WEBVTT 1 00:00:00.080 --> 00:00:02.680 Ever scrolled past a web form and thought, could that 2 00:00:02.759 --> 00:00:05.879 be someone's way? In today's deep dive is gonna make 3 00:00:05.919 --> 00:00:10.199 you think twice. Oh yeah, we're cracking open Pascal Ackerman's 4 00:00:10.320 --> 00:00:14.519 modern cybersecurity practices, and trust me, he does not sugarcoat 5 00:00:14.599 --> 00:00:15.080 the threats. 6 00:00:15.279 --> 00:00:20.000 Definitely not. Ackerman uses this fictional company Company X to 7 00:00:20.039 --> 00:00:24.039 show how one seemingly small slip up can like snowball 8 00:00:24.079 --> 00:00:28.679 into a full blown security nightmare. It's unsettling how relatable 9 00:00:28.679 --> 00:00:28.920 it is. 10 00:00:29.199 --> 00:00:31.640 Let's set the scene. Then, what's Company X all about 11 00:00:31.679 --> 00:00:32.920 and what's their vulnerability? 12 00:00:33.039 --> 00:00:35.960 Okay, so picture this. They make those gadgets everyone wants 13 00:00:36.039 --> 00:00:40.560 right hardware standard, but their software that's their secret sauce, 14 00:00:40.600 --> 00:00:43.759 in house dev team all that, and like many companies today, 15 00:00:43.759 --> 00:00:46.679 they've gone all in on the cloud, using Azure, email, 16 00:00:46.880 --> 00:00:49.600 data storage, even testing new software. It's all up there. 17 00:00:49.719 --> 00:00:52.719 Sounds like a ton of companies. Honestly, cloud's everywhere. 18 00:00:52.320 --> 00:00:54.799 Now exactly, and that's what makes their mistakes so common 19 00:00:54.840 --> 00:00:58.520 and so dangerous. In their cloud test environment, they decided 20 00:00:58.560 --> 00:01:03.079 to turn off some default secure for easier debugging, specifically 21 00:01:03.359 --> 00:01:04.959 input validation on a web form. 22 00:01:05.159 --> 00:01:07.959 Okay, hold up, input validation is one of those terms 23 00:01:08.000 --> 00:01:10.680 that sounds way more technical than it is. Break it 24 00:01:10.719 --> 00:01:11.280 down for us. 25 00:01:11.359 --> 00:01:14.359 Okay, So imagine a bouncer at a club, right, Input 26 00:01:14.400 --> 00:01:17.200 validation is the bouncer for your website, and make sure 27 00:01:17.239 --> 00:01:20.079 the data coming in, names, orders, whatever is actually what 28 00:01:20.120 --> 00:01:23.480 you expect. Keeps out the riff raff so to speak, 29 00:01:23.680 --> 00:01:25.959 like malicious code trying to sneak in. 30 00:01:26.239 --> 00:01:30.239 So no bouncer anyone can waltz in, even if they're 31 00:01:30.280 --> 00:01:31.200 there to cause trouble. 32 00:01:31.280 --> 00:01:35.040 You got it. Company X essentially left the door wide open, 33 00:01:35.400 --> 00:01:39.799 assuming their test environment was like harmless. But as Ackerman 34 00:01:39.879 --> 00:01:43.280 shows in cybersecurity, even a simple web form can be 35 00:01:43.319 --> 00:01:44.640 an attacker's entry point. 36 00:01:44.840 --> 00:01:46.799 And in this case, how the attacker take advantage? 37 00:01:46.799 --> 00:01:50.359 What was their move HTML injection? Remember how input validation 38 00:01:50.400 --> 00:01:53.480 is supposed to block bad code. Well, the attacker slipped 39 00:01:53.480 --> 00:01:57.000 in some HTML code disguised as normal data. The server 40 00:01:57.359 --> 00:02:00.000 none the wiser processed it like regular instructions. 41 00:02:00.480 --> 00:02:02.879 So it's like slipping a fake ID past the bouncer. 42 00:02:02.959 --> 00:02:05.000 You look legit, but you're not supposed to be there. 43 00:02:05.239 --> 00:02:08.039 Perfect analogy. And once they're past the bouncer, they have 44 00:02:08.080 --> 00:02:12.400 a foothold. This specific attack let them steal user data, 45 00:02:12.479 --> 00:02:13.319 things like cookies. 