POPULARITY
10 episodes with verizon dbir
4 episodes with verizon dbir
4 episodes with verizon dbir
2 episodes with verizon dbir
6 episodes with verizon dbir
2 episodes with verizon dbir
2 episodes with verizon dbir
2 episodes with verizon dbir
2 episodes with verizon dbir
The 2026 Verizon DBIR has arrived and the results are in... Even with a substantial increase in Exploitation of Vulnerabilities, All Credential Abuse is still the top initial access vector for breaches, which means the human is still the weakest link. Why haven't security awareness training and phishing campaigns worked? Robert Siciliano, Architect of of The Strategic Human Firewall™ at ProtectNow, joins Business Security Weekly to explore why humans, not hackers, are the ultimate deciding factor in organizational security. The industry needs to shift from security awareness to security appreciation. Robert will discuss: How you can build a culture that actually protects your people, your data, and your operations in an era of AI deception. Why most companies are still performing 'Security Theater'—checking boxes and hoping for the best—instead of driving genuine behavior change. How Trust and Denial quietly fuel most disasters, why interactive training is the only way to make the lessons stick, and how leaders can scale this entire framework without needing a Hollywood budget. Segment Resources: https://protectnowllc.com/ai-cyber-security-keynote-speaker/ In the leadership and communications segment, Should CEOs Be Held Personally Accountable for Cyber Attacks?, Placing communication at the center of every leadership transition, AI isn't solving cybersecurity workforce woes, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-453
The Verizon Data Breach Investigations Report (DBIR) is a postmortem of a year’s worth of cyber incidents and breaches, and a snapshot of how well organizations are responding to actual threats. Drew and JJ share highlights from the 2026 installment, including: For the first time, vulnerability exploits top the list for initial access What a... Read more »
The Verizon Data Breach Investigations Report (DBIR) is a postmortem of a year’s worth of cyber incidents and breaches, and a snapshot of how well organizations are responding to actual threats. Drew and JJ share highlights from the 2026 installment, including: For the first time, vulnerability exploits top the list for initial access What a... Read more »
The Monday Microsegment for the week of June 8. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. The White House puts AI security to the test. Passwords lose their starring role in cyberattacks. And IronWorm wriggles its way into npm packages. Plus, Aishwarya Ramani joins us to break down the takeaways from this year's Verizon DBIR. Head to The Zero Trust Hub: hub.illumio.com Get the Industry's First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification 2026 Verizon DBIR: https://www.verizon.com/business/resources/reports/dbir/
We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-385
SummaryIn this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical cybersecurity topics, including newly discovered Windows Zero Days, insights from Verizon's latest Data Breach Investigations Report, and a significant credential leak at CISA. They emphasize the importance of vulnerability management, the evolving threat landscape, and best practices for securing sensitive data. The conversation highlights the need for organizations to adapt quickly to emerging threats and implement robust security measures to protect against breaches.----------------------------------------------------YouTube Video Link: https://youtu.be/DtPgg2jQCyM----------------------------------------------------Documentation: https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html?m=1https://www.verizon.com/business/resources/T158/reports/2026-dbir-data-breach-investigations-report.pdfhttps://arstechnica.com/information-technology/2026/05/in-stunning-display-of-stupid-secret-cisa-credentials-found-in-public-github-repo/----------------------------------------------------Contact Us:Website: https://bluesecuritypod.comBluesky: https://bsky.app/profile/bluesecuritypod.comLinkedIn: https://www.linkedin.com/company/bluesecpodYouTube: https://www.youtube.com/c/BlueSecurityPodcast-----------------------------------------------------------Andy JawBluesky: https://bsky.app/profile/ajawzero.comLinkedIn: https://www.linkedin.com/in/andyjaw/Email: andy@bluesecuritypod.com----------------------------------------------------Adam BrewerTwitter: https://twitter.com/ajbrewerLinkedIn: https://www.linkedin.com/in/adamjbrewer/Email: adam@bluesecuritypod.com
We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves. Show Notes: https://securityweekly.com/asw-385
We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-385
We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves. Show Notes: https://securityweekly.com/asw-385
