WEBVTT 1 00:00:00.120 --> 00:00:02.399 You know, every time you scroll through your news feed, 2 00:00:02.439 --> 00:00:06.080 it feels like there's another headline some companies data breached, 3 00:00:06.799 --> 00:00:10.599 customer information exposed, or maybe you've opened that one email 4 00:00:10.599 --> 00:00:14.160 that just felt well, a little too suspicious. In a 5 00:00:14.199 --> 00:00:16.679 world where our lives are so so deeply linked to 6 00:00:16.719 --> 00:00:19.960 the digital, how do we actually protect ourselves, both you know, 7 00:00:20.000 --> 00:00:24.519 as individuals and as organizations. Welcome to the deep dive today. 8 00:00:24.719 --> 00:00:28.679 We're attempting to navigate the digital wildwist. We're plunging into 9 00:00:28.679 --> 00:00:31.760 the really critical world of cybersecurity. Our mission for you 10 00:00:31.839 --> 00:00:34.439 today is simple, cut through the noise, pull out the 11 00:00:34.439 --> 00:00:36.679 most vital knowledge from our sources, and give you a 12 00:00:36.759 --> 00:00:39.200 kind of short cut to understanding not just what the 13 00:00:39.240 --> 00:00:41.840 threats are, but really why they matter and maybe most importantly, 14 00:00:41.880 --> 00:00:43.960 what you can actually do to be better informed and 15 00:00:44.039 --> 00:00:47.000 better protected. Our main guide for this deep dive is 16 00:00:47.079 --> 00:00:50.280 a really comprehensive book, Building an effective security program. It's 17 00:00:50.280 --> 00:00:53.479 by A. Chris K. Williams, Scotty Donaldson, and Stanley G. Siegal. 18 00:00:53.560 --> 00:00:57.799 It's a work built on deep military, commercial and academic expertise, 19 00:00:58.039 --> 00:01:00.520 and it's dedicated to the late Stanley GC. We want 20 00:01:00.520 --> 00:01:03.960 to give you those aha moments, you know, and a 21 00:01:04.120 --> 00:01:08.280 clear framework for thinking about security, whether you're prepping for 22 00:01:08.359 --> 00:01:11.040 a big meeting or maybe you're just incredibly curious. Okay, 23 00:01:11.120 --> 00:01:14.319 let's unpack this. The pace of digital change, it's just 24 00:01:14.319 --> 00:01:18.120 been breathtaking, hasn't it. Absolutely Computers, the Internet, mobile tech, 25 00:01:18.200 --> 00:01:20.680 the cloud, the Internet of things. I mean, they've all 26 00:01:20.680 --> 00:01:23.799 fundamentally reshaped our daily lives and how we work. We're 27 00:01:23.840 --> 00:01:28.159 even seeing entire organizations now operating as a fully digital, 28 00:01:28.200 --> 00:01:31.120 fully virtual entities, sometimes with no physical office at all. 29 00:01:31.200 --> 00:01:33.519 It's a massive shift. And what's really interesting are these 30 00:01:34.040 --> 00:01:38.719 advanced digital capabilities that enable it all. Things like instant 31 00:01:38.799 --> 00:01:42.519 data replication, real time data processing, automated workflows, even digital 32 00:01:42.560 --> 00:01:46.120 service delivery. They're not just making things faster, they're actually 33 00:01:46.159 --> 00:01:50.879 redefining what's even possible for a business. But, and this 34 00:01:51.000 --> 00:01:55.719 is key, here's the subtle danger. Each of these incredible advances, 35 00:01:55.879 --> 00:01:59.040 while great for efficiency, also creates a new way in 36 00:01:59.120 --> 00:02:03.319 for attackers attack surface, or it magnifies the impact as 37 00:02:03.319 --> 00:02:06.680 something does go wrong. Oh okay, instant replication means bad 38 00:02:06.719 --> 00:02:10.280 data spreads instantly, real time processing, real time vulnerabilities. The 39 00:02:10.400 --> 00:02:13.360 very tools of progress become vectors for amplified risk. 40 00:02:13.719 --> 00:02:16.280 That's a powerful way to put it, progress becoming a 41 00:02:16.360 --> 00:02:21.919 vector for risk. So with all this capability, this huge transformation, 42 00:02:22.360 --> 00:02:25.000 what exactly is at stake? What's the real downside of 43 00:02:25.039 --> 00:02:26.560 digitizing everything? 44 00:02:26.800 --> 00:02:30.120 Well, the core truth is pretty stark. Digitizing critical information, 45 00:02:30.400 --> 00:02:35.159 while powerful, inherently introduces massive cyber risks. Just massive. We're 46 00:02:35.159 --> 00:02:38.120 talking about the crown jewels of any organization and often 47 00:02:38.120 --> 00:02:43.520 individuals too, customer lists, credit cards, banking info, intellectual property, 48 00:02:43.599 --> 00:02:48.400 employee identities, payroll, and even highly regulated data like health records. 