46 00:02:13.680 --> 00:02:17.280 Cookies, those little files websites used to remember your log in, 47 00:02:17.560 --> 00:02:21.840 so now someone could be why you online without your password? 48 00:02:22.039 --> 00:02:25.479 Exactly. Ackerman even includes a code snippet showing how an 49 00:02:25.560 --> 00:02:29.080 attacker could redirect someone to a malicious site, snatching their 50 00:02:29.080 --> 00:02:31.639 cookies along the way. Suddenly they're logged in as that 51 00:02:31.800 --> 00:02:33.800 user with all the access that comes with it. 52 00:02:34.039 --> 00:02:37.120 Okay, this escalated quickly. We're talking identity theft from a 53 00:02:37.159 --> 00:02:39.759 simple form. What's the attacker's endgame here? 54 00:02:39.879 --> 00:02:42.719 It gets it gets worse before it gets better. The 55 00:02:42.759 --> 00:02:46.159 attackers after the crown jewels, the source code for Company 56 00:02:46.240 --> 00:02:49.879 x's flagship product, that proprietary code that's what makes their 57 00:02:49.919 --> 00:02:50.759 widgets special. 58 00:02:51.039 --> 00:02:54.439 Stealing source code that sounds straight out of a spy movie. 59 00:02:54.800 --> 00:02:56.520 How do you even begin to do that? 60 00:02:56.680 --> 00:03:00.000 It's a multi stage attack, and Ackerman meticulously maps out 61 00:03:00.120 --> 00:03:03.439 each step. First, they leverage their webserver access to poke 62 00:03:03.479 --> 00:03:06.919 around Company x's network. Tools like en map and mitasploit 63 00:03:07.000 --> 00:03:07.719 come into play here. 64 00:03:07.759 --> 00:03:11.400 Aren't those also used by the good guys for security testing? 65 00:03:11.800 --> 00:03:15.159 Exactly? It's a constant arms race, both sides using the 66 00:03:15.159 --> 00:03:17.240 same tools, just with different motives. 67 00:03:17.319 --> 00:03:19.000 Okay, so the attackers in the network. 68 00:03:19.080 --> 00:03:21.840 Now what Now They get really clever. They turn to 69 00:03:23.000 --> 00:03:26.080 credential stuffing. Remember all those data breaches you hear about. 70 00:03:26.520 --> 00:03:29.120 They take those leak usernames and passwords and just start 71 00:03:29.159 --> 00:03:32.680 trying them out. OS are somewhat at Company X reuse 72 00:03:32.759 --> 00:03:33.759 their login info. 73 00:03:34.000 --> 00:03:36.120 It's like trying to find a needle in a haystack, 74 00:03:36.199 --> 00:03:39.039 except the haystack is full of keys that surprisingly often 75 00:03:39.080 --> 00:03:39.639 fit the lock. 76 00:03:40.039 --> 00:03:43.919 Sadly, that's exactly it. Eckermann cites research showing how common 77 00:03:43.960 --> 00:03:47.680 password reuse is. It's staggering. But they're still looking for 78 00:03:47.719 --> 00:03:48.400 that source code. 79 00:03:48.479 --> 00:03:50.240 So where do they go next? How do they find it? 80 00:03:50.479 --> 00:03:53.960 They zero in on a promising target, the company's production 81 00:03:54.120 --> 00:03:57.599 database server. To crack it, they use a tool called 82 00:03:57.719 --> 00:04:01.919 mimic cats. Imagine like digitally picking a lock, except the 83 00:04:01.960 --> 00:04:04.879 lock is the server's memory holding precious credentials. 84 00:04:05.080 --> 00:04:07.080 And they found the keys to the kingdom in there, 85 00:04:07.120 --> 00:04:07.439 didn't they? 86 00:04:07.599 --> 00:04:10.680 They did. They uncovered a user account with full database 87 00:04:10.719 --> 00:04:14.360 access logged right in, found that precious source code and 88 00:04:14.439 --> 00:04:16.800 exfiltrated it, basically stole it without a trace. 89 00:04:17.160 --> 00:04:20.360 This is more than unsettling. They just waltzed through Company 90 00:04:20.480 --> 00:04:22.720 x's security just like that. 91 00:04:22.959 --> 00:04:27.040 It's a stark reminder that even with resources, a clever 92 00:04:27.160 --> 00:04:31.879 attacker can use minor vulnerabilities to wreak havoc. Cybersecurity isn't 93 00:04:31.920 --> 00:04:33.959 a one time thing. It's a constant battle. 