “NYSAE Webinar: Podcasting — A Revenue Stream for Your Association” Spencer Educational Foundation — Hire A Risk Intern 2024 | Deadline Oct. 15, 2023 Spencer-RIMS Risk Management Challenge 2024 — Be a Case Study or Join Judging Panel! RIMS Webinars: Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals | Sponsored by AXA XL | Oct. 12, 2023 PFAS Forever Chemicals — Regulations, Litigation, New Technologies | Sponsored by Zurich | Oct. 26, 2023 RIMS.org/Webinars Upcoming Virtual Workshops: Claims Management | Oct 10–11 Managing Worker Compensation, Employer's Liability and Employment Practices in the US | Nov 7 See the full calendar of RIMS Virtual WorkshopsAll RIMS-CRMP Prep Workshops Related RIMScast Episodes: The Future of AI and Work with Sinead Bovell Live from the RIMS ERM Conference 2022 Risk and Leadership with Lt. Gen. (ret) Roméo Dallaire Genuine Generative AI Talk with Tom Wilde of Indico Data ERM in Banking & Finance with Eleni Willis Security Risks and Implementing ERM with Kelly Johnstone Emerging Risks and Board Reporting with Suzanne Christensen ERM at the Veterans Benefits Administration Sponsored RIMScast Episodes: “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response (New!) “Cyberrisk Outlook 2023” | Sponsored by Alliant (New!) “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster “Technology, Media and Telecom Solutions in 2023” | Sponsored by Allianz “Analytics in Action” | Sponsored by Alliant “Captive Market Outlook and Industry Insights” | Sponsored by AXA XL “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL “How to Reduce Lithium-Ion Battery Fire Risks” | Sponsored by TÜV SÜD “Managing Global Geopolitical Risk in 2022 and Beyond” | Sponsored by AXA XL RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars Risk Management Magazine Risk Management Monitor RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Roland Teo! Spencer Educational Foundation RIMS DEI Council RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play RIMS Buyers Guide Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org and listen on Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest, Bob Roitblat Roitblat.com Tweetables (Edited For Social Media Use): Imagine that innovation is a lake. It's full of potential. But unless you harness that water flow in some way, you're not going to be able to take advantage of it. So you're going to come up with a dam. Your strategy is a dam. — Bob Roitblat The theme of the keynote is how to build your “dam strategy” to extract value from the innovation that you can identify. — Bob Roitblat We're going to do a QIOS. … I don't have all the answers, but please, ask your Questions and I will share some ideas, give you my Opinions, and make some Suggestions! Let's start the conversation! — Bob Roitblat If you subscribe to FraudGPT, a chatbot that helps you hack into things and be fraudulent, that subscription costs you $200 a month. So please don't tell me that crime doesn't pay! — Bob Roitblat

#BanksNeverAskThat goes bilingual for 2023

Play Episode Listen Later Sep 29, 2023 9:50

The latest incarnation of ABA's award-winning #BanksNeverAskThat anti-phishing campaign returns for National Cybersecurity Awareness Month in October. On the latest episode of the ABA Banking Journal Podcast — presented by Servbank — ABA's Amy Wertlieb talks about new resources this year, including a return of the popular scam quiz and an all-new consumer-facing site plus customizable resources in Spanish. Banks can register for free and use campaign materials all month or at any point during the year. Learn more about #BanksNeverAskThat and register.

spanish fraud banks aba phishing bilingual consumer education national cybersecurity awareness month

How Well Do you Know your Healthcare Supply Chain; Are your Vendors and Service Providers Infectious Carriers of Cyber Attack? with Ed Gaudet, CEO, and Founder of Censinet

ceo founders healthcare cybersecurity supply chains partnering vendors cybercrime infectious carriers service providers cyber security awareness gaudet national cybersecurity awareness month healthcare supply chain

Play Episode Listen Later Dec 9, 2022 24:52

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. We need to look at Cybersecurity from a supply chain perspective, so dive in with one of the greatest in the industry! In this episode, Ed Gaudet, CEO, and Founder of Censinet talks about healthcare cybersecurity supply chain risk management and how the HIC-SCRiM Guide can support organizations assess the risk they and their third-party vendors and suppliers can face to develop an action plan against attacks. Ed discusses why it's important to set up a plan to manage plausible attacks and some documents, resources, and tools that can help with that. Tune in to learn how to protect patient care and operations from cyber-attacks! Click this link to the show notes, transcript, and resources: outcomesrocket.health

