Podcasts about national cybersecurity awareness month

Not only is it Manufacturing Month, but October also is National Cybersecurity Awareness Month. To mark the occasion, Smart Industry Managing Editor Scott Achelpohl recruited Joe Anderson of Ohio-based TechSolve to talk about how robust cyber defenses can start with up-to-date password practices and policies. Anderson is a big “get” for Smart Industry—an IT and info security pro with over 25 years of industry experience, possessing several cybersecurity certifications. His company, among other IT services, helps small manufacturers (TechSolve is part of the Manufacturing Extension Partnership in Ohio) tackle cybersecurity compliance challenges and risk management. For manufacturers and the shop floor, cybersecurity and secure OT and IT requires constant vigilance. One of the most common-sense strategies for this is password security—and for lots of companies, mandatory policies relating to passwords often become necessary. Look at examples like Clorox recently: A breach, any breach, can cost millions in “ransom” to cyberattackers and in production downtime. And passwords are often easily hacked.

This is the 20th year of National Cybersecurity Awareness Month! While technology has changed in the last two decades, the threat and impact of cybercriminals has not gone away. If you don't think a cyberattack can happen to you – think again. Hello everyone and welcome to episode 154 of the Resilient Journey podcast, presented by the Resilience Think Tank. This week Mark is joined by cybersecurity thought leader Michael Perdunn. Michael and Mark discuss society's desensitization to news of a data breach and how organizations cannot afford to take that same approach. Michael gives some expert advice on how to provide better phishing training. And they do a deep dive into a real-life and very scary extortion email. Michael explains how the bad actors make them look so real.   Be sure to follow The Resilient Journey!  We sure do appreciate it! Learn more about the Resilience Think Tank here. Want to learn more about Mark? Click here or on LinkedIn or Twitter. Special thanks to Bensound for the music.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   Justin Smulison interviews Daniel Eliot of NIST about NIST, its new publications on cybersecurity, including two Quick Start Guides, the Cybersecurity Framework 2.0, and more, Daniel's history with cybersecurity for small businesses and his career-long passion for helping small businesses protect themselves against cybercrime.   Listen in for the latest information on NIST and cybersecurity guidelines for your organization. Key Takeaways: [:01] About RIMS. [:14] RISKWORLD 2025 will take place in Chicago, Illinois from May 4th through May 7th. The call for submissions is now open through August 27th. A link to the submission form is in this episode's show notes. [:30] About this episode. We will be joined by Daniel Eliot from the National Institute of Standards and Technology, or NIST. [:52] First, let's talk about RIMS Virtual Workshops. The full calendar of virtual workshops is at RIMS.org/VirtualWorkshops. August 15th starts the three-part series, Leveraging Data and Analytics for Continuous Risk Management. Other dates for the Fall and Winter are available on the Virtual Workshops full calendar at RIMS.org/VirtualWorkshops. [1:14] Let's talk about prep courses for the RIMS-CRMP. On September 10th and 11th, the RIMS-CRMP Exam Prep will be held with NAIT. There is another RIMS-CRMP Exam Prep on September 12th and 13th. [1:29] The next RIMS-CRMP-FED Exam Prep course will be hosted along with George Mason University on December 3rd through 5th, 2024. Links to these courses can be found on the Certification Page of RIMS.org and in this episode's show notes. [1:44] We've got the DFW RIMS 2024 Fall Conference and Spa Event happening on September 19th in Irving, Texas. Learn more about that event in Episode 299, which features an interview with the Texas State Office of Risk Management. [2:02] Also on September 19th is the RIMS Chicago Chapter's Chicagoland Risk Forum 2024. Register at ChicagolandRiskForum.org. [2:12] Registration opened for the RIMS Canada Conference 2024 which will be held from October 6th through the 9th in Vancouver. Visit RIMSCanadaConference.ca to register. [2:25] Registration is also open for the RIMS Western Regional, which will be held from September 29th through October 1st at the Sun River Resort in Oregon. Register at RIMSWesternRegional.com. [2:38] We want you to join us in Boston on November 18th and 19th for the RIMS ERM Conference 2024. The agenda is live. The keynote will be announced soon. We want to see you there! A link is in this episode's show notes. [2:53] The nominations are now open for the RIMS ERM Award of Distinction 2024. Nominations are due August 30th. A link to the nomination form is in this episode's show notes. [3:07] If you or someone you know manages an ERM program that delivers the goods, we want to hear about it. A link is in this episode's show notes. All RIMS regional conference information can be found on the Events page at RIMS.org. [3:24] On with the show! In October, we will celebrate National Cybersecurity Awareness Month. You should observe it all year round, of course. My guest today has a lot of great insight into risk frameworks. He is Daniel Eliot, the Lead for Small Business Engagement in the Applied Cybersecurity Division of The National Institute of Standards and Technology (NIST). [3:48] NIST is part of the U.S. Department of Commerce. Today, we will discuss some of the publicly available risk management frameworks and how they've evolved through the years and the new frameworks that address AI, as well. [4:05] You may remember Daniel from his appearance on an episode in April 2020, when he was with the National Cybersecurity Alliance. He is back to provide some new tips for the global risk management community. [4:18] Daniel Eliot, welcome back to RIMScast! [4:42] Justin and Daniel comment on some things that have changed since April 2020. Daniel was at the National Cybersecurity Alliance (NCA). [5:50] Now Daniel is the Lead for Small Business Engagement in the Applied Cybersecurity Division of The NIST. He shares his journey from NCA to NIST via the National Cybersecurity Center of Excellence, a NIST facility operated by Mitre. [6:52] Daniel is happy to be back supporting the small business community. [7:04] Daniel had worked in a small tech startup for almost seven years. He helped them scale the business and manage the development of their product. Next, Daniel joined the University of Delaware's Small Business Development Center, helping tech businesses start and scale. [8:16] Daniel applied for an SBA grant to help small businesses with cybersecurity. This was in 2014. The Cybersecurity Framework was published in 2014. Daniel applied the Cybersecurity Framework to small businesses. That started Daniel's career in small business cybersecurity. [9:32] There's a new NIST Risk Management Framework (RMF) Small Enterprise Quick Start Guide. Daniel's role at NIST is to coordinate across NIST, government, and the private sector, to create opportunities for the small business community to engage with NIST expertise. [10:19] The RMF Small Enterprise Quick Start Guide is a product of that coordination across NIST, government, and the private sector community. In February, NIST produced the Cybersecurity Framework 2.0 Small Business Quick Start Guide. [10:44] NIST decided to do a Quick Start Guide for a risk management framework for small to medium enterprises. The Risk Management Framework is a process. It's a holistic and repeatable seven-step process for managing security and privacy risks. [11:23] The NIST RMF Quick Start Guide provides an overview of the seven steps of the process, the foundational tasks for each step, tips for getting started with each step, a sample planning table, key terminology and definitions, questions to consider, and related resources. [11:53] It's RIMS plug time! Webinars! All RIMS Webinar registration pages are available at RIMS/org/Webinars. On August 27th, Riskonnect returns to discuss How To Successfully Deploy AI in Risk Management. [12:12] On September 5th, Merrill Herzog makes their RIMS Webinars debut with the Role of Insurance in Building Resilience Against an Active Assailant Attack. On September 19th, Origami Risk returns to deliver Leveraging Integrated Risk Management For Strategic Advantage. [12:28] Justin jumped ahead a bit. On September 12th, HUB International returns to deliver the third part of their Ready for Tomorrow series, Pivot and Swerve: Staying Agile During Shifting Market Dynamics. [12:44] Justin is delighted to be joined by the moderator for that session, the Chief Marketing Officer for Canada at HUB International, Linda Regner Dykeman. Justin welcomes Linda to RIMScast! [13:13] The webinar will be at 1:00 p.m. Eastern Time on September 12th. Linda says they will be discussing current market trends and challenges. The industry has been able to produce some very strong profits over the last few years. [13:29] The market needed correction after many years of unprofitability driven by weather events in the property line where rates seemed to be unsustainable. Casualty also had its issues, particularly with Directors and Officers Liability. [13:47] As a result of the profitability the industry was able to achieve over the last few years, most carriers have become more competitive in growing their books of business. This competition is not being seen in all lines, segments, or geographies. [14:04] Some catastrophe-prone zones such as BC and Alberta have not seen the same level of competition across the board. As the market transitions from a hard market to a competitive environment, there is some unusual and inconsistent behavior. [14:21] Carriers in Canada are being more flexible with their appetite. London is looking to grow significantly over the next couple of years with goals of hitting $100 billion by 2025. Add to that NGAs who are seeing their market share change as local carriers become more competitive. [14:39] As we transition out of what was considered to be a hard market, we see a lot of inconsistency in this market. [14:48] Add to this the supply chain issues, which are not what they once were, the economy is flat with spending, once normalized for an increase in population, it reflects that of a market in a recession. [15:02] We, as brokers are finding competitive solutions to protect our clients. We have to pivot and swerve to discover the right opportunities. [15:13] We had a significant rain event in Toronto, followed by one of the worst wildfires Jasper has ever seen, seemingly a once-in-a-hundred-year event; weather catastrophes are more severe and more frequent. [15:27] How is this going to change the availability of capacity and pricing? Time will tell, as insurers try to figure out if their pricing models included the right loadings for these events. [15:49] Being informed by what is happening in the market; the trends, the opportunities, what's available, and partnering with the right broker, will help a risk manager make an informed decision, appropriate for their business. [16:11] The panelists have decades of experience and expertise across North America. They work with clients, markets, and other experts and bring a much broader perspective and experience to this session. [16:26] Steve Pottle is the risk manager on the panel. He's been omnipresent in RIMS Canada for years. He's a former RIMS VP and is currently the Director for Risk and Safety Services at Thompson Rivers University. Justin says he's one of the best and Linda agrees. [16:57] Linda will moderate. She'll ask the panelists questions HUB International has received from its clients, based on what they are seeing happening in the environment around them. She would also like the audience to pose some questions. Audience participation is encouraged. [17:21] Justin thanks Linda Regner Dykeman of HUB International, and will see her again on September 12th, 2024 for the third installment of HUB's Ready for Tomorrow series, Pivot and Swerve: Staying Agile During Shifting Market Dynamics. [17:37] Let's return to today's interview with Daniel Eliot from NIST. [17:53] Daniel states that the Risk Management Framework is a repeatable seven-step process for managing security and privacy risks. It starts with preparation, categorizing, and understanding the information that your organization processes, stores, and transmits.  [18:20] Then you select controls, and implement those controls to protect the security and privacy of the systems. Then you assess, authorize, and monitor the controls. Are the selected controls producing the desired results? Are there changes to the organization that require new controls? [18:45] You follow the seven steps of the framework in order and repeat them in a cycle. Keep going through it. Every organization regularly changes. Technologies change. People change. That's why the framework has to be repeatable and flexible. [19:05] NIST published this Risk Management Framework Smal Enterprise Quick Start Guide as a tool to raise awareness within the Small and Medium Enterprise (SME) Community about what the Risk Management Framework is and how to get started with it. [19:26] This Quick Start Guide is not intended to guide you on your journey from start to finish for a comprehensive risk management implementation. It is a starting point. [19:41] The Guide has an overview of the steps of the Risk Management Framework, some foundational tasks for each of the RMF steps, some tips for getting started, some sample planning tables, and graphics to help people understand concepts that might be new to them. [20:02] NIST spent a lot of time defining key terminology, extracting terms out of the Risk Management Framework, and highlighting them in this Quick Start Guide. There are phrases and terms in the Risk Management Framework that some people new to it might not understand. [20:24] For example, “authorization boundary.” The Guide highlights and illustrates what these terms mean in the Risk Management Framework and adds questions for organizations to consider and use internally for discussion. The answers may be different for every organization. [21:12] This Guide is a derivative tool from the existing publication that went out for public comment. The Quick Start Guide did not go out for public comment but NIST has circulated Quick Start Guides to some small businesses they know to make sure it's hitting the right note. [21:56] Daniel monitors commentary and looks at how the Guide is received out in the world once it's published. In every Quick Start Guide, there is an opportunity for people to contact NIST if they have questions or if there is an error. NIST is always open to feedback. [23:03] In small businesses, Daniel finds the owner or operator is the Chief Risk Officer, the Janitor, the CISO, and the Chief Marketing Officer. Anyone can use the Risk Management Framework. It's a process. [23:25] Federal agencies, contractors to the federal government, and other sources that use or operate a federal information system typically use the suite of NIST Risk Management Standards and Guidelines to develop and implement a risk-based approach. [23:48] A lot of the audience for this Small Enterprise Quick Start Guide might be small universities, small municipalities, or small federal agencies implementing this Risk Management Framework. [24:27] We have time for one more break! The Spencer Educational Foundation's goal is to help build a talent pipeline of risk management and insurance professionals. That is achieved, in part, by a collaboration with risk management and insurance educators across the U.S. and Canada. [24:45] Whether you want to apply for a grant, participate in the Risk Manager on Campus program, or just learn more about Spencer, visit SpencerEd.org. [24:55] On September 12th, 2024, we look forward to seeing you at the Spencer Funding Their Future Gala at The Cipriani 42nd Street in New York City. Our recent guest from Episode 293, Lilian Vanvieldt-Gray, will be our honoree. [25:11] Lilian is the Executive Vice President and Chief Diversity, Equity, and Inclusion Officer at Alliant Insurance Services and she will be honored for her valuable contributions to supporting the future of risk management and insurance. [25:28] That was a great episode, so after you finish this one, please go back and listen to Episode 293. [25:34] Let's conclude our interview with Daniel Eliot of NIST. [26:10] Daniel introduces the U.S. AI Safety Institute, housed within NIST. It's tasked with advancing the science, practice, and adoption of AI safety across the spectrum of risks, including those to national security, public safety, and individual rights. [26:39] The efforts of the U.S. AI Safety Institute initially focused on the priorities assigned to NIST under President Biden's Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. [26:51] On July 26th, 2024, they released resources for a variety of aspects of AI technology. Two are new to the public. The first is an initial public draft of a guidance document intended to help software developers mitigate the risks of generative AI and dual-use foundation models. [27:19] The other is a testing platform intended to help AI system users and developers measure how certain types of attacks can degrade the performance of an AI system. These are two opportunities for the public to provide comments on these publications and tools. [27:49] There is a link to the call for comments in this episode's show notes. [28:03] At NIST, foundational publications go out for public comment. NIST wants to hear from U.S. citizens and people all over the world to get their perspectives on NIST's approach to what they're addressing. This is a community effort. Comment periods are important. [28:37] From Daniel's perspective of small business, he seeks the comments of small businesses on these publications. Authors need to hear from organizations, large and small. [28:53] These two new publications are open for public comment. [28:59] three releases are final publications. One is The AI Risk Management Framework Generative AI Profile, which helps organizations identify unique risks posed by generative AI. It includes actions for generative AI risk management. [29:34] A second publication is the Secure Software Development Practices for Generative AI and Dual Use Foundation Models. It addresses concerns about Generative AI systems being compromised with malicious training data that would adversely affect system performance. [30:16] The third publication is A Plan for Global Engagement on AI Standards. It's intended to drive worldwide development and implementation of AI-related consensus standards. Standards require global input from businesses, governments, non-profits, and academia. [30:57] These three final publications have been informed by public comment periods. They're ready to hit the ground running and people can put them into action. [31:15] Daniel is part of the Applied Cybersecurity Division of NIST. The U.S. AI Safety Institute is a different part of NIST. [31:44] Every once in a while, public comments receive spammy messages. [32:23] Daniel says all cybersecurity and privacy risk management comes back to governance and having policies and procedures in place, knowing your contractual and legal responsibilities. Organizations need policies that guide behavior for the appropriate use of AI in their business. [32:59] Individuals in companies have pasted confidential company information into publicly available AI systems. That creates a vulnerability. Have a policy around the use of these tools. [33:31] Criminals have used AI to upgrade phishing scams, reduce grammatical errors, and craft more convincing appeals. [35:00] NIST is raising awareness of different ways of identifying phishing attacks besides looking for grammatical errors, such as looking at the links and the calls to action and other factors that show it is a phishing scam. AI is contributing to their increasing sophistication. [35:43] Daniel shares his tip for new risk professionals. Familiarize yourselves with the suite of resources that NIST has available for cybersecurity and privacy risk management. They have a broad variety of risk management frameworks and resources, like the Quick Start Guide. [36:42] There are online courses, extensive FAQs with answers, and archived talks from SMEs. Take advantage of these resources. Also, let NIST know what other resources might be helpful to you. The core of NIST guidance for any framework is good governance. [37:21] Understand your mission and requirements. Create and maintain policies for good behavior. Understand your supply chain dependencies and vulnerabilities. Good governance sets your organization up for success when implementing and monitoring risk-mitigating controls. [37:56] NIST offers consistent, clear, concise, and actionable resources to small businesses. Since 2018, they have maintained a website, NIST Small Business Cybersecurity Corner, with over 70 resources on the site, all tailored to small businesses. The Quick Start Guides are there. [38:32] The resources include short videos, tip sheets, case studies, and guidance organized by both topic and industry. All the resources are free and produced by federal agencies, such as NIST, FBI, CISA, as well as nonprofit organizations. It's a one-stop shop for this information. [39:04] The resources are regularly updated and expanded to keep the content fresh and relevant. The resource library has the Cybersecurity Basics Section, with eight basic steps businesses can inexpensively implement to reduce cybersecurity risks. [39:28] The Cybersecurity Framework Page highlights the CSF and small business resources related to the CSF. There is topical guidance on Multi-Factor Authentication, Ransomware, Phishing, Government Contracting Requirements, and Choosing a Vendor or Service Provider. [39:53] All the resources are available at NIST.gov/ITL/SmallBusinessCyber. The link is in this episode's show notes. The resources are there for you to use in your organization. [40:30] Justin says, “It has been such a pleasure to reconnect with you here on RIMScast! I always love it when you post on LinkedIn! I think you're great! You're keeping me informed. Happy National Cybersecurity Awareness Month to you!” [40:55] With developments in tech and AI, cybersecurity has taken a back seat, but Justin says it will come back pretty hard. Justin feels it will be sooner than four-and-a-half years for Daniel to return to RIMScast. [41:23] Whatever new technology comes out, cybercriminals are looking at it to see how they can exploit it. There will always be a cybersecurity component to it. [42:05] Daniel Eliot, thank you so much for rejoining us here on RIMScast! [42:10] Special thanks again to Daniel Eliot of NIST for rejoining us here on RIMScast. Lots of links are in this episode's show notes to aid small enterprise owners and risk professionals. [42:25] These resources are publicly available and complimentary, so by all means, use them and leverage them to ensure your organization's cyber resilience. I've got lots of links in this episode's show notes for more cybersecurity coverage from RIMS, as well. [42:44] It's RIMS plug time! The RIMS App is available to RIMS members exclusively. Go to the App Store and download the RIMS App with all sorts of RIMS resources and coverage. It's different from the RIMS Events App. Everyone loves the RIMS App! [43:18] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [44:02] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [44:20] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [44:36] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [44:58] Thank you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: DFW RIMS 2024 Fall Conference and Spa Event | Sept 19‒20 Chicagoland Risk Forum 2024 — Presented by RIMS Chicago Chapter — Sept. 19, 2024 RIMS Western Regional — Sept 29‒Oct 1, Oregon | Registration is open! RIMS Canada Conference 2024 — Oct. 6‒9 | Registration is open! Spencer Educational Foundation — Funding Their Future Gala 2024 | Sept. 12, 2024 RIMS ERM Conference 2024 will be in Boston, MA Nov. 18‒19 | Register Now RIMS ERM Award of Distinction — Nominations Open Through Aug. 30, 2024! RISKWORLD 2025 will be in Chicago! May 4‒7 Education Content Submissions for RISKWORLD 2025 NIST Risk Management Framework Small Enterprise Quick Start GuideCybersecurity Framework 2.0 Small Business Quick Start Guide NIST Small Business Cybersecurity Corner U.S. Artificial Intelligence Safety Institute New Guidance and Tools to mitigate AI Risks Managing Misuse Risk for Dual-Use Foundation Models Testing How AI System Models Respond to Attacks Users can send feedback to: dioptra@nist.gov RIMS DEI Council RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS Strategic & Enterprise Risk Center NEW FOR MEMBERS! RIMS Mobile App   RIMS Webinars: How to Successfully Deploy AI in Risk Management | Sponsored by Riskonnect | Aug. 27, 2024 Role of Insurance in Building Resilience Against an Active Assailant Attack | Sponsored by Merrill Herzog | Sept. 5, 2024 HUB Ready for Tomorrow Series: Pivot and Swerve — Staying Agile During Shifting Market Dynamics | Sept. 12, 2024 Leveraging Integrated Risk Management For Strategic Advantage | Sponsored by Origami Risk | Sept. 19, 2024 RIMS.org/Webinars   Upcoming Virtual Workshops: Leveraging Data and Analytics for Continuous Risk Management (Part I) 2024 — Aug 15 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Related RIMScast Episodes: “Daniel Eliot's 2020 RIMScast Debut: Cybersecurity Tips for Small Businesses” “300th Episode Spectacular with RIMS CEO Gary LaBranche” “Mid-Year Risk Update with Morgan O'Rourke and Hilary Tuttle” “Emerging Cyber Trends with Davis Hake” “Cybersecurity Awareness Month with Pamela Hans of Anderson Kill”   Sponsored RIMScast Episodes: “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL (New!) “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company (New!) “Partnering Against Cyberrisk” | Sponsored by AXA XL (New!) “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response “Cyberrisk Outlook 2023” | Sponsored by Alliant “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interviews featuring RIMS Risk Management Honor Roll Inductee Mrunal Pandit!   RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guests: Daniel Eliot, Lead for Small Business Engagement Small Business Cybersecurity CornerApplied Cybersecurity DivisionNational Institute of Standards and Technology U.S. Department of Commerce Linda Regner Dykeman, HUB International, Chief Marketing Officer for Canada   Tweetables (Edited For Social Media Use): I'm happy to be back at NIST, supporting the small business community. — Daniel Eliot   The industry has been able to produce some very strong profits over the last few years, after many years of unprofitability driven by weather events in the property line. — Linda Regner Dykeman   Follow the seven steps of the framework in order and repeat them in a cycle. Keep going through it. Every organization regularly changes. Technologies change. People change. That's why it has to be repeatable and flexible. — Daniel Eliot   There are phrases and terms associated with the Risk Management Framework that some people who are new to this might not understand. — Daniel Eliot   When talking about small businesses, the owner or operator is the Chief Risk Officer, the Janitor, the CISO, and the Chief Marketing Officer. — Daniel Eliot   An AI system is only as good as the information that's put into it. — Daniel Eliot    