94 00:04:34.199 --> 00:04:37.519 So what can companies like Company X or anyone really 95 00:04:37.720 --> 00:04:40.000 doo about this? It feels like the bad guys have 96 00:04:40.040 --> 00:04:40.920 the upper hand here. 97 00:04:41.120 --> 00:04:43.920 Don't worry, we'll dig into solutions next. But the big 98 00:04:43.959 --> 00:04:48.360 takeaway here you need layers of security like a digital fortress, 99 00:04:49.079 --> 00:04:51.000 no single point of failure. 100 00:04:50.720 --> 00:04:53.360 Defense in depth, right, multiple locks on the door just 101 00:04:53.399 --> 00:04:54.759 in case exactly, and. 102 00:04:54.839 --> 00:04:57.639 Up next will unpack how to build that fortress, what 103 00:04:57.759 --> 00:05:00.000 tools and strategies you need in your arsenal? 104 00:05:00.199 --> 00:05:02.279 Okay, after that last segment, I'm ready to build a 105 00:05:02.319 --> 00:05:06.839 digital bunker and live offline. How do we even begin 106 00:05:06.959 --> 00:05:09.600 to fight back against that level of cyber sabotage? 107 00:05:09.680 --> 00:05:11.800 Right, It's definitely a wake up call, not a reason 108 00:05:11.839 --> 00:05:14.839 to panic. The good news is there are proven ways 109 00:05:14.879 --> 00:05:18.639 to make your cybersecurity way stronger. Ackerman's got a whole playbook, 110 00:05:18.680 --> 00:05:19.959 in fact, lay it on us. 111 00:05:19.959 --> 00:05:23.360 Then, what are the biggest takeaways from Company x's security flop. 112 00:05:23.360 --> 00:05:24.439 Where do we even start. 113 00:05:24.639 --> 00:05:27.639 Well, their first mistake was like leaving the back door unlocked, 114 00:05:28.160 --> 00:05:31.600 that missing input validation, that was the initial crack that 115 00:05:31.680 --> 00:05:32.519 let the attacker in. 116 00:05:32.800 --> 00:05:36.120 So prevention is key. Like in the real world, we 117 00:05:36.160 --> 00:05:38.720 don't wait for a break in to install an alarm system. 118 00:05:39.120 --> 00:05:42.199 Could Company X have avoided this whole thing with better 119 00:05:42.240 --> 00:05:44.120 input validation? Most likely? 120 00:05:44.240 --> 00:05:48.800 Yes, it's basic digital hygiene. That one security measure acts 121 00:05:48.879 --> 00:05:51.839 like a strict bouncer for your data. No more slipping 122 00:05:51.839 --> 00:05:54.480 in malicious code disguised as a regular party guest. 123 00:05:54.800 --> 00:05:58.480 Right, So lesson one sanitize that user input. But what 124 00:05:58.560 --> 00:06:00.959 about all the other stuff the attacker did moving through 125 00:06:00.959 --> 00:06:04.319 the network, those stolen logins, getting into the database itself. 126 00:06:04.639 --> 00:06:07.759 How do you stop that level of sophisticated attack. 127 00:06:08.040 --> 00:06:10.519 That's where defense in depth comes in. It's exactly what 128 00:06:10.560 --> 00:06:13.360 it sounds like, layers of security. Think of a castle, 129 00:06:13.639 --> 00:06:17.199 not just one wall, but multiple defenses. Even if one fails, 130 00:06:17.240 --> 00:06:18.519 the others are there to hold the line. 131 00:06:18.600 --> 00:06:20.639 Okay, so you're saying, don't rely on just one lock 132 00:06:20.720 --> 00:06:22.360 on the door, make them work for it. 133 00:06:22.439 --> 00:06:25.839 Exactly. Ackerman breaks down the essential parts of this layered 134 00:06:25.839 --> 00:06:28.040 defense and of course it starts with firewalls. 135 00:06:28.279 --> 00:06:31.399 Firewalls the classic they're like the guards at the castle gate, right, 136 00:06:31.560 --> 00:06:33.519 controlling who and what gets in, right. 