TeleMedicine, TeleHealth, TeleCyber: With the Increase in Virtual Doctor Visits, How Do We Keep the Data and Sessions Secure? with Christine Sublett and Mark Jarrett

covid-19 doctors data healthcare virtual secure visits partnering telehealth jarrett cybercrime telemedicine cyber security awareness national cybersecurity awareness month sublett

Play Episode Listen Later Dec 1, 2022 31:36

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Cybersecurity in telehealth is everyone's responsibility. In this episode, Saul Marquez talked with healthcare cybersecurity experts Christine Sublett and Mark Jarrett about cybersecurity in the current telehealth space. Ever since the COVID-19 pandemic, telehealth has been more widely accepted and practiced. As many benefits as it brings, it also comes with potential threats that must be addressed. Christine and Mark talk about how healthcare organizations need to make sure that the ecosystem used for the delivery of care needs secure data privacy for patients. Tune in to learn about the work Christine Sublett and Mark Jarrett have been doing to help healthcare organizations navigate the telehealth space safely and provide security for their users! Click this link to the show notes, transcript, and resources: outcomesrocket.health

Can't Get Good Help Nowadays: How to Build Your Healthcare Cybersecurity Workforce Against the Competition with Brandyn Blunt, and Matt McMahon

risk healthcare competition cybersecurity providing compliance workforce partnering philips blunt cybercrime cleveland clinic get good senior product manager cyber security awareness brandyn good help national cybersecurity awareness month matt mcmahon

Play Episode Listen Later Nov 24, 2022 29:26

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Finding cybersecurity talent in healthcare is a challenge in and of itself. In this episode, Saul Marquez had a fruitful chat about cybersecurity talent with Matt McMahon, R&D Lead and Senior Product Manager for Cybersecurity with Philips, and Brandyn Blunt, senior Cybersecurity Specialist for Cybersecurity Assurance/Governance, Risk, and Compliance with Cleveland Clinic. Finding workforce talent for healthcare cybersecurity is a challenge that the sector is currently facing, and Matt and Brandyn share their thoughts on the issue, touching on education requirements, competing industries, and open-mindedness. They also discuss the Workforce Guide, a document they collaborated on to help healthcare organizations by providing ideas to build and retain a cybersecurity team. Cybersecurity professionals can come from any background, so Brandyn and Matt explain how to start by looking internally within organizations. Providing training for interested individuals successfully led them down a cyber path. Tune in to this episode to learn how you can be part of the solution in facing the cybersecurity talent shortage!

Don't Sell Me a Lemon with a Virus! with Aftin Ross, Senior Special Advisor for Emerging Initiatives at the FDA, Chris Reed, Director of Regulatory Policy, Digital Health and Product Security at Medtronic, and Debra Bruemmer, Sr. Manager Mayo Clinic

Play Episode Listen Later Nov 18, 2022 31:05

What do Human Virus's and Computer Virus's Have in Common? with Christian Dameff and Jeff Tully, Cybersecurity Researchers, Physicians, and Co-Founders of the CyberMed Summit

co founders healthcare viruses summit computers cybersecurity researchers physicians partnering cybercrime tully cyber security awareness national cybersecurity awareness month computer virus

Play Episode Listen Later Nov 11, 2022 26:34

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. An ounce of prevention is worth a pound of cure. In this episode, Christian Dameff and Jeff Tully, cybersecurity researchers, physicians, and co-founders of the CyberMed Summit, talk about subjects to consider in terms of cybersecurity in healthcare preparedness and safety. One could draw an analogy between our immune system and how the healthcare cyber system should behave, and that's exactly what doctors Dameff and Tully do to illustrate the actions the healthcare industry should be taking. They talk about the CyberMed Summit and how they've created a dynamic space to share information about what to look out for and be up to date to prevent cyber attacks. Cybersecurity is a patient safety issue, and therefore, they discuss why doctors and many other healthcare stakeholders should chime into this topic and how they are working to overcome the challenges that may come up on the road. Tune in to this episode to learn more about cybersecurity in healthcare and how to be more active in protecting it! Click this link to the show notes, transcript, and resources: outcomesrocket.health