The Monday Microsegment for the week of June 1. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. Iran's MuddyWater group steps up espionage efforts — without making a splash A botnet built to hunt software developers has been taken offline. And nearly six million cruise ship passengers' data just went overboard. Plus, Aishwarya Ramani joins us to break down the takeaways from this year's Verizon DBIR. Head to The Zero Trust Hub: hub.illumio.com Get the Industry's First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification 2026 Verizon DBIR: https://www.verizon.com/business/resources/reports/dbir/
The 2026 Verizon DBIR is here — and one finding changes the conversation around cyber risk.For years, the industry has focused on identity as the primary attack surface. But according to the latest Data Breach Investigations Report, vulnerability exploitation has now overtaken credential abuse as the most common initial access vector in breaches.In this episode of Reimagining Cyber, Tyler Moffitt breaks down what the report really means for defenders, MSPs, and SMBs. He explores why attackers are moving faster than patch cycles, how AI is accelerating both exploitation and phishing, and why “identity vs. patching” is the wrong debate.He also unpacks:Why vulnerability exploitation surged to the top attack vectorHow AI is compressing the timeline from disclosure to attackWhy ransomware still dominates breach outcomesThe growing role of third-party and supply-chain riskWhy SMBs struggle most with patch management and visibilityPractical steps organizations should prioritize right nowWhat MSPs should be telling customers after this year's DBIRKey takeaway:“Identity is the new perimeter, but vulnerability management is still the unlocked window.”If you work in cybersecurity, IT, risk management, or support SMB environments, this episode delivers practical insight into where attackers are succeeding — and what organizations need to do next.#CyberSecurity #DBIR #Ransomware #PatchManagement #IdentitySecurity #AI #MSP #CyberRisk #VerizonDBIR #InfosecAs featured on Million Podcasts' Best 100 Cybersecurity Podcasts Top 50 Chief Information Security Officer CISO Podcasts Top 70 Security Hacking PodcastsThis list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
Hosts Brad Causey and Spencer Alessi break down the 2026 Verizon Data Breach Investigations Report, focusing on the findings that actually matter for IT and security teams.The biggest surprise: vulnerability exploitation has overtaken stolen credentials as the top initial access vector, accounting for 31% of attacks, while credential abuse dropped to just 13%. This completely flips the script on years of "identity is the new perimeter" thinking.Topics covered include:Vulnerability explosion and remediation crisis: Why there are too many vulnerabilities and not enough time for patching, with only 26% of CISA KEV vulnerabilities fully remediated (down from 38%)The patching time paradox: Median remediation time increased from 32 days to 43 days despite organizations initially getting faster at patching from 2022-2024Web application sprawl: How the push to cloud and SaaS has created massive attack surfaces organizations don't own and can't patchThe top 4 initial access vectors: Vulnerability exploitation, phishing, credential abuse, and pretextingRansomware economics shifting: 48% of breaches involved ransomware, but 69% of victims didn't pay and median payments dropped to $139,875Mobile phishing success: Mobile-centric phishing had 40% higher success rates than email phishing as users get better at spotting email threatsSocial engineering evolution: The human element appeared in 62% of breaches, with pretexting requiring different countermeasures than traditional phishingShadow AI explosion: 45% of employees are regular AI users on corporate devices (up from 15%), with 67% using non-corporate accountsAI data exfiltration: Shadow AI is now the third most common non-malicious insider risk, with source code being the top data type leakedMCP and IDE extension risks: Real-world examples including PocketOS having their entire production database deleted by Claude connected to a railway CLI MCPBrad and Spencer emphasize that while the threat landscape is shifting dramatically, the fundamentals still matter. Organizations need to get comfortable with not being able to patch everything and focus on what matters most.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpovFollow Spencer on social ⬇Spencer's Links: https://spenceralessi.comWork with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
The Monday Microsegment for the week of May 25. All the cybersecurity news you need to stay ahead, from Illumio's The Segment podcast. One compromised dev tool, 3800 stolen GitHub repos. Mythos is finding software bugs faster than humans can patch them. And the White House shelves a planned executive order on frontier AI models. Plus, hear what Christer Swartz declares as May's boo and bravo! Head to The Zero Trust Hub: hub.illumio.com Get the Industry's First Vendor-Neutral Zero Trust Certification: https://www.illumio.com/zero-trust-certification 2026 Verizon DBIR: https://www.verizon.com/business/resources/reports/dbir/