137 00:06:33.600 --> 00:06:37.319 But firewalls have gotten a serious upgrade. Ackerman talks about 138 00:06:37.360 --> 00:06:40.680 next generation firewalls. They don't just check ideas at the gate. 139 00:06:40.680 --> 00:06:44.639 They're analyzing everything about each visitor, inspecting data packets, looking 140 00:06:44.680 --> 00:06:48.399 for suspicious patterns, known attack methods, the works. 141 00:06:49.000 --> 00:06:51.720 So it's like they've got X ray vision at the 142 00:06:51.759 --> 00:06:54.920 gate now can spot a weapon hidden under. 143 00:06:54.720 --> 00:06:58.279 A coat precisely. And it doesn't stop there. You've also 144 00:06:58.319 --> 00:07:02.240 got intrusion detection and Prevention systems or idsps for short, 145 00:07:02.759 --> 00:07:07.160 constant surveillance. Basically, they're monitoring all network traffic for anything fishy. 146 00:07:07.399 --> 00:07:10.319 So if the firewall is the watchful guard, the IDSP 147 00:07:10.600 --> 00:07:14.120 is the security camera system catching everything on tape exactly. 148 00:07:14.240 --> 00:07:17.879 Ackerman calls out specific tools here too, Alien Volt, Awesome, 149 00:07:18.319 --> 00:07:21.319 Security Onion. These are like the state of the art 150 00:07:21.360 --> 00:07:23.040 surveillance systems for your network. 151 00:07:23.439 --> 00:07:25.160 This is a lot to keep track of, though, It's 152 00:07:25.199 --> 00:07:28.199 like having a wall of security monitors. How do teams 153 00:07:28.199 --> 00:07:29.480 even make sense of all that info? 154 00:07:29.720 --> 00:07:32.639 That's where security monitoring comes in and This is crucial. 155 00:07:32.680 --> 00:07:36.120 It's like the central nervous system of your defenses. All 156 00:07:36.160 --> 00:07:38.560 those logs, alerts, they get pulled into one place so 157 00:07:38.600 --> 00:07:39.480 you can connect the dots. 158 00:07:40.160 --> 00:07:42.319 So it's not enough to just have all these tools. 159 00:07:42.399 --> 00:07:44.560 You need to know what they're saying, like being able 160 00:07:44.560 --> 00:07:47.639 to actually interpret the security camera footage exactly. 161 00:07:48.079 --> 00:07:51.399 And that's where the human element comes in. Technology alone 162 00:07:51.560 --> 00:07:57.639 isn't enough. Ackerman emphasizes being proactive, not just reactive. It's 163 00:07:57.680 --> 00:08:00.319 not enough to just wait for alarms. You have to 164 00:08:00.360 --> 00:08:01.360 go hunting for trouble. 165 00:08:01.519 --> 00:08:04.040 Threat hunting, right you mentioned that earlier. What does that 166 00:08:04.120 --> 00:08:05.759 actually look like in practice? 167 00:08:06.000 --> 00:08:09.639 Okay, imagine a detective searching for clues. They're not waiting 168 00:08:09.639 --> 00:08:12.000 for a crime to be reported. They're looking for those 169 00:08:12.040 --> 00:08:16.519 subtle hints that something's off. That's threat hunting, log analysis, 170 00:08:16.720 --> 00:08:20.720 malware signatures, even digital forensics. It's all on the table. 171 00:08:20.879 --> 00:08:23.600 So you're assuming the attacker might already be inside, and 172 00:08:23.600 --> 00:08:26.680 you're trying to catch them before they cause too much damage. 173 00:08:26.439 --> 00:08:30.720 Precisely, and the faster you detect them the better. Ackerman 174 00:08:30.759 --> 00:08:33.279 gets pretty deep into the techniques here, but the main 175 00:08:33.320 --> 00:08:36.960 takeaway is this, don't wait for the alarm. Bells go 176 00:08:37.080 --> 00:08:39.200 looking for the tripped alarm before it goes off. 177 00:08:39.279 --> 00:08:41.320 This all makes a ton of sense, but it also 178 00:08:41.440 --> 00:08:44.759 feels like a lot. Where do you even begin to 179 00:08:44.840 --> 00:08:46.480 build these layers of defense? 