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Davis Hake, Co-Founder of Resilience, about his career in national security work, including working with former Congressman Langevin, Homeland Security, and Obama's National Security staff. Davis tells about co-founding Resilience in the private sector to help organizations build cybercrime resilience. He introduces the Resilience Midyear 2023 Claims Report, revealing important trends discovered in cybercrime through claims data, Reliance research, and partner research.   Davis closes the interview with a look to 2024, his plans for pushing the flywheel faster, and his analysis of what it will take to break the new cybercrime business model.   Key Takeaways: [:01] About RIMScast. [:27] About today's episode, where we will discuss cyber security trends from Resilience's Midyear 2023 Claims Report. [:36] First, a quick shoutout to the RIMS New Zealand Pacific Island Chapter and Marsh Australia and New Zealand, who welcome you to Embrace The Unknown: Unleashing the Power of Risk, a one-day event on February 12, 2024 at the Pullman Hotel in Auckland, NZ. [1:00] It will be a gathering of experts, thought leaders, and professionals from various industries to explore and discuss the critical role of risk management in today's dynamic and uncertain world. There will be sessions on AI, Resilience, and Adaptability, highlighted by case studies and insights. See the link in this episode's show notes.  [1:21] It's never too early to talk about RISKWORLD 2024! Save the date, May 5th–8th, 2024 in sunny San Diego, California. Booth and sponsorship sales are open. Member registration opens this month, November 2023 and public registration opens in December 2023. Visit RIMS.org/RISKWORLD to learn all about it. [1:51] Our guest today, Davis Hake, is the Co-Founder of Resilience, which recently released its Midyear 2023 Claims Report. They say ransomware is entering a new era as cybercriminals have begun shifting their tactics to bypass security controls by hitting critical vendors and seeking larger targets for extortions. [2:14] They're big game hunting again and we're going to talk all about it with Davis Hake. Davis had a fascinating career in government and we will learn about that, as well. [2:33] Davis Hake, welcome to RIMScast! This episode was recorded in October, National Cybersecurity Awareness Month, but as Davis says, every month is National Cybersecurity Awareness Month! [3:18] Davis grew up working in politics on the Hill, for Congressman Jim Langevin. Congressman Langevin was one of the first on the Hill to identify we had serious problems in our critical infrastructure in everything from power plants to communication. At about that time, Stuxnet became a public concern. [3:50] Congressman Langevin dove into looking at what we need to do as a nation to secure these larger problems. He realized cyber is an economic problem of incentives, cost, and how businesses manage their digital innovation. He set Davis on a path to be passionate about trying to fix it. [4:14] Davis worked for a time in the Obama administration for the National Security Council. He came to the private sector to work in cybersecurity and got together with his Co-Founders to build something that would take this technical problem to understand a company's risk and how they invest against it. [4:41] They looked at the insurance industry for how to drive better risk management practices and applied RM to cyber. They started in 2016. Now, in 2023, they have an amazing insurance team with some of the best folks in the industry, serving clients in the U.S., the EU, and the UK with close to 200 staff members. [5:32] Davis praises former Congressman Langevin for his intense concern about national security, not as a politician but as one who served not only his constituents but the nation. He worked across the aisle to serve the national good. Most importantly, he got things done. [6:18] Congressman Langevin left Congress in 2023. Before he left, he worked on the Cyber Solarium Commission, helped establish the office of the National Cyber Director, and helped establish some of the authorities that allowed DHS to build CISA. Congressman Langevin has retired to work on issues in the state of Rhode Island. [7:43] Resilience's Midyear 2023 Claims Report covers events from January through June of 2023. They wanted to report the data with actionable analysis on top of it. Besides Resilience claims data, they analyzed public data from other organizations to understand Resilience's data in the context of the broader cybercrime trends. [9:08] Third-party vendor risk has always been a concern. The change is that fewer and fewer companies are paying extortions to ransomware actors. So now groups are targeting critical vendors and running data extortions with thousands of victims. They don't encrypt. Resilience clients have filed incident reports on these attacks from Clop. [9:47] How do you protect against vendor risk? Risk transfer through cyber insurance is so important. Don't just look at the risk mitigation side, but also the risks out of your control. Insurance helps absorb environmental risks. With vendors, you can require that they prove verification from certain audits, like the SOC 2 Audit. [10:30] You can have vendors tell you best practices they follow with other clients. Are they practicing what they're preaching with their data security? You can limit the data you share with them. By just working with any vendor, which we all have to do, you are assuming their risk if they're holding your data and they're not your company. [11:22] The ransomware criminal marketplace is a bunch of startups, taking the easiest path to revenue. Running a negotiation, locking up a company, and ensuring that you get access to their backups all take a lot of time. [11:52] It is easier to target companies that have highly sensitive data they wouldn't want exposed and threaten to release it. Resilience sees a lower rate of payment for these types of attacks but those who pay, end up paying large amounts. The Moveit attack and following attacks are estimated to have made Clop around $100 million. [12:44] The Resilience report discusses data from other groups that show less than 40% of encryption victims are paying ransom, down from 80% in 2022. Resilience works to prepare their clients against ransomware attacks and about 15% of their clients attacked by ransomware pay the ransom. That number has gone down since 2022. [15:06] Resilience helps clients to imagine the worst day for their clients. Let's work backward to ensure that the worst day doesn't happen. That thinking has been core in helping companies reduce paying extortions. When executives pay extortions, it's usually in a panic, thinking they can make this worst day immediately go away. [15:49] If criminal groups have access to your data, they will do everything they can to use it against you. Prepare to protect that data in a way that is incredibly secure or resilient or make your organization resilient to this type of pressure. That's the best thing you can do to limit financial loss and protect your customers from their worst day. [16:21] RIMS plug time! Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. December 7th starts the three-part course, Leveraging Data and Analytics for Continuous Risk Management, which will be led by our friend Pat Saporito. [16:42] Fundamentals of Insurance returns on December 12th and 13th. It will be led by our good friend Gail Kyomura. Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register! [16:59] Metrics That Matter has cyber on their minds with Enhance Decision-Making Across Your Cybersecurity Program on November 7th. CLARA Analytics makes its RIMS debut on November 9th with Risk Management in the Era of Artificial Intelligence. [17:22] On November 16th, Nationwide returns to present U.S. Customs Surety Bonds: A Primer for Risk Professionals. On November 21st, Beazley returns to present Business Risk: Helping Your Executives to Navigate Today's Volatile Risk Environment. [17:41] On December 12th, Prepare Yourself for the New Generation of Risk with Riskonnect. On December 14th, Aon will be Addressing Today's Risks While Preparing for the Risks of Tomorrow. [17:54] Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members. [19:01] After the Colonial Pipeline attack, the U.S. security establishment got much more serious about ransomware. Defense against cybercrime was something that had been left up to the private sector. The administration started to take cybercrime seriously and cooperate with industry, working with CISA and the FBI heavily to fight back. [19:48] When the War in Ukraine happened, the cooperation between the public and private sectors in the fight against ransomware intensified. As organizations have become more resilient against paying extortion, cybercriminals have to go after the big guys to get a payment. Cybercrime is indiscriminate between industries it targets. [20:29] In Q1, 2023 there was a tide of cybercrime targeting healthcare organizations. In Q2, there was a big tide against manufacturing organizations. Clop then hit a few vendors for educational organizations. Organizations like MGM and Caesar's which were hit, have massive networks full of devices they monitor, with different networks. [21:13] MGM refused to pay, while Caesar's paid the extortion. The reporting shows that Caesar's has had an easier road to recovery. It may make more economic sense for large companies to pay the extortion. But that's a bad message. That's what has Resilience concerned. More complex clients, though better defended, are likely to pay. [22:02] Groups like Clop are choosy about their targets and prioritize large organizations with a lot to lose. To successfully defend cyber in an enterprise, all the tech teams must work together and not remain siloed. Incentives have to come from the top that get the CIO, Risk, and Finance planning budgets together. It's how your team works together. [23:06] Davis served briefly on the National Security staff in the Obama Administration after working in Homeland Security. [23:22] After the Obama Administration, a lot of the National Security staff moved to the private sector. Some continued to fight the security fight. The CEO of Resilience is a part-time Reservist working in Cyberdefense. He sees the national-level mission and the larger cyber trends. [24:18] Most insurance is not operational; it's reactionary, working with prior data to price the risk. In cyber, you're too late if you're taking that approach. Resilience has a threat intelligence team, taking in data much faster than a traditional insurance organization. [25:07] Resilience is standing up a team that is working to provide technical analysis and trend analysis. They will show the large trends and the reasons they are happening, and validation from Resilience data and partner data. They're combining financial loss and impact with threat intelligence they are monitoring from the security team. [26:59] Davis says the tactic of encryptionless distortion is an evolution of the cybercrime business model, making it more efficient and effective. It's a call to action for security. Building better widgets will not out-innovate these guys. We have to build better strategies and better business models that take their business models down. [27:28] Resilience is working to build a better resilient flywheel, with insurance, visibility, and working with clients to address that will ultimately lead to lower financial loss for clients and the Resilience insurance company. They want to push the flywheel faster and faster until they can get inside the adversary's business model. [28:03] Special thanks again to Davis Hake for joining us on RIMScast. The link to the Midyear Report is in this episode's show notes. [28:13] Go to the App Store and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS App! [28:37] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate! Contact pd@rims.org for more information. [29:21] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store. [29:46] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [30:02] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [30:25] Thank you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: Riskworld 2024 — San Diego, CA | May 5–8, 2024 Embrace The Unknown: Unleashing the Power of Risk | Hosted Live & In-Person by RIMS NZ & PI | Feb 12, 2024 | Register early to save 18%​: Dan Kugler Risk Manager on Campus Grant RIMS-Certified Risk Management Professional (RIMS-CRMP) NEW FOR MEMBERS! RIMS Mobile App Resilience Midyear 2023 Claims Report RIMS Webinars: Enhance Decision-Making Across Your Cybersecurity Program | Sponsored by Metrics That Matter | Nov. 7, 2023 Risk Management in the Era of Artificial Intelligence | Sponsored by CLARA Analytics | Nov. 9, 2023 An Introduction to U. S. Custom Surety Bonds | Sponsored by Nationwide | Nov. 16, 2023 Business Risk: Helping your Executives Navigate Today's Volatile Risk Environment | Sponsored by Beazley | Nov. 21, 2023 Prepare Yourself for the New Generation of Risk | Sponsored by Riskonnect | Dec. 12, 2023 Addressing Today's Risks While Preparing for Tomorrow | Sponsored by Aon | Dec. 14, 2023 RIMS.org/Webinars Upcoming Virtual Workshops: Leveraging Data and Analytics for Continuous Risk Management | Dec 7 See the full calendar of RIMS Virtual Workshops All RIMS-CRMP Prep Workshops — Including Chris Mandel's Dec 13–14 Course Related RIMScast Episodes: “Cybersecurity Awareness Month 2023 with Pamela Hans of Anderson Kill” “Cybersecurity Reporting Updates with Hilary Tuttle of Risk Management Magazine” “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff” “Genuine Generative AI Talk with Tom Wilde of Indico Data” “Getting to Know Jackware with Dan Healy of Anderson Kill” Sponsored RIMScast Episodes: “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. (New!) “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response “Cyberrisk Outlook 2023” | Sponsored by Alliant “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster “Technology, Media and Telecom Solutions in 2023” | Sponsored by Allianz “Analytics in Action” | Sponsored by Alliant “Captive Market Outlook and Industry Insights” | Sponsored by AXA XL “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars Risk Management Magazine Risk Management Monitor RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Darius Delon! Spencer Educational Foundation RIMS DEI Council   RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play RIMS Buyers Guide Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org and listen on Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest Davis Hake Co-Founder of Resilience   Tweetables (Edited For Social Media Use): Instead of encryption for ransom, it is easier to target companies that have highly sensitive data they wouldn't want to be exposed and threaten to release it. — Davis Hake   Most insurance is not operational; it's reactionary, working with past data to price the risk. In cyber, you're too late if you're taking that approach. — Davis Hake   The current tactic of encryptionless distortion is an evolution of the cybercrime business model, making it more efficient and effective. It's a call to action for security. — Davis Hake    