Don't Sell Me a Lemon with a Virus. What's the Right Cybersecurity Contract Language for Device Manufacturers and Healthcare Systems with Jonathan Bagnall, Cybersecurity Global Market Leader for Royal Philips Healthcare

Play Episode Listen Later Nov 3, 2022 26:57

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Contract language is key to bringing cybersecurity to medical devices! In this episode, Saul Marquez chats with Dr. Jonathan Bagnall, the Cybersecurity Global Market Leader for Royal Philips Healthcare, about the Model Contract Language for Medtech Cybersecurity Document. He was part of developing this document where healthcare delivery organizations got together to establish the cybersecurity requirements for medical devices, forming partnerships with manufacturers with more trust and certainty of compliance. He discusses how contract language is a tool that, in the Medtech field, can create commitment without stifling innovation. Jonathan also explains how this document will improve medical devices' security by increasing performance, design, and maturity. Tune in to this episode to learn from Dr. Bagnall about the Model Contract Language for Medtech Cybersecurity Document! Click this link to the show notes, transcript, and resources: outcomesrocket.health

healthcare language viruses contract cybersecurity partnering lemon device healthcare system cybercrime manufacturers global markets medtech market leaders cyber security awareness bagnall national cybersecurity awareness month philips healthcare royal philips

We Did Everything Right But We Still Got Hacked with an Extended Clinical Outage; What Do We Do? with Kirsten Nunez and Lisa Bisterfeldt

healthcare patients clinical partnering hacked cybercrime outage nunez cyber security awareness intermountain healthcare national cybersecurity awareness month

Play Episode Listen Later Oct 27, 2022 34:02

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Do you have a plan in case you are the victim of a cyber incident? In this episode, Kirsten Nunez, senior operations manager for emergency management and continuity at Intermountain Healthcare, and Lisa Bisterfeldt, cybersecurity and IT resiliency program manager, talk about the Operational Continuity Cyber Incident checklist they created to support the Incident Response Business Continuity Task Force under the Public Health Sector Coordinating Council Cybersecurity Working Group. Patients' safety is of the utmost importance and it is being increasingly cyber-threatened as so much in healthcare nowadays is done digitally. The OCCI checklist intents to provide guidance for response teams to undertake critical tasks that need to be completed during the first 12 to 24 hours of a cybersecurity event. Kirsten and Lisa discuss why they believe this tool is very important to have at hand, the reasoning behind its format, and how it is to be applied within the healthcare industry. Tune in to this episode to listen to this informative conversation that will help you be prepared against cyber threats! Click this link to the show notes, transcript, and resources: outcomesrocket.health

Neighbors Credit Union: Cyber defenses

The Big 550 KTRS

Play Episode Listen Later Oct 27, 2022 8:41

Paula Anderson spreads awareness for National Cybersecurity Awareness Month with some helpful tips! For more, visit: https://www.neighborscu.org/

cyber neighbors defenses credit unions national cybersecurity awareness month

DOJ partnerships stopping cyberattacks; Cyber Awareness Month; Health of VA's acquisition workforce

The Daily Scoop Podcast

Play Episode Listen Later Oct 25, 2022 33:18

The Department of Justice's collaboration with foreign law enforcement organizations has resulted in the disruption of a Russian malware operation. At CyberTalks, DOJ's Deputy Attorney General for National Security and Cyber Adam Hickey discusses how the partnership was able to disrupt this botnet. National Cybersecurity Awareness Month is about two-thirds over now. Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, explains at CyberTalks what his agency is emphasizing this month. The Department of Veterans Affairs is missing data it needs to gauge the health of its acquisition workforce. That data would help the agency understand who does what, and how. Shelby Oakley, director of contracting and national security acquisitions at the Government Accountability Office, explains what we now know about VA's acquisition workforce. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

NCSAM 22.4: National Cybersecurity Awareness Month - System Updates

Play Episode Play 28 sec Highlight Listen Later Oct 22, 2022 6:49

As the 2022 National Cybersecurity Awareness Months (NCSAM) unfolds with this years' theme "See Yourself In Cyber", join Mike Storm for 4 segmented episodes of Unhackable as he discusses the key steps for every person to execute this year as standard practice to protect their information and assets. This episode covers the fourth key step - Keeping your System Up-to-Date

system cyber security awareness national cybersecurity awareness month unhackable ncsam mike storm