49 00:02:48.599 --> 00:02:51.199 These are the high value assets that cyber attackers are 50 00:02:51.240 --> 00:02:52.199 constantly targeting. 51 00:02:52.360 --> 00:02:54.800 And it's not just some abstract risk floating out there, 52 00:02:54.840 --> 00:02:57.400 is it. We've seen a genuine explosion in cybercrimes. 53 00:02:57.400 --> 00:03:00.599 Oh, absolutely. The statistics are well, frankly, they're eye popping. 54 00:03:00.840 --> 00:03:02.960 Doctor Michael Maguire, who cited in the book, found that 55 00:03:03.000 --> 00:03:06.360 cybercrime generated something like one point five trillion dollars in 56 00:03:06.360 --> 00:03:08.639 illicit profits. That was just in twenty eighteen alone. 57 00:03:08.639 --> 00:03:10.560 Well, one point five trillion trillion. 58 00:03:10.719 --> 00:03:14.400 Yeah. It's often easier and certainly lower risk for criminals 59 00:03:14.400 --> 00:03:16.680 to steal data from their keyboard than to physically rob 60 00:03:16.680 --> 00:03:19.599 a bank and the scale of theft is immense. We're 61 00:03:19.599 --> 00:03:22.680 talking over twenty eight billion records breached. 62 00:03:22.400 --> 00:03:24.360 Overall, twenty eight billion, yeah. 63 00:03:24.199 --> 00:03:27.039 With about twenty two point five billion of those involving 64 00:03:27.080 --> 00:03:31.400 things like so security numbers and email addresses, hugely sensitive stuff. 65 00:03:31.639 --> 00:03:34.400 And when you dig into why these breaches happen, it's 66 00:03:34.400 --> 00:03:38.879 often not some super complex Hollywood style master plan. Frequently 67 00:03:38.879 --> 00:03:42.000 it's down to poor security practices, maybe already hacked accounts 68 00:03:42.000 --> 00:03:45.360 being reused, simple human error, you know, the oops factor, 69 00:03:45.400 --> 00:03:47.599 loss devices, or sometimes even inside jobs. 70 00:03:47.680 --> 00:03:50.560 So it sounds like a huge mess, which raises the question, 71 00:03:51.120 --> 00:03:54.479 if going digital is so risky, why do organizations even bother? 72 00:03:54.520 --> 00:03:56.759 Why not just stick to paper and you know, locked 73 00:03:56.759 --> 00:03:58.319 filing cabinets, because. 74 00:03:58.080 --> 00:04:01.919 The upsides are just too compelling overwhelming. Really, we're talking 75 00:04:01.960 --> 00:04:07.680 about agility, speed, massive cost reductions, better quality, more resilience, 76 00:04:07.919 --> 00:04:11.319 and the ability to offer entirely new capabilities that just 77 00:04:11.360 --> 00:04:16.199 weren't possible before. Organizations, honestly, they don't really have a 78 00:04:16.319 --> 00:04:18.800 choice but to embrace digitization if they want to stay 79 00:04:18.800 --> 00:04:23.160 competitive or even relevant. The trick, the real challenge is 80 00:04:23.199 --> 00:04:25.240 doing it safely, doing it smartly. 81 00:04:25.839 --> 00:04:28.879 Okay, So it's not if we digitize, but how safely 82 00:04:28.959 --> 00:04:31.120 we do it? And to do that safely, you first 83 00:04:31.160 --> 00:04:34.560 need to understand who you're actually up against. Let's talk 84 00:04:34.600 --> 00:04:37.600 about the who behind these cyber attacks, because it's definitely 85 00:04:37.639 --> 00:04:40.120 more nuanced than the sort of hooti wearing stereotype we 86 00:04:40.160 --> 00:04:40.759 see in movies. 87 00:04:40.800 --> 00:04:43.480 You're absolutely right, it's rarely just that loan will figure. 88 00:04:43.839 --> 00:04:46.519 Our sources describe really a whole spectrum of players. On 89 00:04:46.519 --> 00:04:49.360 one end, you might have casual hackers. Often they're driven 90 00:04:49.399 --> 00:04:52.519 by just curiosity, maybe the thrill of figuring things out, 91 00:04:52.800 --> 00:04:55.560 or wanting to prove their technical skills. Then, and this 92 00:04:55.600 --> 00:04:57.720 is where it gets more concerning for most organizations, you 93 00:04:57.800 --> 00:05:02.120 have cyber criminals. These folks are primarily financially motivated. They're 94 00:05:02.199 --> 00:05:04.560 stealing data to sell it on the dark web, They're 95 00:05:04.560 --> 00:05:09.600 emptying bank accounts, demanding ransom, and crucially, these aren't always individuals. 96 00:05:09.839 --> 00:05:14.360 Often they're highly organized, professional groups. They operate almost like businesses. 97 00:05:15.160 --> 00:05:18.240 And then there's the other side of the coin, the 98 00:05:18.439 --> 00:05:20.600 white hat hackers or ethical hackers. 99 00:05:20.680 --> 00:05:22.920 The good guys exactly. 