'Defense in Depth is Dead'

'Defense in Depth is Dead'

Send us Fan Mail [https://www.buzzsprout.com/1990015/fan_mail/new] I feel very fortunate to work in the industries that I do, because I get to speak with a lot of really innovative people doing really interesting work with cutting edge technology. And even though I get to have a fair number of these conversations, there are some that really stick out. This can be for reasons ranging from strongly agreeing and appreciating what is being said, to strongly disagreeing, or just respecting a different take on a familiar topic. When it comes to our guest for this episode, you might find yourself feeling a combination of all three. Watch/listen as Accenture’s Global Cyber Resiliency Management Lead [https://www.accenture.com/us-en/services/cybersecurity], Charlie Hosner, offers his take on: * The futility of trying to be perfect. * Why "You don't need lasers, just lock the door.” * How uncomfortable he gets with OT segmentation strategies. * A different take on OT identity management. * Why he feels defense in depth is dead as we know it. * The "anxious truce" comprising most IT/OT working relationships. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. [https://ien.formstack.com/forms/security_breach_podcast_become_a_sponsor_apr_2024] To catch up on past episodes, you can go to Manufacturing.net [https://www.manufacturing.net/cybersecurity], IEN.com [https://www.ien.com/software] or MBTmag.com [https://www.mbtmag.com/cybersecurity]. You can also check Security Breach [https://ien.formstack.com/forms/industrial_media_security_breach_podcast]out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com [jeff@ien.com].

Countering New-Age, State-Sponsored Industrial Hackers

Send us Fan Mail [https://www.buzzsprout.com/1990015/fan_mail/new] Cybersecurity is unlike any other Industry or environment I’ve ever covered. But more than the technology, the intriguing players and the somewhat spooky elements surrounding it, is how the things we discuss on this podcast impact nearly every element of our day-to-day lives.  It’s not just how artificial intelligence is impacting email phishing schemes, but how clicking on that link could let a state-sponsored hacker steel login credentials for obtaining access to an industrial control system that is not only used by a power tool manufacturer, but by a defense contractor or water treatment facility. The interconnected nature of the industrial sector makes an appreciation for cybersecurity vital to the ongoing safety and success of manufacturing – which, again, impacts nearly every facet of every person’s daily life. That’s why I enjoy talking to people like Aaron Shraberg, Senior Team Lead at Flashpoint [https://www.flashpoint.io/] – a leading provider of threat landscape intelligence. The stuff Aaron talks about is frightening, which is another challenge of covering cybersecurity – balancing education with data sharing without fear mongering.  But I’d encourage you to really wach/listen as Aaron talks about the evolution of threats from China, Russia and Iran, and how cyber threats are converging with physical battlefields to fuel threats thousands of miles from where the missiles are flying.  The bottom line is – we’re all connected and we’re all impacted, so we need to be prepared - regardless of how far removed you think you are. There's also good news in terms of solutions, which can start with sharing some of this scary information.  As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. [https://ien.formstack.com/forms/security_breach_podcast_become_a_sponsor_apr_2024] To catch up on past episodes, you can go to Manufacturing.net [https://www.manufacturing.net/cybersecurity], IEN.com [https://www.ien.com/software] or MBTmag.com [https://www.mbtmag.com/cybersecurity]. You can also check Security Breach [https://ien.formstack.com/forms/industrial_media_security_breach_podcast]out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com [jeff@ien.com].

Taking Down of a North Korean Remote Access Scam

Send us Fan Mail [https://www.buzzsprout.com/1990015/fan_mail/new] We’ve all seen or heard the reports about how hackers are using AI to elevate their attacks in obtaining funds and intellectual property from unsuspecting victims, or accessing some of their critical systems. Often, these nightmare incidents leave the names and companies out of the story to avoid any reputational fallout. However, this episode's guest takes us beyond studies and second-hand accounts of AI’s potential in the hands of hackers. I’m not going to say too much, but I do hope that after watching or listening to Ryan LaSalle’s up close and personal encounter with a North Korean scammer, you’ll appreciate the need to take all that threat intelligence regarding AI and foreign blackhat operations very seriously. Watch/listen as Ryan LaSalle, CEO of the human risk management company Nisos, describes how his company identified and disrupted this AI-fueled scam, the wide-reaching impacts such intrusions are having on key industries - especially manufacturing, and how to insulate your company from falling victim to such scams. You can also read a full report on the investigation here. [https://nisos.com/blog/dprk-it-worker-fraud-laptop-farm/] As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. [https://ien.formstack.com/forms/security_breach_podcast_become_a_sponsor_apr_2024] To catch up on past episodes, you can go to Manufacturing.net [https://www.manufacturing.net/cybersecurity], IEN.com [https://www.ien.com/software] or MBTmag.com [https://www.mbtmag.com/cybersecurity]. You can also check Security Breach [https://ien.formstack.com/forms/industrial_media_security_breach_podcast]out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com [jeff@ien.com].

