Cyber Threat Fatigue: A To The Point Cybersecurity Podcast Recap
For security practitioners feeling overwhelmed by the growing threat landscape, these episodes offer a shortcut to prioritizing some of the most urgent threats faced by organizations today. If you’re a cyber expert, or wish you were, we invite you to listen to these specific episodes covering detection, mitigation, and reaction, or better yet, to subscribe to our podcast.
To The Point Cybersecurity podcast has featured a variety of experts, who have shared their thoughts on some of the most urgent threats agencies are facing, such as ransomware, wiper malware and supply chain breaches.
A Conversation with Chris Krebs – Ep. 162
Here’s a quick overview of some of our most popular episodes since late Q4 last year:
First, Chris Krebs, founding partner of Krebs Stamos Group and the first Director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), joined us to discuss ransomware. While this threat is hardly new, having been around for at least a decade, Krebs dubbed this “the year of ransomware” from a public visibility perspective. The potential for ransomware attacks on critical infrastructure, from natural gas pipelines to defense bases, is real and growing. Because criminals have figured out how to monetize the vulnerabilities of cyber infrastructure, Krebs explained, we need to shift national security, law enforcement, and cyber command efforts to stopping them.
Next, Dr. Richard Ford, Chief Technology Officer at Praetorian, joined the podcast to discuss Log4Shell, which he described as the worst zero-day event of his career. Log4Shell, a vulnerability in a popular Java logging library, was yet another detrimental cyberattack—one that enterprises will be dealing with for the foreseeable future. Because the vulnerability lies so deep within people’s clouds, bad actors could have already gained access without them knowing. In addition to breaking down the impact of the attack, Dr. Ford explained how static analysis of code and moving to open-source can help prevent the next zero-day vulnerability. Having systems in place, such as good asset inventory, can also make it so organizations are able to more rapidly address vulnerabilities when they arise.
The aforementioned rise in ransomware has countless implications. On this episode, Dr. Josephine Wolff, Associate Professor of Cybersecurity Policy at Tufts University’s Fletcher School and author of the book “You’ll See This Message When it is Too Late: The Legal and Economic Aftermath of Cybersecurity Breaches,” outlined how the huge spike in ransomware has affected cyber insurance. Many big insurers have been forced to rethink their risk models—and some have suffered ransomware attacks themselves. She explained some of the fundamental challenges with cyber insurance and how they relate to the current threat landscape. Looking forward, Wolff described how artificial intelligence can be used to detect and respond to cyberattacks, such as more sophisticated and advanced anomaly detection.
Dr. Samantha Ravich, Chairman for the Center on Cyber and Technology Innovation at Foundation for Defense of Democracies, joined the podcast to discuss rising international tensions and how bad actors work to undermine economics and democracy. She has worked with countless renowned government leaders and offers important advice about how a cyberattack response should be prioritized and implemented—particularly when preparing for attacks against critical infrastructure and essential services. One way to prepare for the growing number of threats is to avoid strategic surprise. This involves knowing the cyber plans and capabilities of major adversaries—both with regard to technology and motives—and knowing who is on the front lines of the attack landscape.
Overall, these episodes provide a holistic picture of some of the cybersecurity industry’s most pressing challenges in conjunction with insights from leading experts. Agencies and organizations are fighting an uphill battle to cut through the noise of the threat landscape and prioritize their cyber defenses.
Speaking of international tensions, Joe Uchill, senior reporter at SC Magazine, joined to podcast to discuss cyber tactics being used in the Russia/Ukraine conflict. DDoS attacks began just before the actual invasion did, but Russian aggression against Ukraine via cyber attacks is not new. In recent history, Russia caused two major blackouts and launched NotPetya, which quickly went out of control. Uchill discussed tactics we’ve seen in the conflict so far—including the multiple rounds of wipers, the multiple rounds of DDoS attacks, the SMS spam—and how they relate to on-the-ground attacks. He also covered the impact of decentralized hacking volunteers and the Conti ransomware group.
Or better yet, subscribe today wherever you get your podcasts via the links below:
Staying on top of the ever-changing cyber threat landscape is no easy feat, but we’ll be sure to cover whatever cyber curveballs come next. We publish new episodes on Tuesday mornings each week. You can always listen to all the episodes here on Forcepoint.com.
This post was first first published on Forcepoint website by Lionel Menchaca. You can view it by clicking here