Iowa Business Report Friday EditionOctober 27, 2023       Iowa Secretary of State Paul Pate discusses initiatives tied to National Cybersecurity Awareness Month.

As a CISO, how do you know when you're getting through to the board and the C-suite?  One way is to look at the quality of the questions they ask you.  Are they learning?  This is just one of the questions Kevin Magee fields a lot during “CISO therapy,” a discipline he finds himself practicing more often as Chief Security Officer at Microsoft Canada. Aside from the technology components, the thing his “clients” want to talk about most is how to build, sustain and grow those all-important executive relationships. To conclude National Cybersecurity Awareness Month on the Catalyst, host Cheryl Stookes chats with Kevin about how CISOs can break through with boards and leadership.  He also dives into the cybersecurity skills shortage, which he names a symptom of too narrow an approach to finding candidates. Instead, he says, those seeking cybersecurity talent should look beyond the relatively small pool of technologists and consider backgrounds in psychology, criminology and law enforcement – that is, people who understand how cybercriminals think, behave and operate.  Universities and other training institutions have a part to play here, too. He discusses “reverse mentoring relationships” with younger members on the team. After all, the security leader's job is not to be the best technical problem-solver, but to define the problem and empower others to solve it.  Featuring: Kevin Magee, Chief Security Officer, Microsoft Canada The Catalyst by Softchoice is the podcast dedicated to exploring the intersection of humans and technology. This episode is brought to you by Microsoft's Workplace Security Solutions. See how Softchoice can help you get started with Zero Trust and fill every gap in your security infrastructure with Microsoft. Reach out to a Softchoice Solutions Specialist or visit softchoice.com/microsoft-zerotrust to learn about our custom workshops and services. 

October is National Cybersecurity Awareness Month. The FBI reported that North Carolina citizens lost $18 million in 2022, making it the ninth highest state for romance scams alone. We talk to two experts to learn how can we protect ourselves from the various cybercrimes that are so prevalent in today's society, from Zelle scams to phishing scams to the role AI plays in technology solutions. Show Notes: Marshmallo Dating App https://marshmallo.com/ SlashNext https://slashnext.com/ Co-writer: Erin Settlemier

In the final instalment in our Cyber Voices series, Associate Amy-Rose Hayden speaks to Vishvas Nayi, Head of Cyber Operations at CyberQ, about the biggest takeaways from National Cyber Security Awareness Month and the advice he would give to a board of directors on how best to manage cyber risks.

In the second episode of our 3-part Halloween series, Grant Schneider, Senior Director of Cybersecurity Services at Venable and former federal CISO, discusses the frightening implications of insider threats, how we are protecting critical infrastructure, and what it was like working on cybersecurity in the White House under both President Obama and President Trump.Key Topics00:03:59 Increased consequences led to rise of cybersecurity00:08:47 Insider threat, screening, hiring, malicious actor, Manning, Snowden00:09:53 Snowden challenges legality of government surveillance00:15:00 Adversary gains access, steals information, demands ransom00:19:19 Different levels of readiness present challenges00:23:15 Helping clients & coalitions for cybersecurity policy00:24:58 Consistency in technology and cybersecurity under past presidents00:27:47 Cybersecurity is like warfare or terrorism00:32:30 AI tools and data drive persuasive information00:34:50 National Cybersecurity Awareness Month raises awareness on cybersecurity and encourages action to protect businesses00:42:40 Diversity of experiences leads to career growth00:44:01 Adaptive, willing, and able to learnIntroduction to National Cybersecurity Awareness MonthPurpose of Raising Awareness About CybersecurityGrant explained that one of the great things about National Cybersecurity Awareness Month is exactly raising awareness and providing an opportunity to hopefully spend time thinking about and discussing cybersecurity. He noted that for organizations already focused on cybersecurity daily, the awareness month may not raise their awareness much more. However, many organizations don't constantly think about cybersecurity, so for business leaders and executives who may now recognize the existential threat a cyber incident poses, the awareness month offers a chance to have important conversations they may have previously avoided due to lack of understanding.National Cybersecurity Awareness Month: "You're only one bad kind of cyber incident away from your organization not existing anymore."— Grant SchneiderOpportunities for Organizations to Have Conversations About CybersecurityAccording to Grant, leaders who don't grasp cybersecurity risks may personally fear initiating conversations to ask what the organization needs to do to address risks. National Cybersecurity Awareness Month provides an opportunity for these leaders to have the necessary conversations and gain education. Grant said the awareness month is a chance to discuss basics, like implementing multifactor authentication, patching and updates. He observed that much of the content produced for the awareness month focuses on cybersecurity fundamentals, so it allows organizations to dedicate time to shoring up basic defenses. Overall, Grant emphasized National Cybersecurity Awareness Month facilitates essential cybersecurity conversations for organizations and leaders who otherwise may not prioritize it consistently.Evolution of Insider Threat in the Intelligence CommunityScreening Out Bad Actors During the Hiring ProcessGrant explains that in the early days of his career at the Defense Intelligence Agency (DIA), insider threat mitigation focused on screening out bad actors during the hiring process. The belief was that malicious insiders were either people with concerning backgrounds trying to get hired, or nation-state actors attempting to plant individuals within the intelligence community. The screening process aimed to identify and reject potentially problematic candidates.Nation-State Actors Planting Individuals Within the CommunityHe mentions the...