The basics of threat hunting

Talos Takes

Play Episode Listen Later Oct 21, 2022 10:15

To celebrate this week's National Cybersecurity Awareness Month theme, we have a special 101 episode of Talos Takes to cover the basics of threat hunting. This is a crucial skill for any cybersecurity professional-in-training and one of the questions we get the most often. Asheer Malhotra from the Talos Outreach team joins the show to talk about where he starts finding new malware families and threat actors, what the barriers usually are that he has to overcome and what check boxes he has to hit before he can talk about something publicly. For more on this topic, watch our "Threat Hunting 101" livestream from earlier this week here.

threats basics threat hunting national cybersecurity awareness month talos outreach

I'm Surrounded by Cyber Threats: How Do I Know What to Protect Against and How? with Errol Weiss, Chief Security Officer at Health-ISAC

health healthcare protect partnering weiss surrounded cybercrime errol cyber threats chief security officer cyber security awareness isac national cybersecurity awareness month

Play Episode Listen Later Oct 20, 2022 26:54

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Let's watch each other backs and learn from our experiences in cyberspace! In this episode, Saul Marquez sits down to talk with Errol Weiss, Chief Security Officer at Health-ISAC, about today's cyber threats and what measures we can take to prevent them. Throughout this eye-opening conversation, Errol breaks down the three main reasons why cybercrime is committed and how it can impact any organization, but healthcare ones specifically. He explains what an ISAC is, why they were created, and how your organization can benefit from it by learning which are the threats and attacks in your industry. Additionally, Errol shares some examples of these cybercrimes that will make your jaw drop, so listen closely and learn from them. Tune in to this episode to learn about cyber threats and how you and your peers can protect each other from them!

Episode 26: How to Guide Internal Teams to be Security Champions with Francis Dong

The Make it Big Podcast

Play Episode Listen Later Oct 19, 2022 28:12

In light of National Cybersecurity Awareness Month, BigCommerce Senior Application Security Engineer Francis Dong joins BigCommerce Manager of Product Marketing Airon White on the Make it Big Podcast to explore how businesses can guide their internal and external teams to become security champions. With this year's Cybersecurity Awareness Month theme of “See Yourself in Cyber,” this episode focuses on the human aspect of cybersecurity. At the end of the day, it's ultimately about people. Tune in to learn how you, too, can see yourself in cyber — no matter your role. Explore more BigCommerce cybersecurity resources: BigCommerce Blog BigCommerce Engineering Blog BigCommerce YouTube BigCommerce LinkedIn Security champion training: PentesterLab Secure Code Warrior PortSwigger Web Security Academy Security culture resources: 5 Steps to Engage Your Team in Information Security

guide explore internal cyber dongs information security cybersecurity awareness month bigcommerce big podcast national cybersecurity awareness month see yourself security champions

Episode 88: Security and Zero Trust Fundamentals

Meraki Unboxed

Play Episode Listen Later Oct 19, 2022 46:10

It's National Cybersecurity Awareness Month, so it's the perfect opportunity to talk about security fundamentals. We're in discussion with two highly experienced Cisco security professionals who share some of their wisdom and best practices. Learn more from one of our guests in this video: https://www.youtube.com/watch?v=X9pkOr--wrg

security fundamentals cisco zero trust national cybersecurity awareness month

NCSAM 22.3: National Cybersecurity Awareness Month - Phishing

cybersecurity awareness month cyber security awareness in the loop national cybersecurity awareness month

Play Episode Play 15 sec Highlight Listen Later Oct 15, 2022 17:56

recognize phishing cyber security awareness national cybersecurity awareness month unhackable ncsam mike storm

Cybersecurity Awareness Month: Why is Cybersecurity Important to CFEMC?

In The Loop

Play Episode Listen Later Oct 14, 2022 10:33

On this month's episode of In The Loop, we're switching gears and talking all about cybersecurity. In honor of National Cybersecurity Awareness Month being celebrated in October, we're eager to discuss the importance of staying safe online. Joining us is Coweta-Fayette EMC's Computer Services Technician Jennifer Jones. Follow along to hear cybersecurity tips for our members, including how to avoid cybersecurity threats, and what a member should do if they have a questions about protecting themselves at home.

