Security Breach

Eric Sorensen
  • 5,0 (1)
  • НОВОСТИ ТЕХНОЛОГИЙ
  • ЕЖЕНЕДЕЛЬНО

A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.

  1. Countering New-Age, State-Sponsored Industrial Hackers

    14 МАЯ

    Countering New-Age, State-Sponsored Industrial Hackers

    Send us Fan Mail Cybersecurity is unlike any other Industry or environment I’ve ever covered. But more than the technology, the intriguing players and the somewhat spooky elements surrounding it, is how the things we discuss on this podcast impact nearly every element of our day-to-day lives.  It’s not just how artificial intelligence is impacting email phishing schemes, but how clicking on that link could let a state-sponsored hacker steel login credentials for obtaining access to an industrial control system that is not only used by a power tool manufacturer, but by a defense contractor or water treatment facility. The interconnected nature of the industrial sector makes an appreciation for cybersecurity vital to the ongoing safety and success of manufacturing – which, again, impacts nearly every facet of every person’s daily life. That’s why I enjoy talking to people like Aaron Shraberg, Senior Team Lead at Flashpoint – a leading provider of threat landscape intelligence. The stuff Aaron talks about is frightening, which is another challenge of covering cybersecurity – balancing education with data sharing without fear mongering.  But I’d encourage you to really wach/listen as Aaron talks about the evolution of threats from China, Russia and Iran, and how cyber threats are converging with physical battlefields to fuel threats thousands of miles from where the missiles are flying.  The bottom line is – we’re all connected and we’re all impacted, so we need to be prepared - regardless of how far removed you think you are. There's also good news in terms of solutions, which can start with sharing some of this scary information.  As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    35 мин.
  2. Taking Down of a North Korean Remote Access Scam

    30 АПР.

    Taking Down of a North Korean Remote Access Scam

    Send us Fan Mail We’ve all seen or heard the reports about how hackers are using AI to elevate their attacks in obtaining funds and intellectual property from unsuspecting victims, or accessing some of their critical systems. Often, these nightmare incidents leave the names and companies out of the story to avoid any reputational fallout. However, this episode's guest takes us beyond studies and second-hand accounts of AI’s potential in the hands of hackers. I’m not going to say too much, but I do hope that after watching or listening to Ryan LaSalle’s up close and personal encounter with a North Korean scammer, you’ll appreciate the need to take all that threat intelligence regarding AI and foreign blackhat operations very seriously. Watch/listen as Ryan LaSalle, CEO of the human risk management company Nisos, describes how his company identified and disrupted this AI-fueled scam, the wide-reaching impacts such intrusions are having on key industries - especially manufacturing, and how to insulate your company from falling victim to such scams. You can also read a full report on the investigation here. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    37 мин.
  3. Multiple Paths to Zero Trust - Channeling D&D, LOTR and It's Always Sunny in Philadelphia

    16 АПР.

    Multiple Paths to Zero Trust - Channeling D&D, LOTR and It's Always Sunny in Philadelphia

    Send us Fan Mail One of my least favorite tasks of Basic Training was weapons maintenance. I didn’t really mind cleaning my M-16A2 rifle, but sometimes it just felt pointless. We’d spend hours stripping, cleaning, reassembling, inspecting and, ultimately, being told it still wasn’t clean enough by the drill sergeant or armor. It took me a while, but eventually, I realized that the benefits of this process went beyond just a clean weapon. Although there are obvious lessons there, I also got to know that rifle down to its firing pin retaining pin. So, if it misfired during field training exercises, I knew exactly how to correct the issue in the moment and perform more extensive actions in an expediate manner when time allowed. I wasn’t just cleaning a rifle, I was gaining insight into all aspects of an essential battlefield tool. I think there are some parallels to my training experience and your approaches to implementing Zero Trust frameworks. While the upfront benefits are pretty straightforward, my guest for this episode lays out a number of other gains that organizations realize while implementing Zero Trust.  Watch/listen as Kam Chumley-Soltani, Managing Director, OT Security at Armis, discusses: How Zero Trust initiatives can lead to greater cyber hygiene by demanding greater scrutiny of visibility, vulnerability management and threat detection capabilities.Managing the need to patch versus the realities of operational downtime.Defining and establishing priorities around your crown jewels.How Dungeons & Dragons can help improve tabletop training exercises.Why new Department of War regulations are having a far-reaching impact on Zero Trust.Avoiding common segmentation mistakes.Why the foundation for successful AI implementation is still being built.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    44 мин.
  4. The Bad Guy's Different Set of Rules

    3 АПР.

    The Bad Guy's Different Set of Rules

    Send us Fan Mail Not to continue to beat our collective heads into the same wall, but by now everyone knows that manufacturing leads the way in targeted cyberattacks, as well as year-over-year increases in areas like ransomware attacks, DDoS shutdowns and data breaches.  Yet, the industry continues to demonstrate some troubling behaviors in the face of these realities.  Kiteworks recently found that only 36% of organizations have visibility into where their data is utilized by external partners. So, think supply chains, distributor fulfillment agreements and technology contractors that have access to your data, but may not be applying the appropriate security strategies.  This means you could be the victim of an attack, but remain in the dark about its origins, enabling the intrusion to happen again and again. Fortunately, we do have some good guys working to correct these vulnerabilities, and we’ll talk with one in this episode. Watch/listen as Tim Freestone, the Chief Strategy Officer at the aforementioned Kiteworks, discusses: How attackers are leveraging new technology more quickly than the white hats, and why AI might be the tool that evens the playing field.Why response plans need to focus more on "the big rocks than the little ones."The difference between input from "champions" versus "complainers."How CMMC could have an impact beyond just the defense supply chain.The continued use of IT and OT silos that might might make sense from a business perspective, but demand a paradigm shift when dealing with cybersecurity.Why regulations might be the most important agents of change.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    29 мин.
  5. Finding the Soul of a Pirate

    19 МАР.