On this week's Security Sprint, Dave and Andy covered the following topics:Opening:• Misinformation, Deepfakes, and AI's Unwelcome Companions. This blog is part of Gate 15's blog series “Riding the Tiger: AI Threats and Opportunities”, highlighting the essential considerations for organizational leaders and security professionals. • Researchers warn of coordinated influence accounts amplifying synthetic AI-generated geopolitical narratives across social platforms • Bluesky Says Kremlin Is Hacking Its Platform to Spread Propaganda • Trump's AI executive order postponed. Here's why. & Trump's AI order sacks tech experts and sidelines safety testing • Pope Leo warns AI boom can give Big Tech and the people who run it too much power• Health-ISAC: Healthcare is scaling AI without the infrastructure to manage it • AT&T joins Cybersecurity Manufacturing Innovation Institute's C2-ISAC initiative - AT&T, and see Who's whispering in Trump's ear on Iran for more on C2-ISAC (“New ISAC in Town”) and lots of other articles sharing this announcement. • GAO: Critical Infrastructure Protection: EPA Needs to Ensure Water Systems Address Risks from Cybersecurity Threats • Ranking Member Lofgren's Opening Statement at Water Cybersecurity Hearing & Ranking Member Amos' Opening Statement at Water Cybersecurity Hearing • Tip of the Week – May 21, 2026 - WaterISAC Main Topics:2026 Data Breach Investigations Report - Verizon - 19 May 2026 • 2026 Verizon Data Breach Investigations Report finds third-party risk and credential abuse accelerating • Verizon DBIR: Vulnerability Exploits Overtake Credentials as Top Access Vector • What the 2026 Verizon DBIR Signals About Internet Intelligence and External Visibility • Verizon 2026 DBIR: 10 Takeaways You Should Know • Verizon DBIR finds vulnerability exploitation overtakes stolen credentials as top breach entry point for critical infrastructure • Patches take weeks. Exploits take hours. The 2026 DBIR makes the math brutal. San Diego Mosque Shooting and Extremism• San Diego Shooter So Alarmed Police in 2025, They Seized Father's Guns • CSIS: The San Diego Mosque Shooting Marks a Deadly First in the United States • ‘It's the Jews': San Diego mosque shooters decried ‘the universal enemy' in hate-filled manifesto • San Diego mosque shooter Caleb Vazquez's family breaks silence on terror attack, say autistic son was brainwashed online • Several people watched San Diego attack live on video calls, recordings show • Violent Neo-Nazi Ideology at the Heart of San Diego Attack • San Diego Mosque Shooting Another Symptom Of The “Great Replacement” Conspiracy Theory• San Diego Mosque Shooters' Apparent Manifestos Reveal Anti-Muslim Extremism • San Diego shooting suspects had manifesto, weapons cache: FBI • Father-of-eight killed in San Diego mosque shooting hailed as a hero • Imam blames anti-Muslim rhetoric for San Diego attack: ‘This is what we get' Quick Hits:• NOAA predicts below-normal 2026 Atlantic hurricane season – NOAA• Nine Practical Ideas to Strengthen Preparedness This Hurricane Season • Ebola: Worldwide Caution - U.S. Department of State • World Cup's Ebola factor • There is no Ebola vaccine for this outbreak. There won't be one soon. Here's why. • WHO chief says Ebola outbreak in Congo is ‘spreading rapidly' and upgrades risk assessment • Threat Actors Impersonate IC3 Employees to Defraud Victims - FBI IC3 • “First VPN Service” Used by Ransomware Actors to Compromise Systems - FBI IC3
Parce que… c'est l'épisode 0x743! Préambule L'enregistrement a été effectué à partir d'un lien Internet avec beaucoup de latence. J'ai corrigé du mieux que je peux. Shameless plug 14 au 17 avril 2026 - Botconf 2026 20 au 22 avril 2026 - ITSec Code rabais de 15%: Seqcure15 28 et 29 avril 2026 - Cybereco Cyberconférence 2026 9 au 17 mai 2026 - NorthSec 2026 3 au 5 juin 2026 - SSTIC 2026 19 septembre 2026 - Bsides Montréal 1 au 3 décembre 2026 - Forum INCYBER - Canada 2026 24 et 25 février 2027 - SéQCure 2027 Description Présentation de l'invité et de son entreprise Frédérik Bernard est président fondateur de Secur01, une entreprise québécoise spécialisée en cybersécurité depuis 12 ans. Dès sa fondation, l'objectif était clair : rendre la cybersécurité accessible aux PME. Si les grandes entreprises bénéficiaient déjà depuis longtemps de services spécialisés dans ce domaine, ce n'est que depuis environ cinq ans que les PME commencent à prendre conscience de l'importance de se protéger. Secure 01 accompagne aujourd'hui plus d'une centaine de clients actifs au Canada, aux États-Unis et en Europe. La cybersécurité, un domaine de spécialisation à part entière L'un des fils conducteurs de