Multiple Paths to Zero Trust - Channeling D&D, LOTR and It's Always Sunny in Philadelphia

Send us Fan Mail [https://www.buzzsprout.com/1990015/fan_mail/new] One of my least favorite tasks of Basic Training was weapons maintenance. I didn’t really mind cleaning my M-16A2 rifle, but sometimes it just felt pointless. We’d spend hours stripping, cleaning, reassembling, inspecting and, ultimately, being told it still wasn’t clean enough by the drill sergeant or armor. It took me a while, but eventually, I realized that the benefits of this process went beyond just a clean weapon. Although there are obvious lessons there, I also got to know that rifle down to its firing pin retaining pin. So, if it misfired during field training exercises, I knew exactly how to correct the issue in the moment and perform more extensive actions in an expediate manner when time allowed. I wasn’t just cleaning a rifle, I was gaining insight into all aspects of an essential battlefield tool. I think there are some parallels to my training experience and your approaches to implementing Zero Trust frameworks. While the upfront benefits are pretty straightforward, my guest for this episode lays out a number of other gains that organizations realize while implementing Zero Trust.  Watch/listen as Kam Chumley-Soltani, Managing Director, OT Security at Armis, discusses: * How Zero Trust initiatives can lead to greater cyber hygiene by demanding greater scrutiny of visibility, vulnerability management and threat detection capabilities. * Managing the need to patch versus the realities of operational downtime. * Defining and establishing priorities around your crown jewels. * How Dungeons & Dragons can help improve tabletop training exercises. * Why new Department of War regulations are having a far-reaching impact on Zero Trust. * Avoiding common segmentation mistakes. * Why the foundation for successful AI implementation is still being built. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. [https://ien.formstack.com/forms/security_breach_podcast_become_a_sponsor_apr_2024] To catch up on past episodes, you can go to Manufacturing.net [https://www.manufacturing.net/cybersecurity], IEN.com [https://www.ien.com/software] or MBTmag.com [https://www.mbtmag.com/cybersecurity]. You can also check Security Breach [https://ien.formstack.com/forms/industrial_media_security_breach_podcast]out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com [jeff@ien.com].

The Bad Guy's Different Set of Rules

Send us Fan Mail [https://www.buzzsprout.com/1990015/fan_mail/new] Not to continue to beat our collective heads into the same wall, but by now everyone knows that manufacturing leads the way in targeted cyberattacks, as well as year-over-year increases in areas like ransomware attacks, DDoS shutdowns and data breaches.  Yet, the industry continues to demonstrate some troubling behaviors in the face of these realities.  Kiteworks recently found that only 36% of organizations have visibility into where their data is utilized by external partners. So, think supply chains, distributor fulfillment agreements and technology contractors that have access to your data, but may not be applying the appropriate security strategies.  This means you could be the victim of an attack, but remain in the dark about its origins, enabling the intrusion to happen again and again. Fortunately, we do have some good guys working to correct these vulnerabilities, and we’ll talk with one in this episode. Watch/listen as Tim Freestone, the Chief Strategy Officer at the aforementioned Kiteworks, discusses: * How attackers are leveraging new technology more quickly than the white hats, and why AI might be the tool that evens the playing field. * Why response plans need to focus more on "the big rocks than the little ones." * The difference between input from "champions" versus "complainers." * How CMMC could have an impact beyond just the defense supply chain. * The continued use of IT and OT silos that might might make sense from a business perspective, but demand a paradigm shift when dealing with cybersecurity. * Why regulations might be the most important agents of change. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. [https://ien.formstack.com/forms/security_breach_podcast_become_a_sponsor_apr_2024] To catch up on past episodes, you can go to Manufacturing.net [https://www.manufacturing.net/cybersecurity], IEN.com [https://www.ien.com/software] or MBTmag.com [https://www.mbtmag.com/cybersecurity]. You can also check Security Breach [https://ien.formstack.com/forms/industrial_media_security_breach_podcast]out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com [jeff@ien.com].