100 00:05:22.439 --> 00:05:25.160 The good guys. They use the exact same tools and 101 00:05:25.199 --> 00:05:27.439 techniques as the bad guys, but they do it with 102 00:05:27.519 --> 00:05:31.879 authorization and strict ethics. Their goal is to improve security. 103 00:05:32.319 --> 00:05:35.879 They do things like penetration testing, run bug bounty programs, 104 00:05:35.959 --> 00:05:39.439 research vulnerabilities, all to help organizations get stronger. 105 00:05:39.800 --> 00:05:43.199 It's such a fascinating evolution, isn't it. I mean Kevin Mettnick, 106 00:05:43.279 --> 00:05:46.759 who was once the FBI's most wanted hacker. He famously 107 00:05:46.800 --> 00:05:50.319 went legit became a renowned white hat. It really shows 108 00:05:50.319 --> 00:05:52.439 how blurred those lines can be and how the whole 109 00:05:52.519 --> 00:05:54.199 landscape is constantly shifting. 110 00:05:54.360 --> 00:05:57.279 It does, but even with ethical hackers helping out, there's 111 00:05:57.279 --> 00:06:00.199 still significant challenges. One of the biggest is what it's 112 00:06:00.199 --> 00:06:01.439 called the attribution problem. 113 00:06:01.560 --> 00:06:05.360 Attribution meaning figuring out who did it precisely. 114 00:06:05.959 --> 00:06:10.160 It's incredibly difficult to definitively pin down attackers because they 115 00:06:10.279 --> 00:06:14.959 use all sorts of obfuscation techniques, encrypted communications, bouncing traffic 116 00:06:14.959 --> 00:06:18.519 through multiple proxy layers across different countries. An attack that 117 00:06:18.560 --> 00:06:21.519 looks like it's coming from China might actually be routed 118 00:06:21.519 --> 00:06:25.199 through servers in say Europe, bounced off a compromised computer 119 00:06:25.319 --> 00:06:28.839 inside the victim's zone network, and maybe orchestrated from somewhere 120 00:06:28.839 --> 00:06:29.519 else entirely. 121 00:06:29.680 --> 00:06:33.000 Wow. Okay, so it's like a digital haul of mirrors. 122 00:06:32.600 --> 00:06:35.800 Kind of yeah, and that directly leads to the prosecution problem. 123 00:06:35.839 --> 00:06:39.120 Even if you can identify someone, enforcing laws across borders 124 00:06:39.199 --> 00:06:42.560 is complex and uneven. So for many, cybercrime remains this 125 00:06:42.639 --> 00:06:46.680 big money virtual business with relatively speaking low risk of 126 00:06:46.720 --> 00:06:47.920 getting caught and punished. 127 00:06:48.319 --> 00:06:52.000 Okay, So these adversaries, whether they're criminals or nation states 128 00:06:52.040 --> 00:06:55.519 or whoever, they get past the defenses, what's their ultimate goal? 129 00:06:55.600 --> 00:06:58.800 What are they fundamentally trying to achieve once they're inside. 130 00:06:58.959 --> 00:07:01.759 That's where the classic SEIA triad is really helpful. It 131 00:07:01.759 --> 00:07:06.040 stands for confidentiality, integrity, and availability. These three core goals 132 00:07:06.120 --> 00:07:09.879 drive almost every cyber attack. Understanding them help you build defenses. 133 00:07:10.040 --> 00:07:15.639 Okay, CIA, Confidentiality, integrity, availability, break this down for US. 134 00:07:15.720 --> 00:07:20.279 Sure, confidentiality is basically about keeping secret secret. Attackers want 135 00:07:20.279 --> 00:07:24.360 to steal valuable data, so security numbers, credit cards, health records, 136 00:07:24.680 --> 00:07:27.399 company secrets, often to sell or use for leverage. 137 00:07:27.519 --> 00:07:30.000 Got it stealing stuff right? Then? 138 00:07:30.000 --> 00:07:33.560 Integrity is about making sure data is accurate and trustworthy. Here, 139 00:07:33.720 --> 00:07:37.439 attackers modify data to cause disruption or harm. Think about 140 00:07:37.439 --> 00:07:42.240 creating fake financial transactions, altering account balances, or maybe corrupting 141 00:07:42.279 --> 00:07:44.800 critical system files, so things don't work right. 142 00:07:44.879 --> 00:07:47.079 Okay, so messing with the data itself. 143 00:07:46.839 --> 00:07:50.480 Exactly and finally, availability this is about making sure systems 144 00:07:50.519 --> 00:07:53.480 and data are actually there when you need them. Attackers 145 00:07:53.519 --> 00:07:57.199 try to deny access, often through distributed denial of service 146 00:07:57.600 --> 00:08:00.639 DDoS attacks, where they just flood system with so much 147 00:08:00.720 --> 00:08:04.399 junk traffic that they collapse under the load, overwhelming the system, 148 00:08:04.680 --> 00:08:08.920 or the really nasty one these days, ransomware. They encrypt 149 00:08:08.920 --> 00:08:12.000 all your data and demand payment to unlock it. And 150 00:08:12.079 --> 00:08:15.160 here's a critical point the book makes. Even if you 151 00:08:15.199 --> 00:08:18.439 pay the ransom, there's absolutely no guarantee you'll get your 152 00:08:18.480 --> 00:08:21.279 data back. Sometimes the decryption tools they give you just 153 00:08:21.319 --> 00:08:21.759 don't work. 154 00:08:21.959 --> 00:08:24.639 Oh man, that's adding insult to injury. So okay, those 155 00:08:24.639 --> 00:08:28.680 are the goals steal, modify, or deny access. But how 156 00:08:28.680 --> 00:08:30.959 do they actually pull this off? What methods are they 157 00:08:31.040 --> 00:08:33.399 using to get in and cause this kind of havoc? 