l'échange est la transformation profonde du secteur des technologies de l'information. Dans les années 2000, « faire du TI » signifiait tout à la fois : réparer des ordinateurs, installer des imprimantes, maintenir des serveurs, développer des sites web. Aujourd'hui, ces disciplines se sont fragmentées, tout comme le multimédia s'est autrefois détaché du reste de l'informatique. La cybersécurité suit exactement cette trajectoire. Les cadres de contrôle internationaux sont unanimes : les personnes qui gèrent les opérations TI au quotidien ne devraient pas être celles qui supervisent leur propre sécurité. La raison est simple et profondément humaine — on manque d'objectivité lorsqu'on évalue son propre travail. Frédérik Bernard fait le parallèle avec le monde du développement logiciel, où le contrôle qualité est depuis longtemps confié à des équipes distinctes de celles qui produisent le code. L'analogie médicale qu'il propose est particulièrement parlante : demander à un médecin généraliste d'opérer un cerveau n'a aucun sens, aussi compétent et bien intentionné soit-il. La cybersécurité, c'est la neurochirurgie des systèmes d'information. L'état du marché : moins d'attaques, mais plus dévastatrices Les rapports de référence du secteur — CDW, Verizon DBIR et autres — convergent vers un constat préoccupant : si le nombre d'attaques a légèrement diminué ces dernières années, leur portée et leur criticité ont explosé. Les attaquants passent de plus en plus de temps sur les réseaux compromis avant d'être détectés — parfois 20, 30 ou 40 jours —, le temps d'exfiltrer des centaines de gigaoctets de données sensibles. Ce constat est aggravé par une réalité de terrain que Frédérik Bernard rencontre régulièrement lors de réponses aux incidents : des équipes TI incapables de répondre à des questions élémentaires. À quoi sert tel serveur ? Quelles données y sont hébergées ? Quel est l'inventaire des machines actives sur le réseau ? Ces lacunes ne sont pas le résultat d'une mauvaise volonté, mais d'une surcharge chronique et d'un manque de spécialisation. Les équipes TI sont débordées, en retard de plusieurs semaines sur leurs projets, et la vague numérique post-COVID — télétravail, infonuagique, industrie 4.0 — n'a fait qu'amplifier cette pression. L'intelligence artificielle : accélérateur, pas substitut L'essor de l'IA dans le secteur est également abordé. Si les outils dopés à l'IA permettent effectivement de gagner du temps sur des tâches précises — comme l'analyse de journaux d'événements qui passait de 45 minutes à 2 minutes —, ils ne transforment pas pour autant un généraliste en expert de la cybersécurité. Entraîner un modèle à reconnaître des signaux d'alerte pertinents, le connecter à l'ensemble des sources de données d'un environnement, exige un investissement considérable en temps et en expertise. L'IA est un outil d'optimisation, pas une lampe magique. Les enjeux réglementaires et juridiques, un terrain miné La cybersécurité ne se joue pas seulement sur le plan technique. Frédérik Bernard soulève un point méconnu mais capital : au Québec, mener une réponse aux incidents — collecter des preuves, établir le récit d'une attaque — constitue légalement une activité d'investigation encadrée par la loi sur la sécurité privée. Seules les agences de sécurité privée disposant d'enquêteurs accrédités sont habilitées à exercer ces activités. De nombreux prestataires TI l'ignorent et s'y aventurent sans le savoir, s'exposant à des risques juridiques sérieux. Il cite un cas concret : un fournisseur TI ayant effacé toutes les preuves en débranchant physiquement les équipements lors d'une attaque par rançongiciel, puis rédigé un rapport désignant un tiers comme responsable, sans la moindre preuve. Le dossier s'est judiciarisé. Ce type de situation illustre à quel point l'absence de cadre professionnel peut nuire aux clients comme à l'ensemble de l'industrie. Vers une association professionnelle et un ordre professionnel C'est précisément pour répondre à ces dérives que l'association ITSec a été relancée avec une ambition politique claire : créer les conditions nécessaires à l'établissement d'un ordre professionnel en TI et en cybersécurité au Québec. L'objectif n'est pas de bureaucratiser le secteur, mais de lui donner les outils pour se défendre collectivement — un code de déontologie, des lignes directrices partagées, une voix crédible auprès des décideurs politiques et des médias. Le « beau frère » — cette figure du pseudo-expert qui branche une caméra sans fil et se proclame directeur TI — ne disparaîtra que lorsque l'industrie aura la capacité institutionnelle de dire « non » et de faire valoir ce qu'elle représente réellement : le Québec numérique, tenu à bout de bras, en coulisses, par des professionnels dont le travail reste largement invisible. Frédérik Bernard interviendra à deux reprises lors de la conférence ITSec. Le public est invité à assister à ses présentations pour approfondir ces sujets. Notes 20 au 22 avril 2026 - ITSec Code rabais de 15%: Seqcure15 [ITSec - Frédérik Bernard] (https://it-sec.ca/schedule-speaker/frederik-bernard/) Collaborateurs Nicolas-Loïc Fortin Frédérik Bernard Crédits Montage par Intrasecure inc Locaux virtuels par Riverside.fm