180 00:08:47.000 --> 00:08:52.399 Ackerman stresses vulnerability management as the foundation. Remember, vulnerabilities are 181 00:08:52.399 --> 00:08:55.360 those weak points attackers love to exploit. You have to 182 00:08:55.399 --> 00:08:56.360 find them before they do. 183 00:08:56.519 --> 00:08:59.879 Okay, back to vulnerabilities. We know they're bad, but how 184 00:09:00.000 --> 00:09:01.799 how do you actually manage them effectively? 185 00:09:02.240 --> 00:09:05.399 It's a continuous process of identifying, assessing, and fixing them. 186 00:09:05.759 --> 00:09:09.840 It never really ends. Ackerman mentions tools like nessis and qualities. 187 00:09:10.039 --> 00:09:13.799 They're like having automated vulnerability scanners constantly sweeping your systems. 188 00:09:13.960 --> 00:09:16.600 So they're like those security robots and sci fi movies, 189 00:09:16.600 --> 00:09:19.039 but instead of lasers, they're armed with code scanners. 190 00:09:19.159 --> 00:09:24.000 Exactly. They find those cracks in your defenses, missing software, patches, misconfigurations, 191 00:09:24.039 --> 00:09:26.799 the works. But just like a real building, you need 192 00:09:26.840 --> 00:09:29.559 to actually fix the cracks. Once you find. 193 00:09:29.320 --> 00:09:31.480 Them, find the vulnerability, fix them. Done right? 194 00:09:31.759 --> 00:09:35.720 If only new vulnerabilities pop up all the time, it's 195 00:09:35.759 --> 00:09:39.320 a constant cycle of scanning, assessing, and patching, a. 196 00:09:39.360 --> 00:09:41.919 Never ending game of cybersecurity whack mole. 197 00:09:42.279 --> 00:09:45.840 Sounds exhausting, it can be, which is why Ackerman recommends 198 00:09:46.000 --> 00:09:49.639 sticking to established security standards like ISO twenty seven or 199 00:09:49.720 --> 00:09:53.840 zero one or the NIST Cybersecurity Framework. These provide a 200 00:09:53.879 --> 00:09:56.399 proven blueprint for a strong security program. 201 00:09:56.440 --> 00:09:59.480 Okay, those sound familiar, but remind me what they are again. 202 00:09:59.639 --> 00:10:02.240 Think of the like industry best practices, a set of 203 00:10:02.240 --> 00:10:06.000 guidelines for managing risk and implementing the right security controls. 204 00:10:06.399 --> 00:10:09.000 They're not just about technology, they're about having a structured 205 00:10:09.000 --> 00:10:10.360 approach to cybersecurity. 206 00:10:10.440 --> 00:10:13.200 So it's like having a building code for your cybersecurity 207 00:10:13.200 --> 00:10:16.240 fortress ensure as you're not just piling up defenses randomly, 208 00:10:16.440 --> 00:10:18.919 but following a solid plan exactly. 209 00:10:19.240 --> 00:10:22.399 And part of that plan should always include policies, procedures, 210 00:10:22.480 --> 00:10:25.480 and a well defined process for dealing with risk. You 211 00:10:25.519 --> 00:10:27.679 can't just wing it when it comes to cybersecurity. 212 00:10:27.720 --> 00:10:30.399 I'm starting to realize that cybersecurity is a whole lot 213 00:10:30.440 --> 00:10:34.399 more than just installing antivirus software. It's about a holistic 214 00:10:34.440 --> 00:10:37.639 strategy to manage risk and protect those valuable assets. 215 00:10:38.039 --> 00:10:42.159 You got it. It's a journey, not a destination, and 216 00:10:42.279 --> 00:10:44.559 just like any good journey, you need a map and 217 00:10:44.600 --> 00:10:48.639 a plan. Ackerman gives you both. The key is to 218 00:10:48.679 --> 00:10:51.799 stick to the plan, adapt is needed, and always be 219 00:10:51.919 --> 00:10:53.480 one step ahead of the bad guys. 220 00:10:53.720 --> 00:10:57.279 That makes sense. But all these defenses they rely on technology. 221 00:10:57.600 --> 00:10:59.919 What about the human element? People make mistakes, click on 222 00:11:00.039 --> 00:11:02.480 fishing links, all that. How do we make sure we 223 00:11:02.559 --> 00:11:04.440 are not the weakest link in the chain? 