Welcome to Trowers & Hamlins' Cyber Voices Series, a dynamic exploration of all things cybersecurity, in celebration of National Cyber Security Awareness Month. Join us as we engage with the brightest minds, experts, and leaders in the field, offering insights, best practices, and the latest trends to help you stay safe in our digitally connected world. In the first episode, Partner Charlotte Clayson speaks to Dean Armstrong KC from Maitland Chambers about the current threats and opportunities for the UK cyber security sector.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Pamela Hans of Anderson Kill on the many aspects of Cybersecurity, including who is responsible for it. (If you have a networked device, it's you!) The discussion covers the effects of the new SEC ruling requiring many companies to report a cybersecurity event within four days of discovering that a material event has occurred, and what that means to you and your organization. Justin and Pamela also review her presentation at the RIMS Canada Conference 2023 and how a potential problem became a fun opportunity.   Lots to cover in today's episode. Let's get to it.   Key Takeaways: [:01] About RIMScast. [:14] Register for the RIMS ERM Conference 2023, which will be held in Denver, Colorado on November 2nd–3rd. RIMS will also host an ERM-based tour of Ball Arena in Denver on November 1st. Limited seating is available. Visit RIMS.org/ERM to register and listen to this episode to hear the code for 10% off your registration! [:41] About today's episode on cybersecurity and presentation skills with Pamela Hans of Anderson Kill. [1:01] All about exciting, upcoming RIMS events! Would you like funding to hire a risk management intern in 2024? If so, take a moment to apply for a Spencer Internship Grant. The application form will close on October 15th. The link is in this episode's notes. [1:28] If you will be attending RISKWORLD 2024 in San Diego, California, take a moment to sign up as a volunteer judge in the Spencer-RIMS Risk Management Challenge 2024. This is our annual international student competition. Full details can be found on the Spencer website at Spencered.org. Get involved; participate. We want to see you there! [1:52] Head to the RIMS.org/Advocacy page to register for The RIMS Legislative Summit, which is returning to Washington, D.C. on October 25th and 26th. [2:04] The RIMS ERM Conference 2023 will be held November 2nd and 3rd in Denver, Colorado. On November 1st, RIMS is hosting an ERM-based tour of Ball Arena, where the Denver Nuggets and Denver Avalanche play. There is limited seating. Register at RIMS.org/ERM2023. At checkout, type code 2023RIMSCAST for 10% off registration! [2:52] The ERM Conference 2023 will be different than years past. We've got some great changes. Book your travel plans now! RIMS will host a Post-conference Workshop for the RIMS CRMP from 9:00 to 4:00 MT on November 4th and 5th. Save $100 when you register for the conference and workshop in one transaction. Links are in the notes. [3:24] It is October; it's cybersecurity awareness month in the U.S. and several other areas of the world and that's why I'm so excited to introduce our guest, Pamela Hans, managing shareholder of the Philadelphia office of the law firm Anderson Kill. She focuses on insurance coverage, which includes cyber. [3:45] We're going to talk about cyber trends. I met Pamela at the RIMS Canada Conference in Ottawa last month where she was delivering a session on “Getting the Deal Done.” We're also going to hear her tips on how to handle the curveballs that might be thrown at you ahead of a live presentation and how to turn them into opportunities. [4:16] Justin met Pamela Hans of Anderson Kill on the last day of the RIMS Canada Conference 2023 when she was hosting a session. Pamela knows cybersecurity and October is National Cybersecurity Awareness Month in the U.S. [5:57] The trend of the phone calls Pamela gets is all about ransomware. A threat actor freezes up the system, completely takes control, and demands a ransom in return for a description key. But the trend in cybersecurity is data breaches to steal personal data. Recently Topgolf, Freecycle, Forever21, Duolingo, and Discord.io suffered breaches. [6:41] Those are just a few examples of cybersecurity incidents where personal sensitive data has been grabbed by the threat actor, with threats to use the data to do more damage to the individuals whose data was taken. [7:03] Pamela has also seen distributed denial of service attacks. The army of bots seems to be increasing in number while the cost is decreasing to rent a bot to execute a distributed denial of service attack. [7:50] When there is an exfiltration of personal data, that data can be used by the threat actor to do more damage to the individuals by impersonating the user and fraud. [8:29] Pamela addresses the SEC rules on the disclosure of cybersecurity events and the annual obligation imposed on publicly traded and registered companies to disclose their cybersecurity governance. That has an impact on the company and its stock price. The public may then decide which companies to trust by their cybersecurity protocols. [9:30] Justin refers to the RIMScast episode with Hilary Tuttle on the SEC cybersecurity reporting rules. They discussed the four-day reporting rule. Four days after the company finds out they were attacked in a material fashion they have to report the breach. [10:09] Pamela notes that a material breach is one that investors would want to know about before investing in the company, as the breach may affect the value of the stock and the company. This is an important SEC rule on cybersecurity governance. [11:41] Risk professionals should be asking questions about this rule now. Prepare to make these required reports. Run tabletop exercises with your response team. Ascertain now what “material,” in the cyber context, looks like to your company. Getting ready now is important, for when you experience a cybersecurity event. [13:23] Pamela speaks about the need for cybersecurity awareness. Any individual can be the gateway to a cybersecurity event. Everyone who has a device needs to be aware of cybersecurity risks to help prevent infiltration by cybercriminals of our phones, laptops, and businesses. [14:54] Cybersecurity is as simple as multi-factor authentication. Don't give away your passwords. Be thinking about cybersecurity, Don't click on the puppy dog. [15:58] Justin presents a special message from Bob Roitblat in case you missed his RIMScast episode. [16:16] Bob Roitblat is excited to be the keynote speaker for the RIMS ERM Conference 2023, in Denver, on November 2nd and 3rd. His keynote is “Elevate, Revolutionize, Maximize: Harnessing Innovation's Promise.” Bob reveals what to expect and asks you to bring your “A game,” be ready to ask questions and interact to get value. [17:34] Go to RIMS.org/ERM2023 to register. If you enter the code 2023RIMSCAST at checkout, you will get 10% off your registration! It's value with a discount! Bob looks forward to helping you elevate and evolve your risk management processes and your career! Be there in Denver, November 2nd and 3rd! Links are in the show notes. [18:36] Pamela reviews her career path, with degrees in civil engineering and then law school. She knew she wanted to solve technical problems for companies. Cybersecurity is a natural fit for her background. Cybersecurity is everywhere. [21:07] Pamela foresees two things from these new reporting rules. One will be SEC subpoenas to companies for information about their cybersecurity reporting and governance. Another will be shareholder scrutiny and lawsuits around failure to disclose or poor evaluation of materiality. The rule is self-enforcing through shareholder suits. [22:35] Pamela predicts we'll see more D&O coverage activity because of this rule. Risk professionals need to be looking at that when renewing or placing new D&O coverage, asking their brokers about the impact of the new SEC requirement around disclosure and materiality. Risk managers will need to explain this if there is a subpoena or claim. [23:52] Risk managers also need to be thinking of looking across the entire insurance program, to see which insurance policies may respond in the event of an SEC subpoena or a claim related to disclosure. Now is the time to prepare for what may be coming. [24:40] Pamela says risk professionals need to ask their insurance broker what is new in their policy since last year. Are there new endorsements or policy language? New policy language or endorsements for 2024 will be enormously important. Risk managers should also run tabletop exercises with the insurance pre-approved response team. [26:53] Risk professionals should look at your policies now to see what policies will respond if you have an SEC claim and what the policy limits are. Your policies need to be on paper, not on your computer network, and not named “Cyber Policy 1,” or “Cyber Policy 2,” where threat actors can find and read them on the network. [27:54] RIMS plug time! Sponsor an episode of RIMScast! Contact us at pd@rims.org. Justin is pleased, humbled, and excited to announce that RIMS and RIMScast have won the 2023 Excellence in MarCom Award on October 24, 2023, from the New York Society of Association Executives (NYSAE)! [28:41] On Friday, November 10th, from 10 to 11, NYSAE is presenting a virtual program called ”Podcasting — A Revenue Stream for Your Association.” Justin is honored to be one of the panelists. A link is in this episode's notes. [28:57] Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. Our friend Elise Farnham returns on October 24th and 25th to lead the two-day course Fundamentals of Risk Management. [29:20] Our friend Chris Hansen was recently on RIMScast. He will be leading Managing Worker Compensation, Employer's Liability, and Employment Practices in the US on November 7th and 8th. Be sure to register for that course! Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register! [29:49] On October 12th, AXA XL returns to present Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals. [30:06] On October 26th, our friends from Zurich return to present a session on PFAS,  Forever Chemicals, and PFAS Litigation. On October 31st, Resolver returns to present Building Your Business Case for GRC Software in 2024. Metrics That Matter has Enhanced Decision-Making Across Your Cybersecurity Program on November 7. [30:36] There is a lot of great educational content for you in the next month. Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members. [31:08] About Pamela Hans presenting the last session on the last day of the RIMS Canada Conference 2023. The session was “Do You Want to Get the Deal Done? Obstacles and Opportunities in Contract Negotiation.” She had a packed house for the session. She discussed deal-breakers and opportunities. [33:58] You have tools as a risk professional to deal with risk transfer provisions you might not want. The session talked about how to make insurance work for you in this context and how to indemnify a counterparty that is 10,000 times larger than you. How can your insurance respond to make these provisions opportunities, not deal-breakers? [35:03] People left the session with ideas about what to ask their insurance broker and the business side, to know what they should be ready for. [36:09] Pamela was scheduled to present with two co-presenters but neither of them could attend. For Pamela, it was an opportunity to have fun with the people who were in the room. Presentations are better when they are conversations with the people in the room. It was terrific! [38:34] Justin suggests if you are going to present and your co-presenters back out, look at it as an opportunity. If you need additional materials get them from the organization you represent, but be confident you can do 20 minutes by yourself. Open it up to Q&A and that will take care of a lot of dialog. Pamela went past 60 minutes. [39:18] Justin fell asleep twice in the 17-minute flight back to the U.S. He was disappointed the flight attendant didn't wake him! [40:54] Special thanks to Pamela Hans of Anderson Kill for joining us on RIMScast for National Cybersecurity Awareness Month coverage. The session handout from her RIMS Canada Conference session, “Do You Want to Get the Deal Done?” is available via the RIMS Canada Conference 2023 Attendees Service Center. See link in show notes. [41:16] Go to the App Store on your phone and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS app! [41:36] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate! Contact pd@rims.org for more information. [42:17] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store. [42:41] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [42:56] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:17] Justin thanks you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS ERM Conference 2023 | Nov 2–3 in Denver, CO! Enter 2023RIMSCAST at checkout for 10% off registration! NEW FOR MEMBERS! RIMS Mobile App RIMS Legislative Summit — Oct 25 & 26, Washington, D.C. RIMS-Certified Risk Management Professional (RIMS-CRMP) Dan Kugler Risk Manager on Campus Grant Spencer Educational Foundation — Hire A Risk Intern 2024 | Deadline Oct. 15, 2023 Spencer-RIMS Risk Management Challenge 2024 — Be a Case Study or Join Judging Panel! “Do You Want To Get The Deal Done?” — Session handouts still available via the RIMS Canada Conference Attendee Service Center RIMScast to receive the 2023 Excellence in MarCom Award from the New York Society of Association Executives (NYSAE)! “NYSAE Webinar: Podcasting — A Revenue Stream for Your Association” RIMS Webinars: Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals | Sponsored by AXA XL | Oct. 12, 2023 PFAS Forever Chemicals — Regulations, Litigation, New Technologies | Sponsored by Zurich | Oct. 26, 2023 Building Your Business Case for GRC Software in 2024 | Sponsored by Resolver | Oct. 31, 2023 Enhance Decision-Making Across Your Cybersecurity Program | Sponsored by Metrics That Matter | Nov. 7, 2023 RIMS.org/Webinars Upcoming Virtual Workshops: Claims Management | Oct 10–11 Fundamentals of Risk Management | Oct 24–25 Managing Worker Compensation, Employer's Liability and Employment Practices in the US | Nov 7 See the full calendar of RIMS Virtual WorkshopsAll RIMS-CRMP Prep Workshops Related RIMScast Episodes: “Harnessing Innovation's Promise with ERM Conference Keynote Bob Roitblat” ‘Cybersecurity Reporting Updates with Hilary Tuttle of Risk Management Magazine” “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff” “Genuine Generative AI Talk with Tom Wilde of Indico Data” “Getting to Know Jackware with Dan Healy of Anderson Kill” Sponsored RIMScast Episodes: “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response (New!) “Cyberrisk Outlook 2023” | Sponsored by Alliant (New!) “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster “Technology, Media and Telecom Solutions in 2023” | Sponsored by Allianz “Analytics in Action” | Sponsored by Alliant “Captive Market Outlook and Industry Insights” | Sponsored by AXA XL “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL “How to Reduce Lithium-Ion Battery Fire Risks” | Sponsored by TÜV SÜD “Managing Global Geopolitical Risk in 2022 and Beyond” | Sponsored by AXA XL RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars Risk Management Magazine Risk Management Monitor RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Roland Teo! Spencer Educational Foundation RIMS DEI Council RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play RIMS Buyers Guide   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org and listen on Apple Podcasts. Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn   About our guest, Pamela Hans LinkedIn Pamela HansSenior Shareholder, Cyber practice Pennsylvania office of Anderson Kill   Tweetables (Edited For Social Media Use): Consumers are giving their personal information to a company they want to do business with and then that company is attacked and the individual's information can be used by the threat actor to do more damage to the individual by way of fraud. — Pamela Hans   A material breach is one that investors would want to have information about that might influence their decision to buy or not to buy a stock, because it may impact the value of the stock and the value of the company going forward.— Pamela Hans   Risk professionals should look at your policies now to understand what policies will respond if you have an SEC claim because of the reporting requirement and what the policy limits are. What are the requirements of notice? — Pamela Hans

Each October, National Cybersecurity Awareness Month provides a timely reminder that criminals are trying to steal information and money from small businesses and their customers. Cybercrime u on the rise, and 60% of small businesses that experience a cyberattack go out of business within 6 months. That's why it's important to take proactive measures to protect data (and your business) from criminals.Cybersecurity expert Mike Caralis of Verizon Business jins Mark Alyn to offer essential tips for keeping small businesses safe from criminals. Learn how to implement cybersecurity practices, bolster cyber hygiene, and safeguard against threats. Plus, see the new technology, solutions and resources now available to help small businesses protect themselves.

Each October, National Cybersecurity Awareness Month provides a timely reminder that criminals are trying to steal information and money from small businesses and their customers. Cybercrime u on the rise, and 60% of small businesses that experience a cyberattack go out of business within 6 months. That's why it's important to take proactive measures to protect data (and your business) from criminals.Cybersecurity expert Mike Caralis of Verizon Business jins Mark Alyn to offer essential tips for keeping small businesses safe from criminals. Learn how to implement cybersecurity practices, bolster cyber hygiene, and safeguard against threats. Plus, see the new technology, solutions and resources now available to help small businesses protect themselves.

