Ping - A Firewalls.com Podcast Firewalls.com

Multifactor authentication (MFA) is fast becoming a requirement for a secure business network. Not only that, it's becoming a requirement for a business to qualify for the added protection of cyber insurance. WatchGuard Technologies Director of Authentication Alexandre Cagnoni takes us through why multi-factor authentication is so important in the current cyber threat landscape for businesses of all sizes. He also explains why cyber insurers consider it vital. And then, he shares how WatchGuard AuthPoint makes implementing MFA simple for the organization and its employees. Hint: There's an app for that.

Read a recent article on the subject by Alexandre here: https://www.securityinfowatch.com/cybersecurity/information-security/breach-detection/article/21229613/how-hackers-bypass-mfa-and-ways-to-stop-them.

And find WatchGuard AuthPoint here: https://www.firewalls.com/brands/watchguard/cloud-security/watchguard-authpoint.html.

In headlines, we discuss a Robinhood data theft, a discovery of breaches across key sectors, and an international ransomware bust.

See the stories:

Robinhood security breach compromised data of 7 million users
https://www.engadget.com/robinhood-users-compromised-security-breach-063802932.html 

Hackers have breached organizations in defense and other sensitive sectors, security firm says
https://www.cnn.com/2021/11/07/politics/hackers-defense-contractors-energy-health-care-nsa/index.html

Ransomware crackdown spreads in U.S., Europe and Asia
https://www.nbcnews.com/tech/security/ransomware-crackdown-spreads-us-europe-asia-rcna4829

Get info on all things network security through our blog, https://firewalls.com/blog.
And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.
Thanks for listening!

Cybersecurity Awareness Month turns 18 this October 2021. And just like other 18-year olds, it's graduated from dealing with fairly straight-forward problems to facing complex issues. But National Cyber Security Alliance (NCSA) Interim Executive Director Lisa Plaggemier tells us, that there are a few simple steps individuals and businesses can take to Be Cyber Smart (that's also #becybersmart). Her top two: strong passwords and MFA (multifactor authentication).

Lisa also discusses the origins of Cybersecurity Awareness Month, the evolution of the threat landscape, how awareness has improved, challenges in cyber careers, and much more. Find resources about the month, and general cyber awareness tips at www.staysafeonline.org.

In the news, we cover a cyber awareness survey of EU businesses, and two ransomware attacks, one on TV and another on candy. Is nothing sacred?

See the headlines:

Deloitte surveys: businesses have a false sense of cybersecurity caused by positive self-evaluation of their capabilities and the lack of basic defense efforts
https://business-review.eu/tech/online/deloitte-surveys-businesses-have-a-false-sense-of-cybersecurity-caused-by-positive-self-evaluation-of-their-capabilities-and-the-lack-of-basic-defense-efforts-224450 
Hacking tool linked with Russian crime ring used in Sinclair ransomware attack, analysts say
https://www.cnn.com/2021/10/20/media/sinclair-broadcast-evil-corp-ransomware/index.html
Sticky business: Ransomware hits U.S. candymaker ahead of Halloween
https://www.nbcnews.com/tech/security/ransomware-hits-us-candymaker-ahead-halloween-rcna3391
Get info on all things network security through our blog, https://firewalls.com/blog.
And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.
Thanks for listening!

Ransomware infections have been rampant in recent months. But typically, we hear more about the aftermath then what leads to a successful attack. In this episode we get the other angle. Sophos VP of Managed Threat Operations Mat Gangwer shares the multi-week story of an attack, from unpatched vulnerability to execution. The responsible ransomware cell? A new name on the scene called Atom Silo. Hear how they got in, what they did when they were there, and what steps to take to avoid a similar fate.

Here's the full story of this attack: https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/

In the news, we cover a couple of very high profile cyber incidents - the Facebook/Instagram/Whats App outage and the Twitch breach. Plus we discuss burnout among cybersecurity pros.

See the headlines:

Facebook apologizes for second outage in a week, services back up
https://www.reuters.com/technology/instagram-feeds-not-loading-some-users-2021-10-08/
10 Biggest Revelations from the Unprecedented Twitch Leak
https://www.inverse.com/gaming/twitch-leak-hack-data-breach-streamer-payout-earnings
Your cybersecurity team will face burnout, and you need to help
https://venturebeat.com/2021/10/09/your-cybersecurity-team-will-face-burnout-and-you-need-to-help/
Get info on all things network security through our blog, https://firewalls.com/blog.
And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.
Thanks for listening!