And, here's part 2 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's in the rest of the 2025 report? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
It's time for part 1 of our annual Verizon Data Breach Investigations Report (DBIR) review! What's new for 2025? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
「結局のところ、この報告書で取り上げた脅威のいくつかについては、回避するための簡単な方法、または絶対確実な方法は存在しません」と Veriszon は述べている。
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI
In this week's Security Sprint, Dave and Andy covered the following topics:Warm Open:• CISA gets a deputy director as it braces for major layoffs• FB-ISAO's Collaboration With Those Who are Lone Defenders• Crypto/Blockchain: o A Record-Breaking Year for Cybercrime: Key Findings from the FBI's 2024 IC3 Reporto Contagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio of Malware: BeaverTail, InvisibleFerret, and OtterCookieo XRP supply chain attack: Official NPM package infected with crypto stealing backdooro Risky Biz News - R0AR crypto-heisto Crypto ISAC: Ensuring The Security, Efficiency, and Resiliency Of Cryptoo The Gate 15 Interview EP 57 – Adriana Villasenor on info sharing, resilience, and racingMain Topics:Big 3! Risky Bulletin: FBI IC3, Verizon DBIR, Google M-Trends reports are out—here's the conclusions!• Verizon 2025 Data Breach Investigations Report• M-Trends 2025: Data, Insights, and Recommendations From the Frontlines• FBI Releases Annual Internet Crime ReportCasino hackers say they've got maps to slot machine vault and server room. A ransomware gang claims that it's holding hostage the blueprints to a $700 million casino. If true, they may know more about the vaults, server rooms, and security cameras than the people building it. Hackers target Catawba Two Kings Casino, threaten to release blueprintsVancouver Vehicle Ramming; 11 killed - Suspect charged with murder over Vancouver Filipino festival car ramming, police say victims were aged five to 65• A man is charged with murder after SUV rams a crowd in Vancouver's 'darkest day'• Vancouver ramming attack: Police determine attack was 'deliberate' but not 'terrorism' - 'Shocking'• A look at some recent deadly attacks involving vehicle rammings• 4 Killed When a Car Crashes Through an Illinois After-School Center; The victims' ages ranged from 7 to 18, the police said. Several others were injured.Quick Hits:• May Day Protests: o Workers in 600+ US Cities to Protest 'Billionaire Takeover' on May Dayo 50501 events• ‘No longer welcome to be alive': Man threatened Trump, Elon Musk and Tesla owners in ‘Declaration Of War' emails that claimed ‘newsworthy killings' were coming, DOJ says• Spanish distributor says restoring power after huge outage could take 6-10 hours. Portugal also hit• New U.S. Secret Service Research Highlights Connection Between Domestic Violence and Mass Attacks • FBI PSA - FBI Seeking Tips about PRC-Targeting of US Telecommunications & The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices• Countries shore up their digital defenses as global tensions raise the threat of cyberwarfare• Scams & Fraud: o FBI PSA - Cyber Criminals Impersonating Employee Self-Service Websites to Steal Victim Information and Funds o Foreign intel job scams target current, former DoD employeeso Think that text message is from USPS? It could be a scamo FBI Surges Resources to Nigeria to Combat Financially Motivated Sextortion• Russian Propaganda Campaign Targets France with Al-Fabricated Scandals, Drawing 55 Million Views on Social Media • Alleged former members of neo-Nazi group claim its leader is Russian spy• NSA Publishes Recommendations for Smart Controller Security Controls and Technical Requirements for OT Environments• Scientists Find Measles Likely to Become Endemic in the US Over Next 20 Years
Let's conclude our look at the 2024 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
"Have you read the Verizon DBIR report for 2024? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates. ""Can you trust the Verizon Data Breach Investigations Report (DBIR) to help you run your Cyber Risk Program?"" -- https://www.cr-map.com/91"
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights: Migratory Trends of the CISO CISO Skill Sets: Technical or Business? The Language of the CISO Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-358
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Show Notes: https://securityweekly.com/bsw-358
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution? Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights: Migratory Trends of the CISO CISO Skill Sets: Technical or Business? The Language of the CISO Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-358
Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why? Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview. Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! Show Notes: https://securityweekly.com/bsw-358
In episode 87 of Cybersecurity Where You Are, co-host Tony Sager is joined by the following guests:Charity Otwell, Director of the CIS Critical Security Controls® (CIS Controls®) at the Center for Internet Security® (CIS®)Philippe Langlois, Senior Principal, Security Risk Management and Author of the Verizon Data Breach Investigations Report (DBIR)Theodore "TJ" Sayers, Director of Intelligence & Incident Response at CISTogether, they celebrate 11 years of CIS and Verizon working together to contextualize the threat activity security teams are seeing and to help teams use the Controls as an improvement framework.Here are some highlights from our episode:02:00. How the Multi-State and Elections Infrastructure Information Sharing and Analysis Centers (MS-ISAC® and EI-ISAC®) contribute anonymized data to the Verizon DBIR07.27. The two types of data that Verizon uses as input for its report13:50. The ways CIS uses the content of Verizon's DBIR to help people embrace programs of security improvement24:48. A glimpse at what goes into producing the DBIR28.33. The importance of leadership in guiding team dynamics and fun32.07. Reception of the 2024 DBIR and exploration of what's next for the Verizon DBIR teamResources2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your OrganizationCIS Controls Featured as Recommended Defenses in Verizon's 2024 Data Breach Investigations Report2024 Data Breach Investigations ReportThe VERIS FrameworkCIS Community Defense Model 2.0If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
It is time to review the annual Verizon Data Breach Investigaton report. First, we will hit the big notes from their summary. Then, we can add in a few tidbits from the bigger report details. We'll break down key statistics, discuss emerging threats, and offer insights into what these findings mean for the health sector and HIPAA privacy and security programs. More info at HelpMeWithHIPAA.com/459
Ivanti's Chris Goettl (VP of Product, Patch Management) welcomes Robert Waters (Lead PMM, Exposure Management) as they discuss the key takeaways from Verizon's latest annual Data Breach Investigations Report: persistent risk from credentials, more and more sophisticated phishing attacks, and the rising prevalence of vulnerability exploits. To view the report yourself, head to: https://www.verizon.com/business/resources/reports/dbir/Join the conversation online on LinkedIn (linkedin.com/company/Ivanti)
Forecast = Expect a stormy week ahead in the cyber world, with high chances of CWE showers. In this episode of Storm⚡️Watch, we're diving deep into the cyber world with a lineup of intriguing topics and expert insights. The spotlight of this episode shines on the 2024 Verizon Data Breach Investigations Report, a comprehensive analysis that sheds light on the evolving landscape of cyber threats and vulnerabilities. We'll quiz Glenn on the key findings of the report, discussing the significant increase in vulnerability exploitation as an initial access point, which nearly tripled in 2023. This segment will delve into the implications of these findings for organizations and the importance of robust cybersecurity measures. Our Cyber Spotlight segment will explore the impact of a recent solar storm on precision farming, highlighting how geomagnetic disturbances knocked out tractor GPS systems during a critical planting season. We'll discuss the broader implications of solar storms on GPS-dependent technologies and the steps industries can take to mitigate these risks. Additionally, we'll touch on the threats to precision agriculture in the U.S., including the warning about using Chinese-made drones in farming operations. In Tool Time, we introduce CISA's Vulnrichment, a tool designed to enrich vulnerability management processes. This segment will provide insights into how Vulnrichment can aid organizations in identifying and mitigating vulnerabilities more effectively. Our Shameless Self-Promotion segment will feature exciting updates from Censys & GreyNoise, including an upcoming report and webcast on AI for cybersecurity, and a recap of the NetNoiseCon event. We'll also drop a link to the "Year of the Vuln" as highlighted in the 2024 Verizon DBIR, a post which offers our take on surviving this challenging period. To wrap up, we'll discuss the latest trends in cyber threats and active campaigns, providing listeners and viewers with a comprehensive overview of the current cyber threat landscape. Storm Watch Homepage >> Learn more about GreyNoise >>
In this episode, Jay and Joao discuss the 2024 Verizon Data Breach Investigations Report (DBIR), which includes some interesting finds regarding threat actor motives, how user error impacts business, and more!