    Finding the Soul of a Pirate

    Send us Fan Mail We all know that cybersecurity, and industrial cybersecurity in particular, is facing a huge talent deficit.  Finding an individual who not only understands the technical elements of cybersecurity, but also appreciates the dynamics of keeping a manufacturing operation up and running is extremely difficult, as they need to balance security with uptime, defense with productivity, and investment with implementation timelines.  Our guest for today’s episode can empathize. Watch/listen as Yaniv Kapluto, the Chief Revenue Officer at Nukudo, offers insight on the unique ways his company trains cybersecurity talent, including: Why he looks for individuals who work with the precision of a Navy SEAL and the soul of a pirate.The challenges of placing someone who sees how to break things amongst organizations charged with creating new products every day.The value in viewing tests or challenges as games or puzzles.The importance of developing and contributing to a culture focused on cybersecurity.Making training fun in order to keep people engaged.The unique impacts of artificial intelligence on cybersecurity.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    38 мин.
  6. Analyzing, Responding to the Inevitable Uptick in Iranian Cyberattacks

    5 МАР.

    Analyzing, Responding to the Inevitable Uptick in Iranian Cyberattacks

    Send us Fan Mail Although discussing the military activities currently taking place in Iran runs the risk or bringing up polarizing political views, the cybersecurity realities simply can’t be ignored. And they absolutely have to be discussed.  One of these realities is that Iran has a legacy of supporting organizations involved with cyberattacks on networks, infrastructure and companies in Israel and the United States. Companies that utilize industrial control systems. Companies like yours.  In light of current events, there is absolutely no question that these groups will escalate their efforts. Although the bombs are falling thousands of miles beyond U.S. borders, know that U.S. manufacturing is a primary target.  Historically, many of the groups carrying out these types of cyberattacks were hacktivists or outliers, operating independent of any government or country. They followed their own agenda in realizing personal or political goals.  However, as highlighted by the war in Ukraine, these groups have begun to pick sides. They’re embracing financial support from nation states and successfully executing attacks meant to shut down, steal data, extort money and/or disrupt critical production or infrastructure operations – regardless of size, sector or location.  Thankfully, there are also guys like our guest for today’s episode. JP Castellanos is the Director of Threat Intelligence at Binary Defense. Watch/listen as he discusses: The evolving hacktivist community and what recent events could mean for industrial cybersecurity.How manufacturers can prepare and respond to an inevitable uptick in attacks.How IT/OT silos perpetuate these attacks and make manufacturing a more lucrative and appealing target.The motives and operational strategies of state-sponsored Iranian hacker groups.The soft spots in your defenses that these groups take advantage of in targeting the industrial sector.The simple solutions that can have far-reaching and extremely positive impacts on your defenses.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    37 мин.
  7. Hybrid Warfare is Upon You

    18 ФЕВР.

    Hybrid Warfare is Upon You

    Send us Fan Mail Last December the Cybersecurity and Infrastructure Security Agency, or CISA, issued an advisory warning manufacturers, operators of critical infrastructure, and really anybody associated with industrial control systems about the threats being presented by pro-Russian hacktivist groups. The advisory, issued in conjunction with numerous federal and international agencies, called out groups like the Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057 and Sector16 for taking advantage of insecure connection points and other vulnerabilities that allowed these state-sponsored actors to infiltrate, shut down, and ransom their targets in the United States. Historically, many manufacturers would find it hard to believe that their mid-size business in the heartland of America would be on the radar of foreign terrorist groups, but as our guest for today’s episode explains, that is exactly the case. Will Dixon is a senior executive of Government & Law Enforcement at Intel 471 – a leading authority on the OT threat landscape. Watch/listen as he explains: How these group’s initial plans to disrupt water treatment and other critical infrastructure has evolved into the strategic targeting of the U.S. manufacturing sector.Why hacktivist no longer applies to these "strategically aligned state groups."Why AI will not be as impactful for either side as many think.How these groups are part of Russia's bigger plans against the West.The important role vendors and suppliers can play in establishing cyber defenses.The ongoing challenges of breaking down IT-OT silos, and how hackers are using this dynamic against you.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    32 мин.
  8. Security Breach: Strengthening Your Weakest Links

    5 ФЕВР.

    Security Breach: Strengthening Your Weakest Links

    Send us Fan Mail When we talk about the challenges presented to those trying to secure the operational landscape of manufacturing, it’s tough to avoid what I’d call the usual suspects - endpoints, connection points, credentials, vulnerabilities, silos and, of course, the impact of artificial intelligence. And just as there are benefits to discussing these individual aspects, it’s equally important to look at things from a bigger picture in tying them all together. This not only helps us strengthen the chain, but appreciate the significance of reinforcing each of those links. Perhaps no one has helped tie all of these different players together better than our guest for this episode. Vinod D’Souza leads the manufacturing and industry vertical for Google Cloud’s Office of the CISO. Watch/listen as we discuss: Emerging vulnerabilities and response plans.Segmentation challenges in the era of constant technological expansion.New-age approaches to patching.The connected fibers of artificial intelligence and the human factors of cybersecurity.Addressing IT and OT silos.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    33 мин.
См. все (157)

Оценки и отзывы

Об этом подкасте

A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.

Информация

  • Автор
    Eric Sorensen
  • Годы выхода
    2022 - 2026
  • Выпуски
    157
  • Ограничения
    Без ненормативной лексики
  • Авторские права
    © 2026 Security Breach
  • Сайт подкаста
    Security Breach