Cybersecurity Advisors Network Nick Kelly

Welcome Wim Hafkamp, Managing Director of Z-CERT, the Dutch healthcare CERT, and Quartermaster / Chairman of the European Health ISAC.  Wim brings many years of information security leadership experience in the financial sector to his current organisation's role of supporting the cybersecurity resilience of the Dutch medical and healthcare community.  
In the latest in our Secure in Mind series, we discuss the issues currently facing health institutions and providers in defending against cyberattacks, complying with regulations, and working together across borders and with public sector partners.
A few of the concepts mentioned in the video:
EU Cybersecurity Act: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act
EU Cybersecurity Certification Framework: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-certification-framework
NIS2 Directive:  https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2021)689333
Attacks on Irish Health Service Executive attacks: https://en.wikipedia.org/wiki/Health_Service_Executive_ransomware_attack
Ransomware attacks on hospitals in Victoria (Australia): https://www.abc.net.au/news/2019-10-01/victorian-health-services-targeted-by-ransomware-attack/11562988
(Actually I was referring to an earlier campaign but this one's more recent and equally relevant)
André Mignot attack (2022):  https://www.france24.com/en/france/20221205-french-hospital-suspends-operations-after-cyber-attacks
Brussels ransomware case:  https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre
2023 Barcelona hospital ransomware case: https://www.bleepingcomputer.com/news/security/hospital-cl-nic-de-barcelona-severely-impacted-by-ransomware-attack/
Z-CERT's homepage:  https://www.z-cert.nl/
EU Health ISAC (via the Empowering EU ISACs initiative):  https://www.isacs.eu/european-isacs
Find Wim on LinkedIn at https://www.linkedin.com/in/wimhafkamp/
Visit us at https://cybersecurityadvisors.network

Welcome Eward Driehuis, chairman of the board of CSIRT.global.  Eward has a long and diverse history in the information security sector, and currently supports the mission of CSIRT.global, a not for profit vulnerability and incident management collective based in the Netherlands.
Today, we talk about a wide range of topics, including
- various types of malware
- the evolution of visibility into different types of threat actors
- different "use cases" of malware, and different perspectives of public vs. private sector defenders
- objectives, tactics, techniques, and procedures (TTPs) of purely commercial criminal gangs vs. those of spies
- supporting cybersecurity preparedness and resilience in small to medium size enterprises (SMEs)
- Internet structural vulnerabilities
- how not to annoy customers when selling information security products and solutions
- the impact of cybercrime and disinformation on societal stability, and how different generations deal with this
Some links to topics mentioned in the video:
GameOver Zeus malware: https://www.cisa.gov/news-events/alerts/2014/06/02/gameover-zeus-p2p-malware
Dyre banking trojan:  https://www.secureworks.com/research/dyre-banking-trojan
Dridex malware: https://www.cisa.gov/news-events/cybersecurity-advisories/aa19-339a
Kaseya vulnerability (CVE-2021-30116):  https://www.cvedetails.com/cve/CVE-2021-30116/
REvil ransomware attack:  https://blog.qualys.com/product-tech/2021/07/08/kaseya-revil-ransomware-attack-cve-2021-30116-automatically-discover-and-prioritize-using-qualys-vmdr
The Dutch Institute for Vulnerability Disclosure:  https://www.divd.nl/
CSIRT.global homepage:  https://csirt.global/
Eward's LinkedIn profile:  https://www.linkedin.com/in/ewarddriehuis/
Visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

CyAN welcomes Inti de Ceukelaire, ethical cybervulnerability researcher, and Chief Hacker Officer at Intigriti, a Belgium-based bug bounty platform.
We talk about a wide range of topics relevant to legal protections of responsible vulnerability researchers and disclosure, using the recently implemented Belgian safe harbor law as a basis for discussion.  Industry and society depend on timely awareness of software vulnerabilities from reliable,. ethical sources such as white hat hackers.  Meanwhile, obsolete computer misuse laws in many countries make 
A few relevant links to topics mentioned in the video:
OECD recommendations for coordinated vulnerability disclosure:  
https://one.oecd.org/document/DSTI/CDEP/SDE(2021)9/FINAL/en/pdf
https://www.oecd.org/digital/encouraging-vulnerability-treatment-0e2615ba-en.htm
OECD paper on vulnerability treatment:
https://one.oecd.org/document/DSTI/CDEP/SDE(2020)3/FINAL/en/pdf
Good Faith Cybersecurity Researchers Coalition:
https://gfcrc.org
Vulnerability reporting to the Centre for Cyber Security Belgium (CCB):
https://ccb.belgium.be/en/vulnerability-reporting-ccb
Intigriti blog on Belgian safe harbor framework:
https://blog.intigriti.com/2023/01/19/new-belgian-legal-framework-gives-safe-harbor-to-ethical-hackers-and-bug-bounty-hunters/
Marcus Hutchins:  
ttps://en.wikipedia.org/wiki/Marcus_Hutchins
St. Louis Post-Dispatch web "hacking" case:  
https://www.washingtonpost.com/media/2021/10/14/mike-parson-st-louis-post-dispatch-hacker/
Gold Standard Safe Harbour Initiative: 
https://www.hackerone.com/press-release/hackerone-announces-gold-standard-safe-harbor-improve-protections-good-faith-security
Bonus old school cultural phenomenon mentions:
Doom II:  https://en.wikipedia.org/wiki/Doom_II
The Cuckoo's Egg, by Cliff Stoll:  https://www.goodreads.com/book/show/18154.The_Cuckoo_s_Egg
Inti's LinkedIn profile:  https://www.linkedin.com/in/intidc/
Intigriti:  https://www.intigriti.com/
Visit us at https://cybersecurityadvisors.network and https://gfcrc.org
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
 