224 00:11:05.039 --> 00:11:08.120 Excellent question, and you're right, even the best tech can 225 00:11:08.120 --> 00:11:11.799 be undermined by human error. Akroman dedicates a whole chapter 226 00:11:11.879 --> 00:11:15.320 to the human Firewall. We'll dive into that next, exploring 227 00:11:15.320 --> 00:11:18.200 how to build a culture of security from the inside out. 228 00:11:18.480 --> 00:11:20.600 So last time we were talking about how even with 229 00:11:20.639 --> 00:11:23.039 all the fancy tech, humans can still be the weakest 230 00:11:23.080 --> 00:11:26.399 link in the security chain, Clicking fishing links, bad passwords, 231 00:11:26.399 --> 00:11:27.120 all that jazz. 232 00:11:27.240 --> 00:11:29.399 It's true. Even a fortress is only as strong as 233 00:11:29.440 --> 00:11:32.519 the people inside it. Ackerman. He's like really big on 234 00:11:32.600 --> 00:11:35.960 building that what he calls the human firewall. It's about 235 00:11:36.000 --> 00:11:39.639 making security everybody's job, not just the IT departments. 236 00:11:39.759 --> 00:11:41.960 Okay, so how do you do that? You can't exactly 237 00:11:42.039 --> 00:11:44.600 like wrap everyone in bubble wrap digitally speaking. 238 00:11:44.960 --> 00:11:48.240 You can, however, create a culture of security, and it's 239 00:11:48.279 --> 00:11:51.840 about making sure everyone from the top down gets how 240 00:11:51.840 --> 00:11:55.120 important this is and knows their role to play. Ackerman. 241 00:11:55.480 --> 00:11:59.919 He really stresses clear security policies and procedures tailored to 242 00:12:00.240 --> 00:12:02.039 each each organization. 243 00:12:02.240 --> 00:12:07.200 Policies procedures those sound kind of you know corporate e 244 00:12:07.480 --> 00:12:08.559 break it down for us. 245 00:12:08.519 --> 00:12:10.919 Okay, think of it like this, Every well run organization 246 00:12:11.000 --> 00:12:14.039 has rules, right. Security policies are just the rules of 247 00:12:14.039 --> 00:12:16.840 the digital world. What's okay to do on company devices? 248 00:12:17.120 --> 00:12:20.080 How to handle sensitive data, password guidelines, all of it. It's 249 00:12:20.159 --> 00:12:23.360 like spelled out. Acriman even gives some really useful examples 250 00:12:23.360 --> 00:12:25.480 of you know, common policies companies can use. 251 00:12:25.559 --> 00:12:27.600 Oh, it's like a digital rule book. But we all 252 00:12:27.639 --> 00:12:30.159 know how well people follow rules sometimes. 253 00:12:29.799 --> 00:12:31.960 Right exactly, which is why it's not enough to just 254 00:12:32.039 --> 00:12:35.720 have ve policies. They need to be clearly communicate, you know, understood, 255 00:12:35.720 --> 00:12:39.159 and enforced. That's where training comes in. Acriban's a big 256 00:12:39.200 --> 00:12:42.639 advocate for like regular security awareness training and not just 257 00:12:42.879 --> 00:12:44.519 like boring compliance stuff. 258 00:12:44.600 --> 00:12:47.240 So no more cheesy training videos from the nineties. What 259 00:12:47.279 --> 00:12:49.960 does like good training even look like these days? 260 00:12:50.200 --> 00:12:52.960 You got to make it real for people. Use Recent 261 00:12:53.039 --> 00:12:55.440 examples show how easy it is to fall for like 262 00:12:55.639 --> 00:12:59.039 a phishing scam or reuse a password on different sites. 263 00:12:59.360 --> 00:13:02.360 The more in your employees are, the less likely they 264 00:13:02.399 --> 00:13:03.759 are to be that weakest link. 265 00:13:03.919 --> 00:13:06.200 Yeah, it's like that saying, give a man a firewall, 266 00:13:06.279 --> 00:13:09.320 he's safe for a day, Teach a man about cybersecurity, 267 00:13:09.360 --> 00:13:11.399 he's safe for life, or something like that. 268 00:13:11.559 --> 00:13:15.360 I like that, And don't forget about incident response. No 269 00:13:15.399 --> 00:13:19.919 matter how peerful you are, breaches can still happen. Ackerman 270 00:13:20.039 --> 00:13:23.759 stress is having a plan, like a fire drill for cybersecurity. 