
Sign up to save your podcasts
Or


Cloud security in 2025 looks nothing like the threat models most organizations were built to handle. This episode of Cybersecurity digs into the mechanics of modern cloud data exfiltration — drawing on this seven-minute deep-dive on cloud exfiltration tactics and defenses — to explain why attackers are so consistently succeeding against organizations that believe their perimeter controls still matter.
The central argument is uncomfortable but hard to refute: in the majority of cloud breaches today, there is no dramatic intrusion. Attackers authenticate with stolen or abused credentials and operate from within the same trusted access paths your employees use every day. The episode walks through the specific techniques, misconfaced architectures, and blind spots that make this possible:
The episode closes with a practical framing of what actually helps: Zero Trust implemented as a genuine operating philosophy rather than a product purchase, cloud-native tooling capable of behavioral baselining and runtime analysis, and continuous verification of every access request regardless of whether it originates inside or outside the network. Legacy on-premises security solutions retooled for cloud workloads are not a substitute — the visibility gap they leave is precisely where modern exfiltration happens.
For more from the show, check out the episode on CI/CD Pipeline Hijacking: How Attackers Strike and How to Stop Them.
SEC
By Eric LamannaCloud security in 2025 looks nothing like the threat models most organizations were built to handle. This episode of Cybersecurity digs into the mechanics of modern cloud data exfiltration — drawing on this seven-minute deep-dive on cloud exfiltration tactics and defenses — to explain why attackers are so consistently succeeding against organizations that believe their perimeter controls still matter.
The central argument is uncomfortable but hard to refute: in the majority of cloud breaches today, there is no dramatic intrusion. Attackers authenticate with stolen or abused credentials and operate from within the same trusted access paths your employees use every day. The episode walks through the specific techniques, misconfaced architectures, and blind spots that make this possible:
The episode closes with a practical framing of what actually helps: Zero Trust implemented as a genuine operating philosophy rather than a product purchase, cloud-native tooling capable of behavioral baselining and runtime analysis, and continuous verification of every access request regardless of whether it originates inside or outside the network. Legacy on-premises security solutions retooled for cloud workloads are not a substitute — the visibility gap they leave is precisely where modern exfiltration happens.
For more from the show, check out the episode on CI/CD Pipeline Hijacking: How Attackers Strike and How to Stop Them.
SEC