57: We're changemakers too, with Confidence Staveley

Security Stories

Play Episode Listen Later Oct 14, 2022 36:03

National Cybersecurity Awareness Month continues and in honor of it we interview global and industry recognized thought leader, Confidence Staveley. To name a few of her incredible accomplishments, Confidence has been recognized as Cybersecurity Woman of the Year in 2021 and 2022, she is a part of the U.S. State Department's International Visitors Leadership Program. Not to mention she has single handedly changed the future of so many young girls as it relates to their access to technology, education and security awareness. To learn more about Confidence, you can find her on all social media platforms: Linkedin, Twitter, InstagramTo learn more about her organization, Cybersafe Foundation and to donate to their incredible cause you can visit: https://cybersafefoundation.org/donate/Additional resources:CISA Security ResourcesCisco Secure's Cyberecurity Awareness Month PageIf you're inclined to share this episode with your community, please tag us!@Ciscosecure @techwithtaz @hazeburton #seeyourselfincyber #Ciscosecure #NCSAM

confidence state department changemakers national cybersecurity awareness month staveley

Tips for kickstarting your cybersecurity career

Talos Takes

Play Episode Listen Later Oct 14, 2022 14:19

To celebrate National Cybersecurity Awareness Month, two one-time "security noobs" talk about their career trajectories and how they've grown to see themselves in cyber. Sammi Seaman and Jon Munshaw talk about their previous careers in library services and journalism, respectively, and how they applied some of those skills to cybersecurity. Other talking points include:Cybersecurity "ah ha!" moments.Not being afraid to ask questions.Free ways to expand one's cybersecurity knowledge.The importance of getting involved in local cybersecurity conferences and non-profits.

career cybersecurity kickstarting national cybersecurity awareness month

Healthcare Cybersecurity is in Critical Condition. What's the Prescription for Health Systems? with Erik Decker from Intermountain Healthcare & Julie Chua from the U.S. HHS

healthcare hospitals fbi cybersecurity defending deputy director aha cyberattacks cisa tasked nitin infrastructure security agency national cybersecurity awareness month

Play Episode Listen Later Oct 13, 2022 30:51

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. What are some basic things that we should be doing to combat prevalent threats that healthcare systems are facing? In this episode, Saul Marquez had a conversation full of valuable information with Erick Decker, Vice President and Chief Information Security Officer for Intermountain Healthcare, and Julie Chua, Director of the Governance, Risk Management, and Compliance division within the HHS Office of Information Security. Healthcare cybersecurity is in critical condition and so members of the healthcare industry and the Health and Human Services (HSS) have joined forces to improve it. After different task force research efforts were made, the Health Industry Cybersecurity Practices (HICP) document was published. Erick and Julie break down what this publication is all about, the process that took place to write it, and its importance as a manual to protect patient safety with cybersecurity. In the end, cyber safety is patient safety, let us not forget that. Tune in to this episode to learn about the Health Industry Cybersecurity Practices document that will help healthcare organizations and professionals keep their cybersecurity on point!

CISA Deputy Director Speaks on Defending Health care Against Cyber Attacks

Advancing Health

Play Episode Listen Later Oct 10, 2022 31:22

October is National Cyber Security Awareness Month. Although the issue is spotlighted right now, the truth is that attention needs to be paid to cyber security awareness every minute of every day. Hospitals and health systems can't afford to let down their guard for a moment, because the activities of cyber criminals never stop. In this podcast we have a unique opportunity to hear from a high level government leader whose job it is to defend the nation's critical infrastructure from cyber-attacks and other threats. Tasked with this extremely important mission, and here with us today, is Nitin Natarajan, Deputy Director for the Cybersecurity and Infrastructure Security Agency, or CISA. Nitin is a friend and colleague of John Riggi, who joined the AHA as national advisor for cybersecurity and risk after a nearly 30 year career with the FBI. In this podcast, John and Nitin discuss the biggest cyber and other threats facing health care and other infrastructure sectors; how they overlap; the role of CISA; and what health care providers can do to defend against the sophisticated cyber threats everyone faces.

