The Business of Cybersecurity

Why Secure Access Is Becoming Cybersecurity's Biggest Priority with Cyolo

32 min · Gestern
Episode Why Secure Access Is Becoming Cybersecurity's Biggest Priority with Cyolo Cover

Beschreibung

What happens when artificial intelligence gives cybercriminals the ability to identify, map, and exploit critical infrastructure faster than defenders can respond? For the organizations responsible for power grids, manufacturing plants, water utilities, and data centers, that question is no longer hypothetical. In this episode of The Business of Cybersecurity, I welcome Almog Apirion, CEO and Co-Founder of Cyolo, to discuss why the rules of defending operational technology are changing. Drawing on his experience leading the Israeli Navy's cyber unit and serving as a CISO before founding Cyolo, Almog shares why the rise of AI-powered attacks demands a renewed focus on the security fundamentals many organizations have overlooked. One of the strongest messages from our conversation is that AI has dramatically lowered the barrier for attackers. Capabilities that once required highly skilled specialists are now becoming accessible to a much wider range of threat actors. Rather than spending weeks researching vulnerable systems, attackers can now automate reconnaissance, identify weak points, and prepare attacks at unprecedented speed. That leaves defenders with far less time to react. Instead of relying solely on detection and response, Almog argues that businesses must build security into their environments from the beginning. We discuss why identity controls, multi-factor authentication, segmentation, and tightly governed access remain some of the most effective ways to reduce cyber risk, even as AI continues to reshape the threat landscape. Sometimes the simplest security controls still prevent the biggest attacks. Our conversation also examines why traditional VPN-based remote access has become increasingly difficult to justify inside critical infrastructure. Almog explains why giving users access to an entire network creates unnecessary exposure when modern approaches can limit access to only the specific systems people need to perform their work. That principle sits at the heart of mature zero trust strategies, where every connection is verified and every action is tightly controlled. Another area we explore is microsegmentation and why it is becoming an increasingly important part of protecting operational technology. Rather than assuming attacks can always be prevented, organizations should prepare for the possibility of compromise and focus on limiting how far an attacker can move through a network. Reducing the blast radius can often make the difference between a contained security incident and a major operational disruption. We also discuss the practical challenges security leaders face every day. Replacing legacy remote access tools, introducing zero trust without disrupting production, supporting third-party vendors, and maintaining always-on access for mission-critical operations all require careful planning. Almog explains why cybersecurity cannot come at the expense of uptime, particularly in industries where every minute of disruption carries real-world consequences. This conversation serves as a timely reminder that while AI is changing both sides of cybersecurity, the strongest defenses are still built on solid foundations. As attackers become faster and more automated, organizations must ensure that identity, access, segmentation, and resilience are designed into their environments from the start rather than added after an incident occurs. If AI is making attacks faster, should security teams spend less time chasing alerts and more time reducing opportunities for attackers altogether? And are the foundations of your security strategy strong enough for the threats that already exist today? I'd love to hear your thoughts after listening.

Kommentare

0

Sei die erste Person, die kommentiert

Melde dich jetzt an und werde Teil der The Business of Cybersecurity-Community!

Loslegen

2 Monate für 1 €

Dann 4,99 € / Monat · Jederzeit kündbar.

  • Podcasts nur bei Podimo
  • 20 Stunden Hörbücher / Monat
  • Alle kostenlosen Podcasts

Alle Folgen

38 Folgen

Episode Why Secure Access Is Becoming Cybersecurity's Biggest Priority with Cyolo Cover