In this week's Security Sprint, Dave and Andy talked about the following topics. Warm Start: Tribal-ISAC merch! National Security Memorandum on Critical Infrastructure Security and Resilience. Biden-Harris Administration Announces New National Security Memorandum to Strengthen U.S. Department of Energy's Role in Ensuring Security and Resilience Across America's Energy Sector Biden signs new memo to boost security of US critical infrastructure White House announces new policy guiding infrastructure protection Verizon 2024 Data Breach Investigations Report Verizon's 2024 Data Breach Investigations Report: 5 key takeaways Verizon DBIR: Enterprises Know The Pain Of Zero Day Exploits All Too Well Verizon's 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities Bitsight Reveals More than 60 Percent of Known Exploited Vulnerabilities Remain Unmitigated Past Deadlines in First-of-its-Kind Analysis of CISA's KEV Catalog Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find Forescout: Exposing the exploited: Analyzing vulnerabilities that live in the wild Info Ops Russia is trying to exploit America's divisions over the war in Gaza; The effort includes artificial intelligence, fake social media accounts and a spike in state-sponsored Russian propaganda NewsGuard: Russia-Ukraine Disinformation Tracking Center: 477 Websites Spreading War Disinformation And The Top Myths They Publish Campus Protests Give Russia, China and Iran Fuel to Exploit U.S. Divide; America's adversaries have mounted online campaigns to amplify the social and political conflicts over Gaza flaring at universities, researchers say. Hurricane Preparedness. A Proclamation on National Hurricane Preparedness Week, 2024. Oklahoma and Kansas at High Risk of Extreme Storms and Tornadoes Heavy rains ease around Houston but flooding remains after hundreds of rescues and evacuations Dashcam shows tornado obliterate Nebraska building Nebraska tornado survivor recounts mayhem: 'The windows exploded and glass was flying everywhere' Death toll from southern Brazil rainfall rises to 78, many still missing China & Resilience! SAVE THE DATE! CISA Hosts CISA Live! – “People's Republic of China Cyber Threats and What We Can Do”. On Wednesday, May 15, we will host our next CISA Live! - “People's Republic of China Cyber Threats and What We Can Do” Under the Digital Radar: Defending Against People's Republic of China's Nation-State Cyber Threats to America's Small Businesses. Quick Hits Australian police shoot dead 'radicalized' teen Germany Travel Advisory-Level 2: Exercise Increased Caution-May 1, 2024 Sweden “On Terror Level Four” As Security Is Tightened A Week Before Eurovision Song Contest Bird flu's wild range; Counties where avian flu has been detected in wild mammals since 2022 House Energy and Commerce Committee: What We Learned: Change Healthcare Cyber Attack French cyberwarriors ready to test their defense against hackers and malware during the Olympics The United States Condemns Malicious Cyber Activity Targeting Germany, Czechia, and Other EU Member States FBI Releases 2023 Elder Fraud Report with Tech Support Scams Generating the Most Complaints and Investment Scams Proving the Costliest CISA and Partners Release Fact Sheet on Defending OT Operations Against Ongoing Pro-Russia Hacktivist Activity Communication gaps between IT departments and senior corporate leadership worsening application security risks SBOM Sharing Primer CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities Maersk says Red Sea disruption will cut capacity by 15-20% in second quarter Chinese-Made Surveillance Cameras Are Spreading Across Eastern Europe, Despite Security Concerns Wichita government shuts down systems after ransomware incident
https://youtu.be/dwRG_wO0vgc This week on the podcast, we cover the key takeaways from the 2024 Verizon Data Breach Investigations Report. Before that, we discuss what we learned from United Healthcare CEO Andrew Witty's congressional testimony on their ransomware attack in February. We also discuss a research article from JFrog on malicious Docker Hub repositories.