NCSAM 22.2: National Cybersecurity Awareness Month - Complex Passwords

drama landscape ransomware lockbit azim national cybersecurity awareness month

Play Episode Play 20 sec Highlight Listen Later Oct 9, 2022 7:43

complex passwords cyber security awareness national cybersecurity awareness month unhackable ncsam mike storm

The latest on Lockbit 3.0 drama and the rest of the ransomware landscape

Talos Takes

Play Episode Listen Later Oct 7, 2022 9:26

Azim Khodjibaev joins the show once again for the latest addition of "Days of our Ransomware." Jon and Azim talk about the recent LockBit 3.0 leaks and the drama surrounding them. Will other actors try to backpack off the leaked builder? Why is LockBit switching to triple extortion tactics now? And what other trends are going on in the ransomware landscape? This is the perfect place to get caught up on all things ransomware to head into the rest of National Cybersecurity Awareness Month.

In Plain Sight. National Cybersecurity Awareness Month 2022. Kelly Michaud, Conceal.

Cybercrime Magazine Podcast

Play Episode Listen Later Oct 7, 2022 17:10

In Plain Sight is a Cybercrime Magazine podcast series brought to you by Conceal. In this episode, host Hillarie McClure is joined by Kelly Michaud, Senior Director of Marketing at Conceal, to discuss National Cybersecurity Awareness Month 2022, this year's theme of “See Yourself In Cyber,” and more. Conceal is a zero-trust network privacy and security company that disguises and protects your enterprise's online presence and privacy. To learn more about our sponsor, visit https://conceal.io

marketing senior director plain sight michaud conceal cyber security awareness in plain sight national cybersecurity awareness month hillarie mcclure

Healthcare is Critical Infrastructure? With Greg Garcia, Executive Director at Healthcare Sector Coordinating Council

executive director healthcare executives council kicking cybersecurity partnering cybercrime coordinating critical infrastructure cybersecurity awareness month cyber security awareness healthcare sector national cybersecurity awareness month greg garcia

Play Episode Listen Later Oct 6, 2022 24:51

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Let's get real about it: people can die as a result of a cyber-attack. It's not just a work of fiction in movies; it can happen in real life, so let's work on it! In this episode, Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council, talks about why cybersecurity is vital to protect the critical infrastructure that is healthcare. Kicking off a 10-part series on the matter due to October being Cyber Security Awareness Month, Greg points out why in today's digital world, healthcare faces risks that have to be averted in order to protect patient safety. Whether you're a patient, a clinician, or a professional in the cyber side of healthcare, cybersecurity affects you and you need to know how to keep yourself safe. Greg explains what this is and how the Health Sector Coordinating Council identifies and mitigates systemic threats and develops resources that can improve cybersecurity and patients' safety. Tune in to this episode to learn why organizations must work together in terms of cybersecurity to raise the bar for the whole healthcare industry!

Checklist 298 - Are You Even Aware What Month It Is?

The Checklist by SecureMac

Play Episode Listen Later Oct 6, 2022 14:39

October is National Cybersecurity Awareness Month in the US. This year, organizations want you to See Yourself in Cyber. What does that mean? Why do we do this? Is it even worth doing?!? We'll examine that and make YOU an honorary Cyber Champion on Checklist No. 298, brought to you by SecureMac. Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

cyber aware checklist national cybersecurity awareness month see yourself

Cyber Resilience in Government

Public Sector Future

Play Episode Listen Later Oct 6, 2022 29:06

Host Olivia Neal introduces Alvaro Vitta, Microsoft's Worldwide Public Sector lead for cybersecurity. October is National Cybersecurity Awareness Month and we're dedicating a set of Public Sector episodes to exploring this topic. Alvaro's first guest is Tom Burt, Corporate Vice President of Customer Security and Trust at Microsoft. Tom discusses working with the government in Ukraine on cyber defense and how public sector organizations can be better prepared for future attacks. Microsoft Public Sector Center of Expertise for more information and transcripts of all episodes Alvaro Vitta [host] | LinkedIn Tom Burt [guest] | LinkedIn Discover and follow other Microsoft podcasts at aka.ms/microsoft/podcasts

trust tech government ukraine innovation data microsoft security defense policy cloud intelligence cybersecurity expertise governance public sector corporate vice president cyber resilience national cybersecurity awareness month

NCSAM 1.1: National Cybersecurity Awareness Month - Week 1 Oct 2022