Why Secure Access Is Becoming Cybersecurity's Biggest Priority with Cyolo

What happens when artificial intelligence gives cybercriminals the ability to identify, map, and exploit critical infrastructure faster than defenders can respond? For the organizations responsible for power grids, manufacturing plants, water utilities, and data centers, that question is no longer hypothetical. In this episode of The Business of Cybersecurity, I welcome Almog Apirion, CEO and Co-Founder of Cyolo, to discuss why the rules of defending operational technology are changing. Drawing on his experience leading the Israeli Navy's cyber unit and serving as a CISO before founding Cyolo, Almog shares why the rise of AI-powered attacks demands a renewed focus on the security fundamentals many organizations have overlooked. One of the strongest messages from our conversation is that AI has dramatically lowered the barrier for attackers. Capabilities that once required highly skilled specialists are now becoming accessible to a much wider range of threat actors. Rather than spending weeks researching vulnerable systems, attackers can now automate reconnaissance, identify weak points, and prepare attacks at unprecedented speed. That leaves defenders with far less time to react. Instead of relying solely on detection and response, Almog argues that businesses must build security into their environments from the beginning. We discuss why identity controls, multi-factor authentication, segmentation, and tightly governed access remain some of the most effective ways to reduce cyber risk, even as AI continues to reshape the threat landscape. Sometimes the simplest security controls still prevent the biggest attacks. Our conversation also examines why traditional VPN-based remote access has become increasingly difficult to justify inside critical infrastructure. Almog explains why giving users access to an entire network creates unnecessary exposure when modern approaches can limit access to only the specific systems people need to perform their work. That principle sits at the heart of mature zero trust strategies, where every connection is verified and every action is tightly controlled. Another area we explore is microsegmentation and why it is becoming an increasingly important part of protecting operational technology. Rather than assuming attacks can always be prevented, organizations should prepare for the possibility of compromise and focus on limiting how far an attacker can move through a network. Reducing the blast radius can often make the difference between a contained security incident and a major operational disruption. We also discuss the practical challenges security leaders face every day. Replacing legacy remote access tools, introducing zero trust without disrupting production, supporting third-party vendors, and maintaining always-on access for mission-critical operations all require careful planning. Almog explains why cybersecurity cannot come at the expense of uptime, particularly in industries where every minute of disruption carries real-world consequences. This conversation serves as a timely reminder that while AI is changing both sides of cybersecurity, the strongest defenses are still built on solid foundations. As attackers become faster and more automated, organizations must ensure that identity, access, segmentation, and resilience are designed into their environments from the start rather than added after an incident occurs. If AI is making attacks faster, should security teams spend less time chasing alerts and more time reducing opportunities for attackers altogether? And are the foundations of your security strategy strong enough for the threats that already exist today? I'd love to hear your thoughts after listening.

Gestern32 min
Episode What NETSCOUT's Threat Intelligence Report Means For Every Security Leader Cover

What NETSCOUT's Threat Intelligence Report Means For Every Security Leader

What happens when anyone with a simple AI prompt can launch a sophisticated cyberattack? In this episode of The Business of Cybersecurity, I sit down with Darren Anstee, CTO for Security at NETSCOUT, to discuss the findings from the company's latest Threat Intelligence Report and why the cybersecurity landscape is changing faster than many organizations can respond. We explore how conversational AI is lowering the barrier to entry for cybercriminals, making it possible for attackers with little technical expertise to orchestrate increasingly sophisticated DDoS campaigns. Darren explains why this shift isn't simply creating more attacks. It's changing who can launch them and how quickly they can adapt. Our conversation also looks at the growing collaboration between threat actors, the continued rise of politically motivated hacktivist groups, and why attacks are increasingly targeting entire digital supply chains rather than individual organizations. As businesses become more interconnected, defending your own infrastructure is no longer enough. We also discuss why compromised customer devices are creating new operational and reputational challenges for internet service providers, how AI is reshaping both offensive and defensive cyber capabilities, and why preparation, visibility, and threat intelligence matter far more than reacting after an attack has already begun. Darren also shares practical advice for security leaders looking to move from reactive incident response to proactive cyber resilience. From understanding your true attack surface to building adaptive defenses that continuously learn and respond, this episode offers clear guidance for organizations preparing for the next generation of cyber threats. If AI is making cyberattacks easier to launch, how should businesses rethink the way they defend themselves? After listening, I'd love to hear your thoughts. Is your organization ready for this new reality, or is there still work to do?

26. Juni 202629 min
Episode Mimecast CISO On Why AI Has Become A Cybersecurity Risk Cover

Mimecast CISO On Why AI Has Become A Cybersecurity Risk

What happens when the technology designed to make us more productive quietly becomes one of the biggest security risks inside the enterprise? In this episode of The Business of Cybersecurity, I sit down with Leslie Nielsen, CISO at Mimecast, to discuss the growing tension between AI adoption and cybersecurity, and why many organizations may be exposing sensitive information faster than they realize. As businesses race to deploy generative AI, AI agents, and Model Context Protocol integrations, Leslie explains why AI models themselves are becoming valuable targets. When organizations pool large volumes of sensitive data into centralized AI systems, they create what he describes as a corporate brain, one that can quickly become attractive to attackers if the right controls are not in place. We explore the rise of shadow AI, where employees use unsanctioned AI tools to meet deadlines and improve productivity, often without understanding the long-term consequences. Leslie shares why a simple upload of financial data, customer information, or proprietary documents into a public AI platform can create risks that traditional security teams struggle to contain once the information has entered a large language model. The conversation also examines the changing nature of insider threats. From negligent behavior to deliberate misuse of credentials, attackers are increasingly targeting employees directly. Leslie discusses how AI is making it easier for threat actors to identify vulnerable individuals, while growing concerns around job displacement may create new pressures inside organizations. We also discuss why visibility remains one of the biggest cybersecurity challenges facing modern enterprises. As AI changes data flows, communication channels, and user behavior, many organizations are discovering that traditional security controls were never designed for the speed and complexity of today's AI-powered environments. Leslie explains why cybersecurity leaders need to become AI champions rather than blockers, helping businesses adopt AI safely while maintaining visibility, governance, and trust. Looking ahead, Leslie remains optimistic about using AI to strengthen cyber defenses. As attackers embrace AI, defenders are doing the same, creating a new chapter in cybersecurity where automation, intelligence, and human expertise will work together to protect organizations from emerging threats. How is your organization balancing AI innovation with security, and are you confident you can see where your data is really going? Share your thoughts with me.