It's National Cybersecurity Awareness Month. This week, we'll pay a visit to the good folks at CISA.gov for a list of tips to keep businesses safe and a list to keep individuals safe. Tell a friend! It's Checklist No. 346, brought to you by SecureMac. Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

October is National Cybersecurity Awareness Month, and Mike Caralis, nationally renowned cybersecurity expert with Verizon, shared important information on how individuals and small businesses can keep their information safe from criminals.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. Justin is delighted to welcome innovation thought leader Bob Roitblat to RIMScast. Bob is the keynote speaker at RIMS ERM Conference 2023. He speaks about his keynote, “Elevate, Revolutionize, Maximize: Harnessing Innovation's Promise.” Bob shares how innovation ties into strategy and risk, and how you can harness the great potential of innovation through careful strategy and risk management. Bob is an engaging speaker who asks his audience to be prepared to participate and learn. Get set for a dynamic keynote presentation on harnessing innovation's promise for your organization!   Key Takeaways: [:01] About RIMScast. [:14] Register for the RIMS ERM Conference 2023, which will be held in Denver, Colorado on November 2nd–3rd. RIMS will also host an ERM-based tour of Ball Arena in Denver on November 1st. Limited seating is available. Visit RIMS.org/ERM to register and listen to this episode to hear the code for 10% off your registration! [:41] About today's episode with RIMS ERM Conference 2023 keynote Bob Roitblat. [1:01] All about exciting, upcoming RIMS events! Would you like funding to hire a risk management intern in 2024? If so, take a moment to apply for a Spencer Internship Grant. The application form will close on October 15th. The link is in this episode's notes. [1:27] If you will be attending RISKWORLD 2024 in San Diego, California, take a moment to sign up as a volunteer judge in the Spencer-RIMS Risk Management Challenge 2024. This is our annual international student competition. Full details can be found on the Spencer website at Spencered.org. Get involved; participate. We want to see you there! [1:51] Head to the RIMS.org/Advocacy page to register for The RIMS Legislative Summit, which is returning to Washington, D.C. on October 25th and 26th. [2:03] The RIMS ERM Conference 2023 will be held November 2nd and 3rd in Denver, Colorado. On November 1st, RIMS is hosting an ERM-based tour of Ball Arena, where the Denver Nuggets and Denver Avalanche play. There is limited seating. Register at RIMS.org/ERM2023. At checkout, type code 2023RIMSCAST for 10% off registration! [2:51] The ERM Conference 2023 will be different than years past. We've got some great changes. Book your travel plans now! RIMS will host a Post-conference Workshop for the RIMS CRMP from 9:00 to 4:00 MT on November 4th and 5th. Save $100 when you register for the conference and workshop in one transaction. Links are in the notes. [3:21] Bob Roitblat is a multiple business owner and well-known TEDx speaker. Bob will kick off the RIMS ERM Conference 2023 on November 2nd with his keynote, “Elevate, Revolutionize, Maximize: Harnessing Innovation's Promise.” Bob is very engaging and I am looking forward to the energy he will bring to the keynote address on November 2nd! [4:30] Bob Roitblat has started a dozen companies. Each company focused on three areas: innovation, strategy, and risk. The three areas are closely tied together. You can't be successful in one without the other two. It's a three-legged stool. [5:03] Bob describes innovation as doing something new and different that makes a difference. It could be new products or services, a new business model, or a new organizational structure. It's something that you haven't done before that will make a difference to your organization. (A positive difference, preferably!) [6:00] Most of the time when people innovate within an organization, they don't call attention to it, they just run more efficiently. Amazon is a huge logistics company that runs smoothly. They spend billions on innovation. They bought a robotics company to have robots to deliver products on schedule. [6:28] There is also the innovation of developing products and services for external consumption by customers. Bob cites Zia Chisti, who invented Invisalign braces. Orthodontia hadn't changed for 100 years until a Stanford student wanted to change the experience of braces. Within 10 years, he completely altered orthodontia. [7:20] Richard Montañez, a janitor who worked for Frito-Lay, invented Flaming Hot Cheetos. He altered the landscape for focus marketing. He went after a segment of the market people didn't think to go after. Now we're not just marketing to people but to segments of those people. Richard retired as the VP of Multicultural Affairs at Pepsico. [10:05] Bob describes the upcoming influence of AI digital workers on innovation. In terms of efficiency, we are underselling the capabilities of digital workers. Let's elevate our perspective. How do we use digital workers to drive the top line, open new markets, and address new submarkets like Montañez did? [11:44] Software bots may or may not use AI but they are digital workers. [11:57] RIMS plug time! Sponsor an episode of RIMScast! Contact us at pd@rims.org. Justin is pleased, humbled, and excited to announce that RIMS and RIMScast have won the 2023 Excellence in MarCom Award on October 24, 2023, from the New York Society of Association Executives (NYSAE)! [12:41] On Friday, November 10th, from 10 to 11, NYSAE is presenting a virtual program called ”Podcasting — A Revenue Stream for Your Association.” Justin is honored to be one of the panelists. A link is in this episode's notes. [12:57] Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. October 2nd is the last day to register for Applying and Integrating ERM, a two-day course on October 3rd and 4th, led by Elise Farnham. On October 10th and 11th, our friend Gail Kiyomura will host a two-day workshop on Claims Management. [13:28] Our friend Chris Hansen was recently on RIMScast. He will be leading Managing Worker Compensation, Employer's Liability, and Employment Practices in the US on November 7th and 8th. Be sure to register for that course! Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register! [13:56] On October 12th, AXA XL returns to present Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals. [14:10] On October 26th, our friends from Zurich return to present a session on PFAS,  Forever Chemicals and PFAS Litigation. Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members. [15:11] Bob's November 2nd keynote preview: Imagine that innovation is a lake. It's full of potential. Unless you harness that flow in some way, you can't take advantage of it. Your strategy is a dam. You set it so the flow doesn't wipe out the town below. That's good risk avoidance. [15:57] Maybe your strategy is to use irrigation pipes to make the surrounding land tillable and farmable. That generates revenue. Maybe your strategy is a hydroelectric plant inside the dam and generate electricity to sell. Unless you have a strategy to extract value from your lake of innovation, it only has potential value. [16:46] The theme of the keynote is how to build your dam strategy to extract value from the innovation that you can identify. [17:11] Bob says to attend the keynote and be prepared to participate! It will not be a one-way data dump! You won't be bored! There will be a QIOS session. Bob won't have all the answers, but he'll answer your Questions with Ideas, Opinions, and Suggestions! Let's start the conversation! [18:00] With Bob's keynote and the following sessions by other speakers, the people who show up will be overloaded with value, and knowledge, and be prepared to go back to their organizations and “take over the world.” [18:29] Bob uses lots of images in his keynote, produced by Gen AI and edited in Photoshop and enhanced with Adobe Illustrator. But digital isn't always the answer. Sometimes analog images are the best way. [19:47] October is National Cybersecurity Awareness Month. It's a subject of the Conference and Bob will address it. Listen in the keynote for the top ten innovations Bob thinks will have the biggest impact on Enterprise Risk Management. Two of the ten deal with cybersecurity. [20:12] Bob shares a point. If you sign up for ChatGPT and you want to have access to the latest LLM, it's a subscription of $20.00 a month. If you subscribe to FraudGPT, a chatbot that helps you hack into things and be fraudulent, you pay a subscription of $200 a month. Don't tell Bob that crime doesn't pay! [21:04] Bob's parting words: “If you see me in the hall, grab me, tell me what you want to talk about. If you disagree with me, please speak up, let's have the conversation. And I've already changed my airfare to stay a little longer 'cause I just saw a new session popped up that I want to go to! So this will be the event of the season! Let's do it!” [21:26] Special thanks again to Bob Roitblat, our RIMS ERM Conference 2023 keynote speaker for joining us. Register today at RIMS.org/ERM2023. You get to hear Bob first thing in the morning on November 2nd and you'll have the chance to connect with him after the keynote, possibly in some other sessions. Links are in the show notes. [21:49] Go to the App Store on your phone and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS app! [22:08] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate! Contact pd@rims.org for more information. [22:50] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store. [23:13] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [23:29] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [23:49] Justin thanks you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS ERM Conference 2023 | Nov 2–3 in Denver, CO! Enter 2023RIMSCAST at checkout for 10% off registration! NEW FOR MEMBERS! RIMS Mobile App RIMS Legislative Summit — Oct 25–26, Washington, D.C. RIMS Western Regional — Oct 4–6, Vail Colorado RIMS-Certified Risk Management Professional (RIMS-CRMP) Dan Kugler Risk Manager on Campus Grant RIMScast to receive the 2023 Excellence in MarCom Award from the New York Society of Association Executives (NYSAE)! “NYSAE Webinar: Podcasting — A Revenue Stream for Your Association” Spencer Educational Foundation — Hire A Risk Intern 2024 | Deadline Oct. 15, 2023 Spencer-RIMS Risk Management Challenge 2024 — Be a Case Study or Join Judging Panel! RIMS Webinars: Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals | Sponsored by AXA XL | Oct. 12, 2023 PFAS Forever Chemicals — Regulations, Litigation, New Technologies | Sponsored by Zurich | Oct. 26, 2023 RIMS.org/Webinars Upcoming Virtual Workshops: Claims Management | Oct 10–11 Managing Worker Compensation, Employer's Liability and Employment Practices in the US | Nov 7 See the full calendar of RIMS Virtual WorkshopsAll RIMS-CRMP Prep Workshops Related RIMScast Episodes: The Future of AI and Work with Sinead Bovell Live from the RIMS ERM Conference 2022 Risk and Leadership with Lt. Gen. (ret) Roméo Dallaire Genuine Generative AI Talk with Tom Wilde of Indico Data ERM in Banking & Finance with Eleni Willis Security Risks and Implementing ERM with Kelly Johnstone Emerging Risks and Board Reporting with Suzanne Christensen ERM at the Veterans Benefits Administration Sponsored RIMScast Episodes: “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response (New!) “Cyberrisk Outlook 2023” | Sponsored by Alliant (New!) “Chemical Industry: How To Succeed Amid Emerging Risks and a Challenging Market” | Sponsored by TÜV SÜD “Insuring the Future of the Environment” | Sponsored by AXA XL “Insights into the Gig Economy and its Contractors” | Sponsored by Zurich “The Importance of Disaster Planning Relationships” | Sponsored by ServiceMaster “Technology, Media and Telecom Solutions in 2023” | Sponsored by Allianz “Analytics in Action” | Sponsored by Alliant “Captive Market Outlook and Industry Insights” | Sponsored by AXA XL “Using M&A Insurance: The How and Why” | Sponsored by Prudent Insurance Brokers Ltd. “Zurich's Construction Sustainability Outlook for 2023” “Aon's 2022 Atlantic Hurricane Season Overview” “ESG Through the Risk Lens” | Sponsored by Riskonnect “A Look at the Cyber Insurance Market” | Sponsored by AXA XL “How to Reduce Lithium-Ion Battery Fire Risks” | Sponsored by TÜV SÜD “Managing Global Geopolitical Risk in 2022 and Beyond” | Sponsored by AXA XL RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars Risk Management Magazine Risk Management Monitor RIMS-Certified Risk Management Professional (RIMS-CRMP) RIMS-CRMP Stories — New interview featuring Roland Teo! Spencer Educational Foundation RIMS DEI Council RIMS Events, Education, and Services: RIMS Risk Maturity Model® RIMS Events App Apple | Google Play RIMS Buyers Guide   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org and listen on Apple Podcasts. Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest, Bob Roitblat Roitblat.com   Tweetables (Edited For Social Media Use): Imagine that innovation is a lake. It's full of potential. But unless you harness that water flow in some way, you're not going to be able to take advantage of it. So you're going to come up with a dam. Your strategy is a dam. — Bob Roitblat   The theme of the keynote is how to build your “dam strategy” to extract value from the innovation that you can identify. — Bob Roitblat   We're going to do a QIOS. … I don't have all the answers, but please, ask your Questions and I will share some ideas, give you my Opinions, and make some Suggestions! Let's start the conversation! — Bob Roitblat   If you subscribe to FraudGPT, a chatbot that helps you hack into things and be fraudulent, that subscription costs you $200 a month. So please don't tell me that crime doesn't pay! — Bob Roitblat

The latest incarnation of ABA's award-winning #BanksNeverAskThat anti-phishing campaign returns for National Cybersecurity Awareness Month in October. On the latest episode of the ABA Banking Journal Podcast — presented by Servbank — ABA's Amy Wertlieb talks about new resources this year, including a return of the popular scam quiz and an all-new consumer-facing site plus customizable resources in Spanish. Banks can register for free and use campaign materials all month or at any point during the year.  Learn more about #BanksNeverAskThat and register.

