CISO Insights: Voices in Cybersecurity

• Zero Trust for Critical Infrastructure: Securing the OT/ICS Backbone

  Delve into the essential and intricate application of Zero Trust (ZT) principles within Operational Technology (OT) and Industrial Control Systems (ICS) environments. This episode explores the unique challenges of securing critical infrastructure, where safety, reliability, and availability are primary objectives, and legacy systems, unique protocols, and often unencrypted communications present distinct complexities compared to traditional IT security models. We'll discuss how the increasing convergence of IT and OT, driven by digital transformation, is reshaping the threat landscape and exposing previously isolated systems. Learn about the tailored roadmap for implementing Zero Trust in these vital sectors, employing a systematic five-step process: defining Protect Surfaces, mapping operational flows, building a Zero Trust Architecture (ZTA), creating policies, and ongoing monitoring and maintenance. Discover how established frameworks like the ISA/IEC 62443 Zone and Conduit Model and the SANS Top 5 Critical Controls for OT/ICS integrate with and are fortified by a Zero Trust approach to enhance security and resilience in the face of evolving threats. www.securitycareers.help/securing-the-industrial-heartbeat-why-zero-trust-is-imperative-and-different-for-ot-ics  

  --------  

  35:28
• Cyber Resilience Through Bundling: The Regulatory Challenge

  Explore the emerging practice of bundling cyber insurance with security products and services, a strategy aimed at enhancing cyber resilience by incentivizing policyholders to adopt proactive security measures from the outset. This episode delves into the potential benefits, such as encouraging better cyber hygiene, aligning the long-term goals of insurers and policyholders to reduce incident frequency and impact, improving risk mitigation, providing deeper risk insights through real-time data, offering guidance on effective security controls, and making security more accessible and affordable for SMEs and SLTTs. We also examine the significant concerns and barriers preventing wider adoption. These include historical worries about insolvency, potential impairment of risk assessment and pricing, the risk of discriminatory practices in partnering with security vendors, and inherent conflicts of interest in business-to-business relationships between insurers and service providers. A major hurdle is the complex and varied regulatory landscape across different states, where differing interpretations of anti-inducement, anti-rebating, and anti-bundling laws create uncertainty and a "chilling effect" that hinders innovation and widespread implementation. Discover why navigating these concerns requires careful oversight and regulation to balance cybersecurity effectiveness with market choice   www.securitycareers.help/a-cisos-guide-leveraging-cyber-insurance-for-enhanced-resilience-across-the-enterprise www.breached.company/beyond-the-breach-how-cyber-insurance-can-drive-proactive-cybersecurity   https://cyberinsurancecalc.com    

  --------  

  17:53
• Beyond the URL: Decoding Domain Intelligence Threats in 2024

  In the ever-evolving digital landscape, security teams face the immense challenge of evaluating over a hundred million newly observed domains registered each year. This episode dives into how analytical methods are providing crucial insights into domain intelligence threats. We explore techniques like domain attribute analysis to identify patterns used by threat actors, risk scoring to quantify the likelihood of a domain being malicious, and DGA detection to uncover domains generated by automated systems used in malware and botnets. We also discuss the importance of keyword and topic analysis for identifying domains used in credential harvesting, malware delivery, and scams, and how analyzing new TLDs and likeness to high-profile events helps spot emerging threats and deceptive tactics like typosquatting. Furthermore, we touch upon analyzing webpage attributes to understand attack infrastructure and using anomaly detection to investigate spikes in domain registrations. Ultimately, building a shared knowledge base and fostering community collaboration by sharing insights and observed techniques is essential for strengthening our collective defenses against external threats and making the internet safer. This episode draws insights from an analysis comparing 106 million newly observed domains from 2024 against a large reference set of known malicious domains.   breached.company/decoding-the-digital-deluge-how-domain-intelligence-informs-cybersecurity-defenses-in-2024 https://policyquest.diy -> Coupon 15% off -> 'podcast'  

  --------  

  14:40
• US State Privacy Laws: Navigating the Expanding Consumer Rights Patchwork

  Explore the complex and rapidly evolving landscape of US state data privacy laws, drawing on insights from recent legislative developments across states like California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, and Texas, plus Washington's focused health data act. We break down the core consumer rights becoming standard nationwide – including the right to access, delete, correct, and opt out of data sales, targeted advertising, and certain profiling. Learn about the heightened focus on sensitive data, such as health information and data from children and teens, often requiring explicit opt-in consent. We discuss key differences like scope thresholds, variations in the definition of "sale", and the emergence of mandatory universal opt-out signals. Understand the differing enforcement approaches by state Attorneys General, the role of cure periods (and their sunsetting in many states), and the limited private rights of action. This episode helps untangle the intricate patchwork, highlights the practical implications for businesses implementing compliance systems, and touches on how consumer expectations and trust are shaped by these new regulations.   www.compliancehub.wiki/navigating-the-patchwork-an-in-depth-look-at-u-s-state-comprehensive-privacy-laws/ https://globalcompliancemap.com/ https://generatepolicy.com/  

  --------  

  45:55
• Beyond Encryption: Ransomware's New Game & Top Exploits of 2024

  Tune in to explore the rapidly evolving cyber threat landscape of 2024 from Huntress 2025 global Cyber Threat Report, where attackers standardized sophisticated techniques across businesses of all sizes. We dissect the significant shifts in ransomware strategies, including the fragmentation of major groups following takedowns like LockBit, Dharma, Hive, and Phobos. Discover how agile affiliate networks like RansomHub and INC/Lynx emerged, offering high payouts and dominating the landscape. Learn about the pivot from traditional encryption to data theft and extortion as a cost-saving tactic due to improved defenses. We'll also break down the most impactful vulnerabilities exploited, including the critical ConnectWise ScreenConnect flaws (CVE-2024-1709 & CVE-2024-1708) that spurred a major campaign, the zero-day CrushFTP vulnerability (CVE-2024-4040), and the continued exploitation of the older ProxyShell Exchange vulnerability (CVE-2021-31207). Finally, we'll cover the pervasive use of abused tools like RATs, RMM software, malicious scripts, LOLBins, and sophisticated phishing techniques that defined attacker methodologies throughout the year. This episode provides crucial insights for defenders navigating this complex and challenging environment breached.company/navigating-the-new-frontier-key-cyber-threats-exploits-and-tools-of-2024

  --------  

  18:22

Más podcasts de Tecnología

Podcasts a la moda de Tecnología

Acerca de CISO Insights: Voices in Cybersecurity