2. Juni 202622 min
Episode Orange Cyberdefense On The New FCA Cyber Reporting Rules Cover

Orange Cyberdefense On The New FCA Cyber Reporting Rules

What happens when your biggest cybersecurity risk isn't inside your organization at all, but somewhere deep within your supply chain? In this episode of The Business of Cybersecurity, I sit down with Ben Gibbins, Head of Financial Services and Insurance at Orange Cyberdefense UK, to discuss the Financial Conduct Authority's new cyber incident and third-party reporting requirements and what they mean for financial institutions facing a March 2027 compliance deadline. The conversation begins with a striking statistic. More than 40% of cyber incidents reported to the FCA involved at least one third party, highlighting how interconnected digital ecosystems have created new points of vulnerability across financial services. Ben explains why attackers are increasingly targeting suppliers, service providers, and technology partners to gain access to larger organizations, and why regulators are becoming increasingly concerned about concentration risk across critical infrastructure. We also tackle one of the biggest misconceptions surrounding the new FCA requirements. Many organizations assume that compliance with the EU's Digital Operational Resilience Act (DORA) automatically prepares them for the UK's reporting obligations. Ben explains why that assumption could leave firms exposed, outlining the differences between the two frameworks and the additional work many organizations still need to complete. Our discussion explores operational resilience, supply chain visibility, incident reporting, and the practical realities of responding to cyber incidents while simultaneously meeting regulatory expectations. Ben shares insights on why organizations need a far better understanding of third-, fourth-, and even fifth-party dependencies, and why traditional approaches to supplier risk management are struggling to keep pace with today's interconnected business environment. We also examine how collaboration between regulators, cybersecurity providers, threat intelligence specialists, and financial institutions could help strengthen collective defenses against increasingly sophisticated threats. From cyber extortion campaigns to supply chain attacks affecting hundreds of organizations simultaneously, the discussion highlights why resilience has become as important as prevention. If your organization assumes compliance is already covered, this conversation may prompt a second look. Are businesses truly prepared for the next phase of cyber resilience reporting, or are many still underestimating the risks hidden within their supply chains? Share your thoughts with me.

31. Mai 202640 min
Episode Deepfakes, AI Agents, and the Collapse of Traditional Identity Security Cover

Deepfakes, AI Agents, and the Collapse of Traditional Identity Security

How do you defend trust in a world where AI can imitate voices, generate highly convincing phishing attacks, and automate fraud at a scale humans can barely keep up with? In this episode of Business of Cybersecurity, I sit down with Mary Ann Miller from Prove to discuss how AI is reshaping fraud, identity, and cybersecurity in ways many organizations are still struggling to understand fully. With decades of experience across banking, fintech, and fraud prevention, Mary Ann brings a unique perspective on the growing collision between customer experience, digital identity, and AI-driven attacks. We explore how cybercriminals are using contextual AI-powered phishing campaigns that feel increasingly believable, why account takeover attacks are evolving into AI-assisted operations, and what happens when human intuition is no longer enough to identify deepfakes and manipulated content online. Mary Ann explains why the traditional idea of identity verification at login is beginning to break down, especially as one-time passwords and legacy authentication methods become easier to exploit. The conversation also examines the rise of “continuous identity,” in which organizations must continually evaluate trust signals across the customer journey rather than relying on a single authentication event. Mary Ann shares why many organizations are investing heavily in AI innovation while simultaneously lacking the controls needed to defend themselves against AI-driven fraud. We also discuss how non-human identities, AI agents, and automated interactions are introducing new risks that many businesses are still unprepared for. There is also a fascinating discussion around how AI has quietly powered fraud detection systems for decades, from early neural networks monitoring payment anomalies to today’s far more advanced machine learning systems. But as organizations race to introduce AI-powered customer experiences, Mary Ann warns that customer trust and adoption cannot be taken for granted. She shares the example of Walmart reportedly seeing a major drop in conversions during an AI-driven commerce experiment, highlighting how businesses are still learning where AI genuinely improves experiences and where it creates friction. Mary Ann also offers practical advice for boards and security leaders on how to proactively test their defenses through fraud red-team exercises, why organizations need to recognize AI-generated attack patterns earlier, and how businesses can rethink identity in a world where both humans and machines participate in digital interactions. If you care about the future of trust, authentication, fraud prevention, and cybersecurity in the AI era, this conversation offers a valuable look at the challenges already unfolding behind the scenes.

27. Mai 202626 min