158 00:08:33.799 --> 00:08:37.279 Their methods are really varied and they're always evolving, but 159 00:08:37.360 --> 00:08:40.279 some core ones keep popping up. Malware is a huge one. 160 00:08:40.320 --> 00:08:44.639 That's just malicious software, viruses, worms, trojans, byware designed to 161 00:08:44.639 --> 00:08:49.360 steal credentials, create backdoors for later access, or bypassed security controls. 162 00:08:49.480 --> 00:08:52.000 There are literally millions of unique strains out. 163 00:08:51.879 --> 00:08:53.200 There, millions. Wow. 164 00:08:53.320 --> 00:08:55.879 Then you have exploits. These are specific pieces of code 165 00:08:55.919 --> 00:08:58.840 that take advantage of vulnerabilities, you know, flaws in software 166 00:08:58.919 --> 00:09:02.840 or hardware. Sometimes these are zero day exploits, flaws that 167 00:09:02.879 --> 00:09:06.000 were previously unknown so there's no patch available yet. Those 168 00:09:06.039 --> 00:09:10.039 are particularly dangerous. Credential theft is incredibly common, just stealing 169 00:09:10.440 --> 00:09:14.360 usernames and passwords. They might use techniques like password. 170 00:09:14.000 --> 00:09:16.159 Spraying, password spraying, what's. 171 00:09:16.039 --> 00:09:19.039 That Instead of trying lots of passwords on one account, 172 00:09:19.200 --> 00:09:22.120 they try one common password like password one, two, three 173 00:09:22.360 --> 00:09:27.480 across many, many accounts. It's surprisingly effective against weak passwords. 174 00:09:27.639 --> 00:09:29.720 Ah cliver sneaky. 175 00:09:29.759 --> 00:09:33.320 Very And this is exactly why multi factor authentication MFA 176 00:09:33.799 --> 00:09:36.799 is such a game changer. That second factor, a code 177 00:09:36.799 --> 00:09:40.960 from your phone, a fingerprint, makes a stolen password much 178 00:09:41.159 --> 00:09:42.720 much harder to actually use. 179 00:09:42.879 --> 00:09:43.440 Makes sense. 180 00:09:43.600 --> 00:09:45.519 We also see a lot of social engineering. This is 181 00:09:45.559 --> 00:09:49.600 basically old school manipulation but apply digitally. Think phishing emails 182 00:09:49.639 --> 00:09:51.480 trying to trick you into clicking a link or giving 183 00:09:51.559 --> 00:09:54.840 up info, or someone calling pretending to be it support, 184 00:09:55.279 --> 00:09:59.559 or even literal dumpster diving for discarded notes with sensitive information. 185 00:10:00.080 --> 00:10:03.360 Kevin Mitnick's book The Art of Deception really highlighted how 186 00:10:03.399 --> 00:10:06.120 effective this can be. People are often the weakest link, 187 00:10:06.320 --> 00:10:09.759 and a really big growing concern now is supply chain 188 00:10:09.799 --> 00:10:14.440 and IoT vulnerabilities. Attackers are increasingly targeting less defendive partners 189 00:10:14.440 --> 00:10:18.039 in your supply chain or insecure Internet of Things devices 190 00:10:18.440 --> 00:10:19.559 as an easy way. 191 00:10:19.320 --> 00:10:21.440 In, like that famous pish tank story. 192 00:10:21.279 --> 00:10:24.840 Exactly, the Phish Tank HAC where Casino's network was reportedly 193 00:10:24.879 --> 00:10:27.720 compromised through an Internet connected thermostat in a fish tank. 194 00:10:28.039 --> 00:10:31.039 It sounds absurd, but it shows how these seemingly harmless 195 00:10:31.039 --> 00:10:34.039 connected devices can become major entry points if they're not 196 00:10:34.080 --> 00:10:35.000 secured properly. 197 00:10:35.080 --> 00:10:37.320 The thought of a phish tank being a gateway into 198 00:10:37.320 --> 00:10:42.080 a Casino's network is truly unsettling. Okay, So, given this 199 00:10:42.200 --> 00:10:46.279 constant barrage, these clever adversaries, these varied methods, what can 200 00:10:46.399 --> 00:10:49.279 organizations actually do? The book talks about a clear cyber 201 00:10:49.360 --> 00:10:52.919 risk management process and this idea of a people process 202 00:10:52.960 --> 00:10:54.960 and technology approach exactly. 