Security Breach
A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.
Episodes
We’ve all seen or heard the reports about how hackers are using AI to elevate their attacks in obtaining funds and intellectual property from unsuspecting victims, or accessing some of their critical systems. Often, these nightmare incidents leave the names and companies out of the story to avoid any reputational fallout.
However, this episode's guest takes us beyond studies and second-hand accounts of AI’s pote...
One of my least favorite tasks of Basic Training was weapons maintenance. I didn’t really mind cleaning my M-16A2 rifle, but sometimes it just felt pointless. We’d spend hours stripping, cleaning, reassembling, inspecting and, ultimately, being told it still wasn’t clean enough by the drill sergeant or armor.
It took me a while, but eventually, I realized that the benefits of this process went beyond just a clean wea...
Not to continue to beat our collective heads into the same wall, but by now everyone knows that manufacturing leads the way in targeted cyberattacks, as well as year-over-year increases in areas like ransomware attacks, DDoS shutdowns and data breaches.
Yet, the industry continues to demonstrate some troubling behaviors in the face of these realities.
Kiteworks recently found that only 36% of organizations have visi...
We all know that cybersecurity, and industrial cybersecurity in particular, is facing a huge talent deficit.
Finding an individual who not only understands the technical elements of cybersecurity, but also appreciates the dynamics of keeping a manufacturing operation up and running is extremely difficult, as they need to balance security with uptime, defense with productivity, and investment with implementation time...
Although discussing the military activities currently taking place in Iran runs the risk or bringing up polarizing political views, the cybersecurity realities simply can’t be ignored. And they absolutely have to be discussed.
One of these realities is that Iran has a legacy of supporting organizations involved with cyberattacks on networks, infrastructure and companies in Israel and the United States. Companies tha...
Last December the Cybersecurity and Infrastructure Security Agency, or CISA, issued an advisory warning manufacturers, operators of critical infrastructure, and really anybody associated with industrial control systems about the threats being presented by pro-Russian hacktivist groups.
The advisory, issued in conjunction with numerous federal and international agencies, called out groups like the Cyber Army of Russia...
When we talk about the challenges presented to those trying to secure the operational landscape of manufacturing, it’s tough to avoid what I’d call the usual suspects - endpoints, connection points, credentials, vulnerabilities, silos and, of course, the impact of artificial intelligence.
And just as there are benefits to discussing these individual aspects, it’s equally important to look at things from a bigger pict...
Back in 2020, the Department of Defense, as it was called at the time, introduced the Cybersecurity Maturity Model Certification (CMMC). It carried the goal of ensuring companies would be able to protect sensitive information when working on government contracts.
The program requires contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to meet specified cybersecurity ...
"You don't have to get hacked to understand how you can get hacked."
While I utilize that editorial director title to introduce myself before every episode of Security Breach, it’s not the title that I’ve used the longest, think about the most, or with which I would hope to obtain the most acclaim. Rather, the job descriptor that meets all those requirements is the title of ... Dad.
And perhaps the phr...
We’ve all heard the euphemism about knowledge being power. But perhaps the more accurate assessment comes from my favorite childhood cartoon. Yes, I’ve referenced it before, but when GI Joe signed off each episode by letting us know that “Knowing is Half the Battle”, Duke and his crew were echoing the same sentiment as our guest for today’s episode.
Evan Dornbush is the CEO of Desired Effect. A former DoD-trained sta...
Perhaps you’re familiar with the quote, “The greatest trick the Devil ever pulled was convincing the world he didn’t exist.” While its use in the movie The Usual Suspects might resonate with most, the original attribution goes to French poet Charles Baudelaire.
The quote came to mind in preparing for my conversation with Tim Chase, Principal Technical Evangelist for Orca Security. I knew we were going to be discussin...
While I’ll resist drawing comparisons about industrial cybersecurity to butterflies and bees, producing this episode did remind me of another great Muhammad Ali quote: "The hands can't hit what the eyes can't see.”
This could provide an easy segue into the ongoing challenges about asset visibility, but really, it goes a bit deeper than that. In addition to being able to see all the things we need to de...
Uptime.
It’s the lifeblood of manufacturing and the precise target of industrial sector hackers. By knocking systems offline, stealing credentials, holding data for ransom, or crippling supply chains, the bad guys know their ultimate goals of disruption or extortion will be realized.
And as we’ve discussed numerous times here on Security Breach, keeping these bad actors out has become more and more difficult as new t...
While there are plenty to pick from, one of the biggest challenges for cybersecurity professionals in the industrial realm can be getting financial support. In manufacturing there are always a number of viable spending options, and working to make cybersecurity a priority can be tough, especially when enterprises are faced with initiatives seen as more fundamental to the core mission of getting finished product out ...
When talking to the experts and leading authorities that have participated in the 140+ episodes of Security Breach, there’s always a slight pause when directing their attention specifically to the industrial sector. That’s because, well, we’re special.
There’s the unique juxtaposition of old and bleeding edge technology.
There’s the influx of greater connectivity combatting the struggles to identify and secure the g...
I know that we’re constantly talking about artificial intelligence - the best ways to use it, the ways hackers are using it, and the overall good, bad and ugly of implementing AI into your security infrastructure.
But what if we took a little different route.
In this episode we're going to explore how AI can help make your people better at managing cybersecurity. We know there’s a huge talent pool shortage, and t...
Discussing the ever-expanding threat landscape is something we do a lot on Security Breach, but this episode is dedicated exclusively to topics like zero-day vulnerabilities, nation-state threats, phishing schemes, ransomware, and of course, the role artificial intelligence continues to play in making the good guys smarter and the bad guys tougher to pin down.
But we’re not doing to dwell on the doom and gloom, we’ll...
As loyal listeners of this podcast know, I’m a big believer in paying close attention to the little things, the blocking and tackling, the basics, the fundamentals. All those elementary elements that comprise the building blocks of stronger cybersecurity plans and successful defensive strategies.
Spoiler alert – that comes through again … and again in this episode, but what makes it worth your time is how my guest, ...
As all of you know, there are no silver bullets when it comes to cybersecurity success in the industrial sector. Every enterprise has its own unique characteristics, each plant floor its different connectivity elements, and each business is comprised of diverse human dynamics that fuel its culture.
However, regardless of the environment, there continues to be a handful of best practices that can be universally appli...
We’ve heard it before – hacker tactics are not changing, but the hackers are getting a lot smarter in how they deploy their time-tested attacks.
Additionally, honing in on the human element of cybersecurity is nothing new. We’ve spoken with numerous guests about getting buy-in, improving training, and how creating a cyber-receptive culture is key in getting any cybersecurity plan to stick.
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!
Buck Sexton breaks down the latest headlines with a fresh and honest perspective! He speaks truth to power, and cuts through the liberal nonsense coming from the mainstream media. Interact with Buck by emailing him at teambuck@iheartmedia.com
The latest news in 4 minutes updated every hour, every day.