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime.  We need to look at Cybersecurity from a supply chain perspective, so dive in with one of the greatest in the industry!  In this episode, Ed Gaudet, CEO, and Founder of Censinet talks about healthcare cybersecurity supply chain risk management and how the HIC-SCRiM Guide can support organizations assess the risk they and their third-party vendors and suppliers can face to develop an action plan against attacks. Ed discusses why it's important to set up a plan to manage plausible attacks and some documents, resources, and tools that can help with that. Tune in to learn how to protect patient care and operations from cyber-attacks! Click this link to the show notes, transcript, and resources: outcomesrocket.health

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime.  Cybersecurity in telehealth is everyone's responsibility. In this episode, Saul Marquez talked with healthcare cybersecurity experts Christine Sublett and Mark Jarrett about cybersecurity in the current telehealth space. Ever since the COVID-19 pandemic, telehealth has been more widely accepted and practiced. As many benefits as it brings, it also comes with potential threats that must be addressed. Christine and Mark talk about how healthcare organizations need to make sure that the ecosystem used for the delivery of care needs secure data privacy for patients. Tune in to learn about the work Christine Sublett and Mark Jarrett have been doing to help healthcare organizations navigate the telehealth space safely and provide security for their users! Click this link to the show notes, transcript, and resources: outcomesrocket.health

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime.    Finding cybersecurity talent in healthcare is a challenge in and of itself. In this episode, Saul Marquez had a fruitful chat about cybersecurity talent with Matt McMahon, R&D Lead and Senior Product Manager for Cybersecurity with Philips, and Brandyn Blunt, senior Cybersecurity Specialist for Cybersecurity Assurance/Governance, Risk, and Compliance with Cleveland Clinic. Finding workforce talent for healthcare cybersecurity is a challenge that the sector is currently facing, and Matt and Brandyn share their thoughts on the issue, touching on education requirements, competing industries, and open-mindedness. They also discuss the Workforce Guide, a document they collaborated on to help healthcare organizations by providing ideas to build and retain a cybersecurity team. Cybersecurity professionals can come from any background, so Brandyn and Matt explain how to start by looking internally within organizations. Providing training for interested individuals successfully led them down a cyber path.   Tune in to this episode to learn how you can be part of the solution in facing the cybersecurity talent shortage!

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime.  Chris Reed, Debra Bruemmer, and Aftin Ross talk about the Medical Device and Health IT Joint Security Plan and how it could help organizations with their work and cybersecurity gaps related to medical devices. Click this link to the show notes, transcript, and resources: outcomesrocket.health

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. An ounce of prevention is worth a pound of cure.  In this episode, Christian Dameff and Jeff Tully, cybersecurity researchers, physicians, and co-founders of the CyberMed Summit, talk about subjects to consider in terms of cybersecurity in healthcare preparedness and safety. One could draw an analogy between our immune system and how the healthcare cyber system should behave, and that's exactly what doctors Dameff and Tully do to illustrate the actions the healthcare industry should be taking. They talk about the CyberMed Summit and how they've created a dynamic space to share information about what to look out for and be up to date to prevent cyber attacks. Cybersecurity is a patient safety issue, and therefore, they discuss why doctors and many other healthcare stakeholders should chime into this topic and how they are working to overcome the challenges that may come up on the road. Tune in to this episode to learn more about cybersecurity in healthcare and how to be more active in protecting it! Click this link to the show notes, transcript, and resources: outcomesrocket.health

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime.  Contract language is key to bringing cybersecurity to medical devices! In this episode, Saul Marquez chats with Dr. Jonathan Bagnall, the Cybersecurity Global Market Leader for Royal Philips Healthcare, about the Model Contract Language for Medtech Cybersecurity Document. He was part of developing this document where healthcare delivery organizations got together to establish the cybersecurity requirements for medical devices, forming partnerships with manufacturers with more trust and certainty of compliance. He discusses how contract language is a tool that, in the Medtech field, can create commitment without stifling innovation. Jonathan also explains how this document will improve medical devices' security by increasing performance, design, and maturity. Tune in to this episode to learn from Dr. Bagnall about the Model Contract Language for Medtech Cybersecurity Document! Click this link to the show notes, transcript, and resources: outcomesrocket.health

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Do you have a plan in case you are the victim of a cyber incident? In this episode, Kirsten Nunez, senior operations manager for emergency management and continuity at Intermountain Healthcare, and Lisa Bisterfeldt, cybersecurity and IT resiliency program manager, talk about the Operational Continuity Cyber Incident checklist they created to support the Incident Response Business Continuity Task Force under the Public Health Sector Coordinating Council Cybersecurity Working Group. Patients' safety is of the utmost importance and it is being increasingly cyber-threatened as so much in healthcare nowadays is done digitally. The OCCI checklist intents to provide guidance for response teams to undertake critical tasks that need to be completed during the first 12 to 24 hours of a cybersecurity event. Kirsten and Lisa discuss why they believe this tool is very important to have at hand, the reasoning behind its format, and how it is to be applied within the healthcare industry. Tune in to this episode to listen to this informative conversation that will help you be prepared against cyber threats! Click this link to the show notes, transcript, and resources: outcomesrocket.health

Paula Anderson spreads awareness for National Cybersecurity Awareness Month with some helpful tips! For more, visit: https://www.neighborscu.org/

The Department of Justice's collaboration with foreign law enforcement organizations has resulted in the disruption of a Russian malware operation. At CyberTalks, DOJ's Deputy Attorney General for National Security and Cyber Adam Hickey discusses how the partnership was able to disrupt this botnet. National Cybersecurity Awareness Month is about two-thirds over now. Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, explains at CyberTalks what his agency is emphasizing this month. The Department of Veterans Affairs is missing data it needs to gauge the health of its acquisition workforce. That data would help the agency understand who does what, and how. Shelby Oakley, director of contracting and national security acquisitions at the Government Accountability Office, explains what we now know about VA's acquisition workforce. The Daily Scoop Podcast is available every weekday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts, Spotify and Stitcher. And if you like what you hear, please let us know in the comments.

As the 2022 National Cybersecurity Awareness Months (NCSAM) unfolds with this years' theme "See Yourself In Cyber",  join Mike Storm for 4 segmented episodes of Unhackable as he discusses the  key steps for every person to execute this year as standard practice to protect their information and assets. This episode covers the fourth key step - Keeping your System Up-to-Date

To celebrate this week's National Cybersecurity Awareness Month theme, we have a special 101 episode of Talos Takes to cover the basics of threat hunting. This is a crucial skill for any cybersecurity professional-in-training and one of the questions we get the most often. Asheer Malhotra from the Talos Outreach team joins the show to talk about where he starts finding new malware families and threat actors, what the barriers usually are that he has to overcome and what check boxes he has to hit before he can talk about something publicly. For more on this topic, watch our "Threat Hunting 101" livestream from earlier this week here. 

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Let's watch each other backs and learn from our experiences in cyberspace! In this episode, Saul Marquez sits down to talk with Errol Weiss, Chief Security Officer at Health-ISAC, about today's cyber threats and what measures we can take to prevent them. Throughout this eye-opening conversation, Errol breaks down the three main reasons why cybercrime is committed and how it can impact any organization, but healthcare ones specifically. He explains what an ISAC is, why they were created, and how your organization can benefit from it by learning which are the threats and attacks in your industry. Additionally, Errol shares some examples of these cybercrimes that will make your jaw drop, so listen closely and learn from them. Tune in to this episode to learn about cyber threats and how you and your peers can protect each other from them!

In light of National Cybersecurity Awareness Month, BigCommerce Senior Application Security Engineer Francis Dong joins BigCommerce Manager of Product Marketing Airon White on the Make it Big Podcast to explore how businesses can guide their internal and external teams to become security champions. With this year's Cybersecurity Awareness Month theme of “See Yourself in Cyber,” this episode focuses on the human aspect of cybersecurity. At the end of the day, it's ultimately about people. Tune in to learn how you, too, can see yourself in cyber — no matter your role. Explore more BigCommerce cybersecurity resources: BigCommerce Blog BigCommerce Engineering Blog BigCommerce YouTube BigCommerce LinkedIn Security champion training: PentesterLab Secure Code Warrior PortSwigger Web Security Academy Security culture resources: 5 Steps to Engage Your Team in Information Security

It's National Cybersecurity Awareness Month, so it's the perfect opportunity to talk about security fundamentals. We're in discussion with two highly experienced Cisco security professionals who share some of their wisdom and best practices. Learn more from one of our guests in this video: https://www.youtube.com/watch?v=X9pkOr--wrg

Continuing our conversation of the key cyber security issues facing organisations for National Cyber Security Awareness Month, Partner Charlotte Clayson and Senior Associate Liz Mulley provide top tips on how to prepare for a potential attack. Joined by guests Neil Belton, Director of Technology Risk and Paul Kelly, Head of Cyber Services at business advisory service, Azets. They discuss best practices, current cyber security trends and the crucial role staff within organisations play in preventing cyber-attacks.

As the 2022 National Cybersecurity Awareness Months (NCSAM) unfolds with this years' theme "See Yourself In Cyber",  join Mike Storm for 4 segmented episodes of Unhackable as he discusses the  key steps for every person to execute this year as standard practice to protect their information and assets. This episode covers the third key step - Recognize and Report Phishing. 

On this month's episode of In The Loop, we're switching gears and talking all about cybersecurity. In honor of National Cybersecurity Awareness Month being celebrated in October, we're eager to discuss the importance of staying safe online. Joining us is Coweta-Fayette EMC's Computer Services Technician Jennifer Jones. Follow along to hear cybersecurity tips for our members, including how to avoid cybersecurity threats, and what a member should do if they have a questions about protecting themselves at home.