271 00:13:23.840 --> 00:13:25.759 Okay, that makes sense. You don't wait for a fire 272 00:13:25.840 --> 00:13:27.720 to figure out an escape route, so you shouldn't wait 273 00:13:27.759 --> 00:13:29.799 for a breach to figure out what to do exactly. 274 00:13:30.080 --> 00:13:33.360 A good incident response plan outlines exactly what happens if 275 00:13:33.360 --> 00:13:36.639 there's a breach, Who does what, how to contain the damage, 276 00:13:36.799 --> 00:13:39.200 how to investigate, you know, the works. 277 00:13:39.360 --> 00:13:40.879 So it's not just about putting about the fire, but 278 00:13:40.919 --> 00:13:43.240 also figuring out how it started and how to make 279 00:13:43.279 --> 00:13:45.559 sure it doesn't happen again. Valuable lessons there. 280 00:13:45.879 --> 00:13:49.360 Absolutely every breach, no matter how small, is a chance 281 00:13:49.440 --> 00:13:53.360 to learn and improve. Ackerman provides a really solid uh 282 00:13:54.200 --> 00:13:57.080 framework for incident response. Step by step. 283 00:13:57.399 --> 00:14:00.279 This has been honestly eye opening. It's clear that strong 284 00:14:00.320 --> 00:14:04.480 cybersecurity isn't just about tech. It's about the people, the policies, 285 00:14:04.600 --> 00:14:07.200 and having a plan for the worst while still, you know, 286 00:14:07.440 --> 00:14:08.240 hoping for the best. 287 00:14:08.360 --> 00:14:10.919 Well said, and remember it's not a one and done deal. 288 00:14:11.639 --> 00:14:16.240 Ackroban really hammers home the importance of continuous improvement. Cybersecurity 289 00:14:16.279 --> 00:14:20.320 is a marathon, not a sprint. The threat landscape changes constantly. 290 00:14:20.399 --> 00:14:23.639 New vulnerabilities are discovered all the time. It's an ongoing 291 00:14:23.679 --> 00:14:25.960 process of adapting and strengthening your defenses. 292 00:14:26.080 --> 00:14:27.759 So you can't just set it and forget it. 293 00:14:27.679 --> 00:14:30.879 Absolutely not. Stay vigilant, stay informed, and always be one 294 00:14:30.879 --> 00:14:31.440 step ahead. 295 00:14:31.480 --> 00:14:33.399 Well, this deep dive has given us a lot to 296 00:14:33.440 --> 00:14:36.039 think about, from the anatomy of an attack, to building 297 00:14:36.120 --> 00:14:39.759 layers of defense, and now the importance of that human firewall. 298 00:14:40.399 --> 00:14:42.639 Any final thoughts for our listeners out there before we 299 00:14:42.679 --> 00:14:43.159 sign off. 300 00:14:43.279 --> 00:14:46.519 You know, if there's one thing to remember from modern 301 00:14:46.559 --> 00:14:51.879 cybersecurity practices, it's that cybersecurity is everyone's responsibility. It's not 302 00:14:51.960 --> 00:14:55.000 just an IT issue. It's a business imperative. Invest in 303 00:14:55.039 --> 00:14:58.000 the right tools, train your people, and make security a 304 00:14:58.000 --> 00:15:02.240 part of your company culture. You build a truly resilient organization. 305 00:15:02.519 --> 00:15:05.200 Couldn't have said it better myself. On that note, we'll 306 00:15:05.279 --> 00:15:09.120 leave you with this thought. Ackerman briefly mentions bug bounty programs, 307 00:15:09.159 --> 00:15:12.440 where companies pay ethical hackers to find and report vulnerabilities 308 00:15:12.639 --> 00:15:15.559 before the bad guys get to them. What if Company 309 00:15:15.720 --> 00:15:18.159 X had tried that, could they have dodged this whole disaster? 310 00:15:18.799 --> 00:15:21.919 Something to ponder. That's it for today's deep dive into 311 00:15:21.919 --> 00:15:26.240 the fascinating and often unsettling world of modern cybersecurity. Until 312 00:15:26.279 --> 00:15:27.879 next time, stay safe online.