 

Łukasz Gawron and John Salomon talk about the current state of the Polish cybersecurity industry.  Łukasz works with #CyberMadeInPoland, an industry cluster dedicated to advancing the interests and maturity of the Polish information security sector - with activities ranging from talent development and support for startups, to fostering public-private and intra-industry cooperation.
In this video, we talk about the development of Polish cybersecurity innovation - how are startups addressing the international market?  What is the role of government, domestic industry, and large international offshoring presence in Poland in helping to expand the startup world, and how is the country encouraging and developing new cybersecurity talent entering the market?  
For these and many other topics, join us in this interesting overview of a large, growing, and incredibly vibrant player in the European information security economy.
A few of the links we mention:
#CyberMadeInPoland:  https://cybermadeinpoland.pl/
Kosciuszko Institute - a nonprofit think tank and research institute:  https://ik.org.pl
Cybersec Forum and Expo 2023:  https://cybersecforum.eu/
You can find Łukasz on LinkedIn at https://www.linkedin.com/in/%C5%82ukasz-gawron-92a636201/
Please visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

John Salomon talks to Jonathan Srugo, cybersecurity consultant, founder of Nebotain Smart Digital Defense, and former CISO of an Asian online gaming company.
Internet gambling is a significant part of the online economy, and is legal (if often heavily regulated) in much of the world.  Unfortunately, whether due to moral considerations or disagreements about legality, several cybersecurity actors, including vendors and government agencies, refuse to support gaming operators threatened by malicious actors.  
This, combined with the lucrative nature of the industry and its high degree of dependence on availability and brand integrity, often leaves companies much more vulnerable than more mainstream, traditional firms to cybercrime and attacks.
In this video, we talk about an area of the cybersecurity sector that is not on the radar of many professionals working in more "traditional" industries.  Jonathan shares his observations on the types of attacks, actors, and motivations that affect gaming operators, thoughts about working with vendors, law enforcement, and CSIRTs, and the views of management towards the value of information security capability.  Most importantly, we discuss why failing to support any victims of cybercrime hurts everybody, whether you agree with their business model or not.  
An overview of legality of online gambling:  https://slotegrator.pro/analytical_articles/where-online-gambling-is-legal.html
Typical statistics about DDoS attacks on online gambling sites:  https://www.gamblinginsider.com/news/17722/research-shows-25-of-all-gambling-sites-were-hit-by-june-ddos-attacks
Find Jonathan on LinkedIn at https://www.linkedin.com/in/jonathan-srugo/ and check out Nebotain Smart Digital Defense here: https://www.nebotain.com/
Visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Join James Briscoe, CyAN Secretary General, as he moderates a panel of experts discussing the concept of zero trust.  
What are the requirements for designing and implementing true zero trust models, frameworks, and strategies?  What a premises and assumptions should a zero trust architecture be based on, what use cases are relevant, and how can its security value be proven, if at all?   
What pitfalls should you be aware of, and how can you differentiate between vendorspeak and genuine security advantages from implementing a zero trust environment?  Is absolute zero trust even practical and realistic?
For the answers to these and many other questions, check out this informative video, the latest in our series of information security conversations on the CyAN YouTube channel:  https://youtube.com/@cybersecadvisors
Our guests today:
Michael McDonald is CTO, CDO, and a co-founder at Flatworld Integration (https://www.flatworld.world/), as well as a CyAN member
Thierry Leblond is co-founder and CEO at PARSEC (https://parsec.cloud/)
Boris Taratine is a CyAN member and comms advisor
Lee Roebig is Customer CISO at Sekuro (https://sekuro.io)
Visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/