203 00:10:55.600 --> 00:10:58.879 That six step risk management process is fundamental because it 204 00:10:58.919 --> 00:11:02.120 helps organizations figure out where to focus their limited resources. 205 00:11:02.840 --> 00:11:06.720 It's all about prioritization. First, you identify your assets, what's 206 00:11:06.759 --> 00:11:12.039 actually valuable, what needs protecting? Then identify vulnerabilities. Where are 207 00:11:12.039 --> 00:11:15.879 the weak spots, missing patches, maybe flaws in your web 208 00:11:15.919 --> 00:11:22.399 code insecure configurations. Next, identify threats. How might attackers actually 209 00:11:22.440 --> 00:11:25.120 exploit those specific weaknesses you just found? 210 00:11:25.360 --> 00:11:27.799 Okay, assets, vulnerabilities, threats right. 211 00:11:28.000 --> 00:11:31.240 Step four is to estimate the risk severity. You combine 212 00:11:31.279 --> 00:11:34.080 the likelihood of a particular threat exploiting a vulnerability with 213 00:11:34.080 --> 00:11:36.480 the potential impact if it does. This helps you rank 214 00:11:36.559 --> 00:11:40.480 risks low, medium, high. Then step five you determine the 215 00:11:40.519 --> 00:11:42.279 risk treatment. What are you going to do about each risk? 216 00:11:42.480 --> 00:11:45.240 You could try to avoid it entirely, mitigate it, reduce 217 00:11:45.279 --> 00:11:48.480 its likelihood or impact, share it like getting cyber insurance, 218 00:11:48.600 --> 00:11:50.759 or maybe just retain it. Meaning you accept the risk 219 00:11:50.919 --> 00:11:54.679 makes sense, you have options exactly, and finally, based on 220 00:11:54.720 --> 00:11:58.200 those treatment decisions, you select countermeasures. These are the actual 221 00:11:58.240 --> 00:12:03.480 things you implement, policiesures, specific security controls like firewalls or MFA, 222 00:12:03.879 --> 00:12:07.120 and internally skilled people to manage it all. It's about 223 00:12:07.120 --> 00:12:11.200 making informed choices to reduce that risk to an acceptable level. 224 00:12:11.600 --> 00:12:13.879 And a really crucial point the book makes is that 225 00:12:14.279 --> 00:12:19.080 defenses have to be designed assuming failures will happen. That feels, 226 00:12:19.159 --> 00:12:22.279 I don't know, a bit grim but also realistic. What 227 00:12:22.320 --> 00:12:25.039 does that mean for how we actually build protections? 228 00:12:25.519 --> 00:12:29.639 It means you absolutely need layers of defense, defense in depth, 229 00:12:29.840 --> 00:12:32.399 and those layers need to work together assuming one might fail. 230 00:12:32.919 --> 00:12:35.200 The source breaks controls down into four types, and they 231 00:12:35.200 --> 00:12:38.840 really interplay. First, you have preventive controls. These are designed 232 00:12:38.840 --> 00:12:40.919 to block bad stuff from happening in the first place. 233 00:12:41.000 --> 00:12:45.519 I think firewalls, stopping unauthorized traffic, VPNs, encrypting connections, maybe 234 00:12:45.600 --> 00:12:46.679 access control lists. 235 00:12:46.720 --> 00:12:48.639 Okay, stop it before it starts. 236 00:12:48.559 --> 00:12:53.039 Ideally yes, But what happens when prevention fails, because sometimes 237 00:12:53.039 --> 00:12:56.480 it will. That's where detective controls come in. Their job 238 00:12:56.559 --> 00:12:59.399 is to identify malicious activity after it's gotten past the 239 00:12:59.399 --> 00:13:04.200 preventive layer, things like file integrity monitoring that flag's unexpected changes, 240 00:13:04.399 --> 00:13:07.639 or user behavior analytics looking for suspicious actions. 241 00:13:07.799 --> 00:13:11.279 Ah, so catching it in the act or just after exactly. 242 00:13:11.600 --> 00:13:14.720 The book uses a law enforcement analogy. Yeah, you can't 243 00:13:14.720 --> 00:13:17.360 prevent every crime, but you want systems in place to 244 00:13:17.399 --> 00:13:20.679 detect it quickly and respond effectively. So once an incident 245 00:13:20.759 --> 00:13:25.000 is detected, response controls kick in. These are focused on investigation, containment, 246 00:13:25.360 --> 00:13:28.559 and actually repelling the attack. Think forensic tools to see 247 00:13:28.559 --> 00:13:32.399 what happened. Network analytics may be automatically locking suspicious. 248 00:13:31.879 --> 00:13:34.159 Accounts okay, dealing with the immediate fire. 249 00:13:34.159 --> 00:13:39.120 Precisely, and finally, after the dust settles, recovery controls are engaged. 250 00:13:39.519 --> 00:13:43.120 Their job is to restore normal operations. This means restoring 251 00:13:43.120 --> 00:13:47.759 systems from backups, maybe reimaging compromise machines, forcing password resets. 