9: Learning Cybercrime Techniques through MITRE ATT&CK

10: How Ransomware Attacks Impacts Organizations on Multiple Levels

Learn about ransomware attacks and how to calculate the impact of an attack on an organization.   The costs of ransomware are high, but experts struggle to calculate the true impacts due to a lack of reporting requirements. Additionally, organizations affected by ransomware often do not want to discuss incidents for many reasons, ranging from legal to reputational to the distressing effects of being held to ransom. In this Studio 471, Jamie MacColl, a research fellow with the Royal United Services Institute, discusses a recent study, “The Scourge of Ransomware Victim Insights on Harms to Individuals, Organisations and Society.” The study sought to understand the impacts of ransomware on multiple levels, from the IT people on the front line through to civil society. Participants: Jamie MacColl, Research Fellow, Cyber Threats and Cyber Security, Royal United Services Institute for Defence and Security Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471 ---------- Stay in Touch!  Twitter: https://twitter.com/Intel471Inc [https://twitter.com/Intel471Inc] LinkedIn: https://www.linkedin.com/company/intel-471/ [https://www.linkedin.com/company/intel-471/] YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg [https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg] Discord: https://discord.gg/DR4mcW4zBr [https://discord.gg/DR4mcW4zBr] Facebook: https://www.facebook.com/Intel471Inc/ [https://www.facebook.com/Intel471Inc/]

9: Learning Cybercrime Techniques through MITRE ATT&CK

Learn cybercrime techniques with MITRE Corporation and see how their ATT&CK framework helps them protect their systems from cybercriminal groups.  Over the last decade, the MITRE Corporation has grown its ATT&CK framework, which is a knowledge base of adversary behaviors that can help defenders in a variety of ways. MITRE has traditionally been focused on Advanced Persistent Threat (APT) groups but has been increasingly incorporating techniques and sub-techniques into ATT&CK that are used by cybercriminal groups. In this Studio 471, Patrick Howell O’Neill, who is a Lead Cyber Operations Analyst at MITRE, discusses these changes and why ATT&CK is useful to security professionals. Participants: Patrick Howell O’Neill, Lead Cyber Operations Analyst, MITRE Corporation Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471 ---------- Stay in Touch!  Twitter: https://twitter.com/Intel471Inc [https://twitter.com/Intel471Inc] LinkedIn: https://www.linkedin.com/company/intel-471/ [https://www.linkedin.com/company/intel-471/] YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg [https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg] Discord: https://discord.gg/DR4mcW4zBr [https://discord.gg/DR4mcW4zBr] Facebook: https://www.facebook.com/Intel471Inc/ [https://www.facebook.com/Intel471Inc/]

8: Countering Cyber Extortion and Hacktivism with Diana Selck-Paulsson of Orange Cyberdefense

Diana Selck-Paulson is the lead security researcher at Orange Cyberdefense, which is a managed security services provider that serves a worldwide client base. Her background in the social sciences as a criminologist with a specific focus on cybercrime has given her unique insight in the cybersecurity challenges facing organizations. In this episode of Studio 471, we discuss two areas where Orange Cyberdefense has produced unique research in its Security Navigator 2024 report: cyber extortion and hacktivism. We tackle whether cyber extortion can be deterred and also the deeper effects of hacktivism, which can eclipse technical disruptions. Participants: Diana Selck-Paulsson, Lead Security Researcher, Orange Cyberdefense Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471 ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc [https://twitter.com/Intel471Inc] LinkedIn: https://www.linkedin.com/company/intel-471/ [https://www.linkedin.com/company/intel-471/] YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg [https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg] Discord: https://discord.gg/DR4mcW4zBr [https://discord.gg/DR4mcW4zBr] Facebook: https://www.facebook.com/Intel471Inc/ [https://www.facebook.com/Intel471Inc/]

7: How to Build Your Own Cyber Threat Intelligence Program

Learn how to build your own cyber threat intelligence program that keeps stakeholders happy as well as understand the Cyber Threat Intelligence Capability Maturity Model.  Starting a cyber threat intelligence program (CTI) prompts many questions: What intelligence is most useful? Where are the data sources? How can you satisfy stakeholders? And ultimately, how you demonstrate that a CTI program prevented security incidents? John Fokker, head of threat intelligence at Trellix, says that it possible to build effective CTI programs with smaller teams but stakeholder buy-in is important. In this episode of Studio 471, we also discuss the Cyber Threat Intelligence Capability Maturity Model (CTI CMM) which is a framework under development by CTI experts. The framework, due to be released later this year, aims to guide organizations to building more capable and mature CTI programs. Participants: John Fokker, Head of Threat Intelligence, Trellix Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471 ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc [https://twitter.com/Intel471Inc] LinkedIn: https://www.linkedin.com/company/intel-471/ [https://www.linkedin.com/company/intel-471/] YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg [https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg] Discord: https://discord.gg/DR4mcW4zBr [https://discord.gg/DR4mcW4zBr] Facebook: https://www.facebook.com/Intel471Inc/ [https://www.facebook.com/Intel471Inc/]

6: Security Software Testing and Why It's Important

If you’re the buyer of security products for a large company, how do you ensure that a product works as promised? Security software testing puts products such as firewalls, endpoint protection and intrusion detection systems through their paces. But security software testing has been a contentious area, with vendors sparring over results and occasional accusations of cheating.  In this edition of Studio 471, Simon Edwards of SE Labs walks through how his company conducts ethical, realistic tests based on the cyber kill chain and MITRE ATT&CK, an index of attacker tactics, techniques and procedures. Participants: Simon Edwards, Founder and CEO, SE Labs Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471 ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc [https://twitter.com/Intel471Inc] LinkedIn: https://www.linkedin.com/company/intel-471/ [https://www.linkedin.com/company/intel-471/] YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg [https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg] Discord: https://discord.gg/DR4mcW4zBr [https://discord.gg/DR4mcW4zBr] Facebook: https://www.facebook.com/Intel471Inc/ [https://www.facebook.com/Intel471Inc/]