Zero-trust is the hot term in network security in 2021.  But one reason it's so highly sought out is that many don't know exactly what it means. We called on Fortinet Senior Director of Product Marketing Peter Newton to shed some light on the subject. Peter discusses what makes a zero-trust network philosophy, what steps a company should take to plan for the shift, and what tools can make it easier. Plus, we talk about how the right zero-trust setup makes remote work both easier and more secure simultaneously.

Read Peter's blog article on the subject: https://www.fortinet.com/blog/industry-trends/how-to-implement-a-zero-trust-security-strategy 

In the news, we cover some REvil drama, a new finger pointing at Russia, and states' troubles filling cybersecurity jobs.

See the headlines:

REvil Affiliates Confirm : Leadership Were Cheating Dirtbags
https://threatpost.com/revil-affiliates-leadership-cheated-ransom-payments/174972/ 

EU 'denounces' Russian malicious cyber activity aimed at member states 
https://thehill.com/policy/cybersecurity/573867-eu-denounces-russian-malicious-cyber-activity-aimed-at-member-states 

States at disadvantage in race to recruit cybersecurity pros
https://apnews.com/article/business-technology-internships-0d7fc0ee18295585292b2e13b62e88f3

Get info on all things network security through our blog, https://firewalls.com/blog.
And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.
Thanks for listening!

Many if not most workers began working from home in March of 2020, and while the numbers have shifted since, a significant portion are still doing at least some remote work. But according to a survey, neither the remote workers or their company IT staff are too happy about the cybersecurity of it all.

For our featured topic this episode, we dive into the HP Wolf Rebellions & Rejections Report, which outlines security frustrations and outright rebellious behavior from work from homers, some misses on the cyber training front from employers, and some perceived scapegoating of IT staff.

In the cyber news world, we discuss identity theft of condo collapse victims, a major DDoS attack in Russia, the new National Cyber Director, and an Apple IOS patch to counteract zero-click spyware.
 
Here are the stories:

Florida 'cyber grave robbers' charged with condo collapse ID theft
https://www.reuters.com/world/us/three-charged-with-stealing-identities-florida-condo-collapse-victims-2021-09-08/

Yandex Pummeled by Potent Meris DDoS Botnet
https://threatpost.com/yandex-meris-botnet/169368/

Chris Inglis scopes out cyber turf
https://fcw.com/articles/2021/09/09/inglis-cyber-director-turf.aspx

Cyber arms dealer exploits new iPhone software vulnerability, affecting most versions, say researchers
https://www.reuters.com/technology/cyber-arms-dealer-exploits-new-apple-iphone-software-vulnerability-affects-most-2021-09-13/

Get info on all things network security through our blog, https://firewalls.com/blog.
And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.
Thanks for listening!

We previewed cyber security policy under President Biden at the beginning of 2021. But a lot of big things have happened in cybersecurity since then, making now seem a pretty good time to check in on where things stand. So we brought in an expert to help: NextGov's Mariam Baksh. Mariam tells us about the latest developments from the White House relating to cyber policy, including what may really make a difference versus what actions could just be for show. She also discusses why the NIST framework is getting a revisit, the involvement of private industry in the latest policy directions, and more. 
Read more from Mariam: https://www.nextgov.com/voices/mariam-baksh/15380/. And find her on the Critical Update podcast: https://www.nextgov.com/podcasts/. 
In headlines, we follow up with more from the T-Mobile data breach, talk about Apple and its privacy compromise, and discuss another ransomware cell calling it quits.
 
 Here are the stories:
 
Updating the T-Mobile Data Breach Story
https://www.zdnet.com/article/t-mobile-ceo-apologizes-for-massive-hack-announces-cybersecurity-deal-with-mandiant/
Apple Just Traded Your Privacy for $15 Billion
https://www.inc.com/jason-aten/apple-just-traded-your-privacy-for-15-billion.html
Diabolical Ransomware Gang Calls It Quits
https://www.thedailybeast.com/ragnarok-diabolical-ransomware-gang-calls-it-quits
Get info on all things network security through our blog, https://firewalls.com/blog.
And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.
Thanks for listening!