252 00:13:48.000 --> 00:13:52.000 And here's a powerful insight. Really robust recovery capabilities can 253 00:13:52.000 --> 00:13:55.679 actually compensate to some extent for deficiencies in the other controls. 254 00:13:55.879 --> 00:13:58.519 If you can get back online quickly and cleanly, that's huge. 255 00:13:59.039 --> 00:14:02.919 That layered approach prevent, detect, respond, recover makes a lot 256 00:14:02.919 --> 00:14:06.960 of sense. Now, beyond these internal strategies, what about external forces? 257 00:14:07.000 --> 00:14:10.320 What pushes organizations to invest in cybersecurity? 258 00:14:10.480 --> 00:14:13.519 All these external drivers are increasingly significant. You've got laws 259 00:14:13.519 --> 00:14:16.679 and regulations. Think of the eused GDPR, the General Data 260 00:14:16.679 --> 00:14:19.879 Protection Regulation. It has global reach and that forget me 261 00:14:19.960 --> 00:14:22.360 clause allowing people to request data deletion. 262 00:14:22.279 --> 00:14:23.440 Right GDPR is huge. 263 00:14:23.799 --> 00:14:27.240 Or in the US you have HYPAW for healthcare data, 264 00:14:27.519 --> 00:14:30.919 which has very strict rules. Compliance is an optional. Then 265 00:14:30.960 --> 00:14:34.200 there are industry standards. A big one is PCIDSS, the 266 00:14:34.240 --> 00:14:37.879 Payment Card Industry Data Security Standard. If you handle credit cards, 267 00:14:37.960 --> 00:14:40.360 you have to comply with its twelve requirements and it's 268 00:14:40.399 --> 00:14:41.559 external testing involved. 269 00:14:41.759 --> 00:14:47.360 Okay, so rules you have to follow definitely. Also, contractual obligations. 270 00:14:47.559 --> 00:14:51.320 Often agreements with big customers or partners will include specific 271 00:14:51.440 --> 00:14:55.360 security requirements you have to meet. And finally, there's liability 272 00:14:55.480 --> 00:14:59.799 and insurance proving specific financial damages from a personal data 273 00:14:59.840 --> 00:15:02.600 bre Each can be legally tricky sometimes, which is why 274 00:15:02.639 --> 00:15:06.320 regulatory penalties are often the bigger immediate stick. And the 275 00:15:06.360 --> 00:15:08.840 cyber insurance market is growing fast, but it's still kind 276 00:15:08.879 --> 00:15:11.879 of figuring things out. Policies can be complex, and you 277 00:15:11.960 --> 00:15:14.919 might see things like wartime exclusion clauses that could deny 278 00:15:14.960 --> 00:15:17.080 coverage for major nation state attacks. 279 00:15:17.519 --> 00:15:21.480 Wow, okay, lots of pressure from outside too. So far 280 00:15:21.639 --> 00:15:24.120 we focused a lot on what organizations need to do, 281 00:15:24.720 --> 00:15:27.000 But what about you, the individual listener? The book spends 282 00:15:27.000 --> 00:15:29.600 a good amount of time on cyber awareness, right, how 283 00:15:29.639 --> 00:15:30.960 our daily actions matter? 284 00:15:31.240 --> 00:15:33.799 Yes, and the core message there is really profound. I 285 00:15:33.799 --> 00:15:37.000 think it boils down to asking ourselves constantly, are the 286 00:15:37.000 --> 00:15:39.440 benefits of this online action I'm about to take worth 287 00:15:39.440 --> 00:15:42.919 the potential cyber risks involved. It's about encouraging that moment 288 00:15:42.919 --> 00:15:46.600 of critical thought before clicking, before sharing, before connecting. That's 289 00:15:46.639 --> 00:15:49.440 a great question to keep in mind. And our security 290 00:15:49.480 --> 00:15:53.039 needs are posture. It changes dramatically depending on where we. 291 00:15:52.960 --> 00:15:57.440 Are, doesn't it Absolutely? Context is everything at work, the 292 00:15:57.480 --> 00:16:02.960 focus is on protecting company assets, competitive info, financials, customer data, 293 00:16:03.240 --> 00:16:07.679 employee info. Your work devices are often centrally managed, maybe monitored, 294 00:16:07.919 --> 00:16:10.840 and generally there's no expectation of privacy when you're using 295 00:16:10.840 --> 00:16:14.600 work resources for personal web surfing. Things like data loss 296 00:16:14.600 --> 00:16:18.320 protection DLP might even be scanning documents you create. Right, 297 00:16:18.399 --> 00:16:21.399 work is work at home, the attackers' goals shift a bit. 298 00:16:21.679 --> 00:16:23.840 They might still want your professional info if you store 299 00:16:23.840 --> 00:16:27.279 it on personal devices, or maybe work credentials they can steal. Yeah, 300 00:16:27.320 --> 00:16:30.320 but they're also after your personal financial data, your privacy, 301 00:16:30.440 --> 00:16:34.000 your e commerce accounts are fraud but you're often especially 302 00:16:34.080 --> 00:16:37.919 vulnerable when you're traveling. The book gives some really concrete, 303 00:16:37.960 --> 00:16:41.200 actionable tips here. Keep important files in the cloud and 304 00:16:41.200 --> 00:16:44.360 make sure they're backed up. Consider maybe using a prepaid 305 00:16:44.399 --> 00:16:47.519 burner phone for international travel. If you're concerned about surveillance, 306 00:16:48.080 --> 00:16:52.000 always use screenlocks on your devices. Be really wary of 307 00:16:52.120 --> 00:16:55.600 hotel safe staff often have master keys or codes, and 308 00:16:55.639 --> 00:16:57.759 be extremely careful about public Wi Fi. 309 00:16:58.000 --> 00:17:01.039 Ah. Yeah, public Wi Fi always sketchy. 310 00:17:00.679 --> 00:17:04.440 It can be. Attackers love setting up malicious hotspots with 311 00:17:04.559 --> 00:17:07.880 believable names like free Airport Wi Fi or hotel Guest. 312 00:17:08.240 --> 00:17:10.960 You connect thinking it's legit and they can intercept your 313 00:17:10.960 --> 00:17:13.839 traffic or try to infect your device. Always use a 314 00:17:13.880 --> 00:17:15.480 VPN on public Wi Fi if you can. 315 00:17:15.680 --> 00:17:18.559 Good tip and for anyone listening who's in a leadership position, 316 00:17:18.920 --> 00:17:22.200 the book specifically calls out these highly targeted whaling attacks. 317 00:17:22.240 --> 00:17:23.200 Can you explain those? 318 00:17:23.559 --> 00:17:26.720 Yeah? Whaling is like spearfishing, but aimed at the big 319 00:17:26.759 --> 00:17:31.440 fish executives senior leaders. These attacks are often highly sophisticated, 320 00:17:31.680 --> 00:17:36.160 very personalized. They might impersonate another senior leader, maybe the CEO, 321 00:17:36.559 --> 00:17:39.200 or even a family member, usually via email or text. 322 00:17:39.720 --> 00:17:42.319 The goal is often to trick the executive into initiating 323 00:17:42.359 --> 00:17:47.319 a fraudulent wire transfer or revealing confidential strategic information. They 324 00:17:47.359 --> 00:17:51.160 can be devastatingly effective because they exploit trust and authority. 325 00:17:51.400 --> 00:17:54.960 Scary stuff. Okay, so We've talked about building defenses being aware, 326 00:17:55.400 --> 00:17:58.440 But despite all that, the book acknowledges perfection is impossible. 327 00:17:58.519 --> 00:18:01.359 Things will go wrong sometimes, So what happens then? How 328 00:18:01.359 --> 00:18:03.680 do you handle it when the unthinkable actually happens? 329 00:18:03.960 --> 00:18:06.839 Well, the key takeaway is that effective incident management starts 330 00:18:07.200 --> 00:18:10.880 long book or the incident. It's all about preparation. It's 331 00:18:10.920 --> 00:18:15.400 not if it's truly when. Organizations absolutely need a dedicated 332 00:18:15.519 --> 00:18:19.480 incident response tiger team. This should be a cross functional group. 333 00:18:19.559 --> 00:18:24.559 It security, legal, communications, leadership, people who know their roles 334 00:18:24.720 --> 00:18:27.799 and are ready to act fast. You need clear, documented 335 00:18:27.799 --> 00:18:30.559 incident response and recovery plans. What are the steps, Who 336 00:18:30.599 --> 00:18:34.319 calls whom? And crucially, you have to practice. Conduct regular 337 00:18:34.359 --> 00:18:38.519 cyber crisis exercises, maybe monthly tabletop drills discussing scenarios and 338 00:18:38.599 --> 00:18:41.839 at least annual full scale simulations to really test the 339 00:18:41.839 --> 00:18:44.119 plans and make sure everyone knows who needs to do 340 00:18:44.160 --> 00:18:47.480 what under pressure. It's like fire drills, but for cyber incidents. 341 00:18:47.599 --> 00:18:50.799 Muscle memory for a crisis makes sense. The book also 342 00:18:50.839 --> 00:18:53.960 breaks down the typical cyber attack sequence. How attackers get 343 00:18:53.960 --> 00:18:57.079 a foothold, set up command and control, escalate their privileges. 344 00:18:57.160 --> 00:19:00.559 Move laterally through the network and finally achieve their mission. 345 00:19:00.759 --> 00:19:03.000 And it stresses you need defenses at every single one 346 00:19:03.000 --> 00:19:05.440 of those steps, right, not just the front door exactly. 