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Building a Cyber Incident Response Plan This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-360
It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Show Notes: https://securityweekly.com/esw-360
It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Show Notes: https://securityweekly.com/esw-360
It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the different tasks you need to complete long before an incident occurs. Resources 5 Best Practices for Building a Cyber Incident Response Plan This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about them! It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE challenging, everyone is also putting out their big annual reports, like Verizon's DBIR and Mandiant's M-Trends! Finally, we've got some great essays that are worth putting on your reading list, including a particularly fun take on the Verizon DBIR by Kelly Shortridge. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-360
All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It's a huge attack surface that we're only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode: Where are we in terms of monitoring anomalous behavior of our users? Why are we still struggling to understand what happens after threat actors are in our networks? How are new AI-based tools helping us to scale efforts? What's working and where do we need to improve? Thanks to our podcast sponsor, Reveal Security Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security
Let's conclude our look at the 2023 Verizon DBIR report. Today we'll review the data by industry and some other tidbits with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
Have you read the Verizon DBIR report for 2023? Find out what it contains in the first of two episodes on this extremely useful report with your hosts Kip Boyle, vCISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
In this episode of Storm Watch, the hosts discuss various cybersecurity topics, including a Fortinet vulnerability, a DDoS attack on Microsoft Outlook, the ongoing issues with Log4j, and the "MOVEit" vulnerability. The hosts first talk about a new Fortinet vulnerability, expressing their snarky comments about the company's security issues. They then move on to discuss a recent DDoS attack on Microsoft Outlook, which caused significant downtime for users. The attack was attributed to Anonymous Sudan, a hacktivist group that uses open proxy services to launch their attacks. The hosts mention that with the current political climate and upcoming presidential election, more DDoS attacks can be expected. Next, they discuss the "MOVEit" vulnerability, which has been exploited by attackers to target various organizations, including some governments. The hosts emphasize the importance of staying on top of security updates and patches to protect against such attacks. They also mention their community Slack channel, where they encourage users to share information on niche software and research partnerships. Finally, the hosts touch on the resurgence of Log4j scans, suggesting that attackers may be targeting organizations that have restored backups or deployed old images without the necessary patches in place. They also mention a recent Verizon DBIR report that highlighted Log4j vulnerabilities, possibly contributing to the renewed interest in exploiting them. The hosts conclude by emphasizing the importance of staying vigilant and up-to-date with security measures to protect against these ongoing threats. Join our Community Slack >> Learn more about GreyNoise >>
Samsung is dealing with an insider threat that tried to copy their entire chip manufacturing plant, wow! CISA issued a "binding" directive for ZT, but how binding is it really? The top 10 from the Verizon DBIR, what does that tell us about the space? Another Presidential candidate uses a deepfake to target their adversaries, should we worry? A mother deals with a deepfake voice attack where her daughter is "kidnapped", does this bode well for our collective future if criminals are vectoring in on this type of attack? 99% of organizations expect an identity related compromise this year, jeez (#killthepassword already). Those points and more on this one!
Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the challenges encountered during an identity modernization project, how Identity Orchestration helps those modernization projects, and best practices for implementing secure identity. Segment Resources: - [Identity Orchestration Use Cases](https://www.strata.io/use-cases/) - [What is Identity Orchestration WhitePaper](https://www.strata.io/resources/whitepapers/what-is-identity-orchestration-and-why-you-need-it-to-succeed-with-multi-cloud/) This segment is sponsored by Strata. Visit https://securityweekly.com/strata to learn more about them! This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244
This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244
Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how it has evolved to keep pace with modern apps, the challenges encountered during an identity modernization project, how Identity Orchestration helps those modernization projects, and best practices for implementing secure identity. Segment Resources: - [Identity Orchestration Use Cases](https://www.strata.io/use-cases/) - [What is Identity Orchestration WhitePaper](https://www.strata.io/resources/whitepapers/what-is-identity-orchestration-and-why-you-need-it-to-succeed-with-multi-cloud/) This segment is sponsored by Strata. Visit https://securityweekly.com/strata to learn more about them! This year's Verizon DBIR is out, CVSS is updating its methodology, poor password reset design, SQL injection in MOVEit, a CTF for AWS IAM Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-244
The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? In the leadership and communications section, Only one in 10 CISOs today are board-ready, study says, Why Conflicting Ideas Can Make Your Strategy Stronger, How to Overcome Communication Barriers in Your Teamwork, and more! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-309
The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-309
The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? In the leadership and communications section, Only one in 10 CISOs today are board-ready, study says, Why Conflicting Ideas Can Make Your Strategy Stronger, How to Overcome Communication Barriers in Your Teamwork, and more! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-309
Today, we are going to give you our six takeaways from the 15th annual Verizon Data Breach Investigation Report. We like these reports because they give us an indication of what's going on in the cyber world, what we need to be looking for and looking out for. More info at HelpMeWithHIPAA.com/359
© 2020-2026 Ivy Podcast Discovery LLC
