Cyber Sip Barclay Damon LLP

Kevin and guest Ziming Zhao, assistant professor in the Department of Computer Science and Engineering at the University at Buffalo, discuss Ziming’s work in systems and software security. They focus on ethical hacking and its goal of responsibly disclosing vulnerabilities to vendors. Ziming says that hacking can be fun and doing it ethically serves a purpose, though he emphasizes that ethical hacking is not a guarantee of absolute security. Companies still need to have a security in design mindset. Ethical hackers can help raise the security bar for companies and organizations. Ziming also discusses the relationship between academia and industry in the field of ethical hacking. 

In this episode, host Kevin Szczepanski and his guest, Bill
Haber of TEKRiSQ, discuss tips to prevent phishing attacks, which, they remind listeners, are “fraudulent attempts to obtain personal information through electronic messages.” Kevin and Bill highlight the prevalence and success of
phishing attacks, emphasizing the need for vigilance from both individuals and organizations. Covering examples and types of phishing attacks—spear phishing, smishing,
man-in-the-middle attacks—they offer takeaways including slowing down, being cautious of urgency, verifying suspicious emails, conducting trainings, and
implementing tools like VPN and DNS filtering. These practices can both enhance cybersecurity and improve the chances of obtaining cyber liability insurance.

Kevin Szczepanski and Arun Vishwanath, chief technologist of Avant Research Group, discuss the urgent need for cyber-hygiene education for children, including about security and privacy. They highlight frequent cyberattacks targeting schools and other education systems, which often have outdated technology and may lack sophisticated IT security skills and resources. The conversation also touches on the role of the private sector in providing cyber-literacy education. Kevin and Arun embrace reforming credit monitoring for children and expanding its scope to include reputation management, and they agree about the importance of protecting the next generation from cyber threats and the need for systemic changes.

 

Kevin Szczepanski and Kyle Cavalieri, president of Avalon Cyber, discuss the increasing risks of funds transfer fraud, covering topics such as understanding this type of fraud, how it works (including fake invoicing and “vishing” attacks), red flags, and how to respond. Red flags can include unexpected calls or emails, and it’s important to be prepared for when these contacts occur. Kevin and Kyle emphasize the growing threat of such attacks, which can result in significant financial losses. They discuss the importance of immediate action, including updating credentials, notifying the bank, involving an attorney, and reporting the incident to law enforcement. Listen in to learn more.

More than ever, cybersecurity risk assessments are
essential for businesses of all sizes to understand and mitigate their risks. Done
appropriately, assessments can provide help with remediation and a plan for
moving forward and can even assist with pursuing insurance coverage. This
episode, which features Bill Haber, co-founder of the cybersecurity company TEKRiSQ,
emphasizes the need for actionable steps and justifying recommendations based
on an organization's specific risks and compliance obligations. Even if your
organization is not subject to specific regulations, conducting a risk
assessment is crucial for protecting data, limiting liability, and maintaining
cyber insurance coverage. Listen in to learn more.

From Barclay Damon’s new podcast studio, Kevin welcomes back University at Buffalo Professor Siwei Lyu. To start this fast-moving conversation, Siwei notes that what sets generative AI apart from analytical AI is that generative AI focuses on creating content rather than just answering questions or sorting through data, and he sheds
light on what seemed to be the technology’s “sudden appearance.” Siwei and Kevin also discuss the introduction of ChatGPT, current and future applications of generative AI, and concerns about generative AI’s misuse. Throughout the talk, Siwei emphasizes the importance of responsible use and the need for safeguards.