347 00:19:05.480 --> 00:19:08.160 It's not just about stopping them getting in initially. You 348 00:19:08.200 --> 00:19:10.400 need ways to detect and block them if they try 349 00:19:10.400 --> 00:19:12.279 to elevate their access, if they try to move from 350 00:19:12.279 --> 00:19:14.720 one system to another, if they try to exfiltrate data. 351 00:19:14.920 --> 00:19:18.440 Defense in depth again, and a really tricky part during 352 00:19:18.480 --> 00:19:22.680 an active breach is not tipping your hand. Professional attackers 353 00:19:22.680 --> 00:19:26.319 are often watching how the victim responds. They have contingency plans. 354 00:19:26.640 --> 00:19:29.839 If you react too quickly or without understanding the full scope, 355 00:19:30.160 --> 00:19:32.799 you can easily end up just chasing ghosts, playing whack 356 00:19:32.839 --> 00:19:35.359 a mole while they achieve their real objective somewhere else. 357 00:19:35.720 --> 00:19:36.759 It's a real cat. 358 00:19:36.559 --> 00:19:40.079 And mouse game, so you need patience and strategy even 359 00:19:40.079 --> 00:19:42.279 in the middle of a crisis. One of the most 360 00:19:42.319 --> 00:19:45.440 common and probably painful responses we hear about after a 361 00:19:45.480 --> 00:19:49.039 breach is a massive company wide password reset. 362 00:19:49.440 --> 00:19:52.839 Oh yeah, and it sounds simple, but it's far more 363 00:19:52.880 --> 00:19:56.359 complex than most people realize. Think about it. Organizations might 364 00:19:56.400 --> 00:19:59.200 need to change all their passwords employee accounts, yes, but 365 00:19:59.240 --> 00:20:03.440 also administrate accounts, system service accounts, maybe even customer accounts 366 00:20:03.440 --> 00:20:05.680 if those were impacted, And you have to deal with 367 00:20:05.759 --> 00:20:09.359 all the tricky edge cases dormant accounts that are still 368 00:20:09.400 --> 00:20:12.799 active but unused, phantom accounts that shouldn't exist but do, 369 00:20:13.559 --> 00:20:17.440 zombie accounts that are disabled but not properly removed, and crucially, 370 00:20:17.759 --> 00:20:20.680 any hijacked accounts the attacker already controls. 371 00:20:20.839 --> 00:20:23.119 Wow, that sounds like a nightmare to manage. 372 00:20:23.200 --> 00:20:26.279 It can be. All those forgotten or hidden accounts can 373 00:20:26.279 --> 00:20:29.759 be lingering vulnerabilities if they're not systematically found and reset 374 00:20:29.839 --> 00:20:33.359 or disabled. And this again really highlights why multi factor 375 00:20:33.400 --> 00:20:37.960 authentication MFA is so powerful. If MFA is widely deployed, 376 00:20:37.960 --> 00:20:40.839 a stolen password alone is much less useful, which can 377 00:20:40.880 --> 00:20:44.720 make these massive, disruptive password resets less necessary or at 378 00:20:44.759 --> 00:20:45.680 least less urgent. 379 00:20:45.839 --> 00:20:48.640 Yeah, I confess sometimes that extra step for MFA feels 380 00:20:48.680 --> 00:20:51.039 like a minor annoyance. But hearing you talk about password 381 00:20:51.079 --> 00:20:53.759 spraying and the nightmare of resets, it really puts it 382 00:20:53.799 --> 00:20:54.519 into perspective. 383 00:20:54.920 --> 00:20:57.200 Right. It's like adding a proper dead bolt to your 384 00:20:57.240 --> 00:21:00.480 front door after realizing the basic lock wise well, well, 385 00:21:00.640 --> 00:21:03.240 maybe not as strong as you thought that little bit 386 00:21:03.240 --> 00:21:05.079 of friction is worth the security gain. 387 00:21:05.160 --> 00:21:08.079 That's a great way to think about it. Okay, looking ahead, then, 388 00:21:08.440 --> 00:21:11.480 how do organizations stay resilient? How do they adapt to 389 00:21:11.559 --> 00:21:13.680 threats that are just constantly evolving. 390 00:21:14.480 --> 00:21:18.279 The book points to a really powerful trend, DevOps and 391 00:21:18.359 --> 00:21:20.039 the idea of everything is code. 392 00:21:20.079 --> 00:21:20.839 Everything is code. 393 00:21:20.920 --> 00:21:25.880 Yeah, it means your entire IT environment, servers, networks, applications, 394 00:21:25.960 --> 00:21:30.799 configurations is defined and managed through code through scripts. The 395 00:21:31.000 --> 00:21:35.200 huge advantage is incredible recovery speed. If your environment gets 396 00:21:35.279 --> 00:21:38.640 trashed by ransomware, instead of manually rebuilding everything, which could 397 00:21:38.640 --> 00:21:41.640 take days or weeks, you could potentially redeploy your entire 398 00:21:41.720 --> 00:21:44.839 infrastructure from these clean code templates in minutes or hours. 399 00:21:45.240 --> 00:21:47.079 The book suggests it can be more than one hundred 400 00:21:47.079 --> 00:21:47.799 times faster. 401 00:21:48.000 --> 00:21:50.559