National Cybersecurity Awareness Month continues and in honor of it we interview global and industry recognized thought leader, Confidence Staveley. To name a few of her incredible accomplishments, Confidence has been recognized as Cybersecurity Woman of the Year in 2021 and 2022, she is a part of the U.S. State Department's International Visitors Leadership Program. Not to mention she has single handedly changed the future of so many young girls as it relates to their access to technology, education and security awareness. To learn more about Confidence, you can find her on all social media platforms: Linkedin, Twitter, InstagramTo learn more about her organization, Cybersafe Foundation and to donate to their incredible cause you can visit: https://cybersafefoundation.org/donate/Additional resources:CISA Security ResourcesCisco Secure's Cyberecurity Awareness Month PageIf you're inclined to share this episode with your community, please tag us!@Ciscosecure @techwithtaz @hazeburton #seeyourselfincyber #Ciscosecure #NCSAM

To celebrate National Cybersecurity Awareness Month, two one-time "security noobs" talk about their career trajectories and how they've grown to see themselves in cyber. Sammi Seaman and Jon Munshaw talk about their previous careers in library services and journalism, respectively, and how they applied some of those skills to cybersecurity. Other talking points include:Cybersecurity "ah ha!" moments.Not being afraid to ask questions.Free ways to expand one's cybersecurity knowledge.The importance of getting involved in local cybersecurity conferences and non-profits.

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. What are some basic things that we should be doing to combat prevalent threats that healthcare systems are facing? In this episode, Saul Marquez had a conversation full of valuable information with Erick Decker, Vice President and Chief Information Security Officer for Intermountain Healthcare, and Julie Chua, Director of the Governance, Risk Management, and Compliance division within the HHS Office of Information Security. Healthcare cybersecurity is in critical condition and so members of the healthcare industry and the Health and Human Services (HSS) have joined forces to improve it. After different task force research efforts were made, the Health Industry Cybersecurity Practices (HICP) document was published. Erick and Julie break down what this publication is all about, the process that took place to write it, and its importance as a manual to protect patient safety with cybersecurity. In the end, cyber safety is patient safety, let us not forget that. Tune in to this episode to learn about the Health Industry Cybersecurity Practices document that will help healthcare organizations and professionals keep their cybersecurity on point!

October is National Cyber Security Awareness Month. Although the issue is spotlighted right now, the truth is that attention needs to be paid to cyber security awareness every minute of every day. Hospitals and health systems can't afford to let down their guard for a moment, because the activities of cyber criminals never stop. In this podcast we have a unique opportunity to hear from a high level government leader whose job it is to defend the nation's critical infrastructure from cyber-attacks and other threats. Tasked with this extremely important mission, and here with us today, is Nitin Natarajan, Deputy Director for the Cybersecurity and Infrastructure Security Agency, or CISA. Nitin is a friend and colleague of John Riggi, who joined the AHA as national advisor for cybersecurity and risk after a nearly 30 year career with the FBI. In this podcast, John and Nitin discuss the biggest cyber and other threats facing health care and other infrastructure sectors; how they overlap; the role of CISA; and what health care providers can do to defend against the sophisticated cyber threats everyone faces.

As the 2022 National Cybersecurity Awareness Months (NCSAM) unfolds with this years' theme "See Yourself In Cyber",  join Mike Storm for 4 segmented episodes of Unhackable as he discusses the  key steps for every person to execute this year as standard practice to protect their information and assets. This episode covers the second key step - Using Complex Passwords. 

Azim Khodjibaev joins the show once again for the latest addition of "Days of our Ransomware." Jon and Azim talk about the recent LockBit 3.0 leaks and the drama surrounding them. Will other actors try to backpack off the leaked builder? Why is LockBit switching to triple extortion tactics now? And what other trends are going on in the ransomware landscape? This is the perfect place to get caught up on all things ransomware to head into the rest of National Cybersecurity Awareness Month. 

In Plain Sight is a Cybercrime Magazine podcast series brought to you by Conceal. In this episode, host Hillarie McClure is joined by Kelly Michaud, Senior Director of Marketing at Conceal, to discuss National Cybersecurity Awareness Month 2022, this year's theme of “See Yourself In Cyber,” and more. Conceal is a zero-trust network privacy and security company that disguises and protects your enterprise's online presence and privacy. To learn more about our sponsor, visit https://conceal.io

In recognition of the 19 annual National Cyber Security Awareness Month, The Outcomes Rocket Network has launched a 10-part podcast series to elevate Cyber Security Awareness in Healthcare on our main channel, the Outcomes Rocket Podcast. Partnering with leaders in healthcare cybersecurity in their capacity as members of the Health Sector Coordinating Council, the podcast aims to illuminate advances made in protecting critical healthcare infrastructure and patient safety, and areas that need further focus to put a stop to Cyber Crime. Let's get real about it: people can die as a result of a cyber-attack. It's not just a work of fiction in movies; it can happen in real life, so let's work on it! In this episode, Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council, talks about why cybersecurity is vital to protect the critical infrastructure that is healthcare. Kicking off a 10-part series on the matter due to October being Cyber Security Awareness Month, Greg points out why in today's digital world, healthcare faces risks that have to be averted in order to protect patient safety. Whether you're a patient, a clinician, or a professional in the cyber side of healthcare, cybersecurity affects you and you need to know how to keep yourself safe. Greg explains what this is and how the Health Sector Coordinating Council identifies and mitigates systemic threats and develops resources that can improve cybersecurity and patients' safety. Tune in to this episode to learn why organizations must work together in terms of cybersecurity to raise the bar for the whole healthcare industry!

October is National Cybersecurity Awareness Month in the US. This year, organizations want you to See Yourself in Cyber. What does that mean? Why do we do this? Is it even worth doing?!? We'll examine that and make YOU an honorary Cyber Champion on Checklist No. 298, brought to you by SecureMac.   Check out our show notes: SecureMac.com/Checklist And get in touch with us: Checklist@Securemac.com

Host Olivia Neal introduces Alvaro Vitta, Microsoft's Worldwide Public Sector lead for cybersecurity. October is National Cybersecurity Awareness Month and we're dedicating a set of Public Sector episodes to exploring this topic. Alvaro's first guest is Tom Burt, Corporate Vice President of Customer Security and Trust at Microsoft. Tom discusses working with the government in Ukraine on cyber defense and how public sector organizations can be better prepared for future attacks. Microsoft Public Sector Center of Expertise for more information and transcripts of all episodes Alvaro Vitta [host] | LinkedIn  Tom Burt [guest] | LinkedIn Discover and follow other Microsoft podcasts at aka.ms/microsoft/podcasts

As part of National Cyber Security Awareness Month we will be exploring the salient issues relevant to organisations from a cyber perspective. In this podcast, Associate Matt Whelan speaks to William Taaffe, COO at Lockdown Cyber Security where they discuss the reasons why secure communication is essential for businesses. They address the everyday risks businesses face when communicating both internally and externally as well as the changing nature of technology.

Cybersecurity Awareness Month is co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA). For more information about ways to keep you and your family safe. 1. Instagram fined 405M Euros for GDPR violations. 2. Google and Meta were fined a total of $72 million by South Korea's Privacy and Protection Commission for tracking behavior on other sites without consumer approval, then using that data for advertising. 3. The Internal Revenue Service acknowledged Friday that it had inadvertently exposed a batch of taxpayer information linked to some non-profits and other tax-exempt organizations, following a Wall Street Journal report that said as many as 120,000 individuals may have been affected by the error. 4. While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering. At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June. In both cases, the data was likely exposed inadvertently and as a result of human error. 5. China hopes to tighten its cybersecurity laws with higher fines for some violations. If the amendments are approved, fines for critical information infrastructure operators who use products or services that have not undergone security reviews could be 5% of revenue or 10 times their cost. 5. According to Acronis, ransomware losses worldwide are expected to surpass $30 billion by the end of 2023. 6. Lloyd's of London Ltd. has told insurers that nation-state attacks and related losses will be excluded from insurance coverage after 1Q 2023. A 2022 court ruling dashed insurers' hopes that “cyber war” exclusions would let them avoid payment for such losses. 7. Québec's personal information privacy act takes effect September 22, a provincial statute that supplements Canada's federal legislation, including the term “confidentiality incidents” and addressing biometric information. 8. Euractiv reports that the EC will introduce its proposal for a Cyber Resilience Act this week. The Act will address cybersecurity issues with consumer-connected devices. 9. UK - The Telecommunications (Security) Act 2021 (Commencement) Regulations 2022 have been made. They bring the Telecommunications Security Act 2021 (TSA) into force from 1 October 2022. The Electronic Communications (Security Measures) Regulations 2022 under the TSA will come into force on the same date. 10. After TikTok allegedly violated U.K. privacy regulations, the Information Commissioner's Office sent a notice of intent including a possible fine of £27 million. 11. California Governor Gavin Newsom has signed The California Age-Appropriate Design Code Act into law. The new legislation, signed by Newsom on September 15, 2022 and passed by the state congress in late August, will implement some of the strictest privacy requirements for children in the US, especially in relation to social media. 12. U-Haul International disclosed that it has experienced a data breach of names, drivers' licenses/state IDs but indicated no credit card or financial information was compromised. 13. A teenage cyberattacker gained full access to Uber's systems after impersonating an IT professional from the popular rideshare company to gain VPN access. 14. Congress is investigating Meta after The Markup discovered the tech giant's Pixel tool gathered information on users' private health records. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

As the Annual National Cybersecurity Awareness Months (NCSAM) unfolds with this years' theme "See Yourself In Cyber",  join Mike Storm for 4 segmented episodes of Unhackable as he discusses the  key steps for every person to execute this year as standard practice to protect their information and assets. This episode covers the first key step - Using Multi Factor Authentication. 

One in 4 US households has been a victim of cyber crime. In celebration of National Cybersecurity Awareness Month my guest Jeb Gebhart, shares tips for keeping your information safe and some of the most common cyber crimes in the marketplace today. Check to see if you have been involved in a security breach here: https://haveibeenpwned.com/ Comments? Questions? Email me: hello@realcharlotteliving.com Let's get social! solo.to/realcharlotteliving Stay up-to-date on new episodes and subscribe today! ---- Cheers! Kamilah Peebles Host and Content Creator Sign up for FREE info on weekend events: bit.ly/cltfun Let's get social! solo.to/realcharlotteliving

October is National Cybersecurity Awareness Month and this BONUS episode of SoundPractice highlights an interview with Julie Chua, PMP, CAP, CISSP, Director of Governance, Risk Management and Compliance Division of Health and Human Service's Office of Information Security. It follows a prolonged period of ransomware attacks on healthcare systems and providers. In fact, ransomware attempts, and attacks have been so severe and pervasive as to harden the cyber insurance markets. Medical devices, emails, laptops, personal phones, fax machines interconnected with billing systems or the hospital EHR – are all risks for healthcare organizations.  Director Chua provides sources of governmental assistance and useful recommendations. She makes a strong case for cyber being included in enterprise risk management planning and why cyber safety is also patient care and patient safety. This episode offers an important briefing on a critical issue by a high-ranking federal official. Resources mentioned by Director Chua may be found at https://healthcyber.mitre.org/wp-content/uploads/2021/03/405d-One-Pager.pdf.Learn more about the American Association for Physician Leadership at www.physicianleaders.org