Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

Defensive Security Podcast Episode 296

Listen Later
In this episode of the Defense of Security Podcast, Jerry Bell and Andrew Kalat discuss the evolving landscape of cybersecurity threats, focusing on ransomware tactics that exploit insider threats, the hijacking of LLM resources, and the effectiveness of phishing simulations. They explore how adversaries are increasingly targeting employees to gain access to sensitive data and how organizations can better protect themselves against these threats. The conversation also covers the ethical implications of phishing tests and the need for a more supportive approach to security awareness training. In this episode, Jerry and Andrew discuss the challenges faced by cybersecurity teams, the dynamics between security and other business units, and the importance of learning from incidents to improve security practices. They explore the balance between enabling business operations and maintaining security, the implications of generative AI in the workplace, and the need for effective governance around AI usage. The conversation emphasizes the proactive role security professionals must take in navigating these complexities while ensuring organizational safety.

 

 
Takeaways
  • Ransomware attackers are increasingly using insider threats to gain access.
  • Greed can turn employees into insider threats, especially in tough economic times.
  • LLM hijacking is a new tactic that exploits compromised API keys.
  • Phishing simulations may create a rift between users and IT security teams.
  • Punitive measures for phishing failures can lead to underreporting of actual attacks.
  • Security awareness training should focus on protecting users, not punishing them.
  • Adversaries are finding valid API keys to exploit cloud resources.
  • The effectiveness of phishing simulations is being questioned by experts.
  • Organizations need to do a better job at protecting their secrets and credentials.
  • The cybersecurity landscape is rapidly evolving, requiring constant adaptation. Cybersecurity teams often feel like janitors cleaning up after others.
  • Organizational dynamics can create resentment in security teams.
  • Learning from incidents is crucial for improving security practices.
  • Balancing security needs with business operations is essential.
  • Generative AI presents both risks and opportunities for organizations.
  • Effective governance is needed for AI usage in business.
  • Security professionals must help businesses understand risk management.
  • Building relationships across departments can improve security outcomes.
  • AI tools should be used with proper agreements to protect data.
  • The landscape of AI in business is rapidly evolving and requires adaptation.

    • Links

    • https://www.scworld.com/news/ransomware-attackers-turn-to-workers-for-data-breach-access
    • https://www.darkreading.com/application-security/llm-hijackers-deepseek-api-keys
    • https://www.wsj.com/tech/cybersecurity/phishing-tests-the-bane-of-work-life-are-getting-meaner-76f30173
    • https://www.securityweek.com/security-teams-pay-the-price-the-unfair-reality-of-cyber-incidents/
    • https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts
      • ...more
      View all episodesView all episodes
      Download on the App Store
      Defensive Security Podcast - Malware, Hacking, Cyber Security & InfosecBy Jerry Bell and Andrew Kalat
      • 4.7
      • 4.7
      • 4.7
      • 4.7
      • 4.7

      4.7

      368 ratings

      More shows like Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

      View all
      Hacked by Hacked

      Hacked

      188 Listeners

      The Changelog: Software Development, Open Source by Changelog Media

      The Changelog: Software Development, Open Source

      289 Listeners

      Security Now (Audio) by TWiT

      Security Now (Audio)

      2,007 Listeners

      Software Engineering Daily by Software Engineering Daily

      Software Engineering Daily

      623 Listeners

      Risky Business by Patrick Gray

      Risky Business

      373 Listeners

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

      SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

      650 Listeners

      CyberWire Daily by N2K Networks

      CyberWire Daily

      1,031 Listeners

      Click Here by Recorded Future News

      Click Here

      420 Listeners

      Darknet Diaries by Jack Rhysider

      Darknet Diaries

      8,116 Listeners

      Cybersecurity Today by Jim Love

      Cybersecurity Today

      176 Listeners

      CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

      CISO Series Podcast

      191 Listeners

      Practical AI by Practical AI LLC

      Practical AI

      210 Listeners

      Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

      Defense in Depth

      74 Listeners

      Cybersecurity Headlines by CISO Series

      Cybersecurity Headlines

      138 Listeners

      The AI Daily Brief: Artificial Intelligence News and Analysis by Nathaniel Whittemore

      The AI Daily Brief: Artificial Intelligence News and Analysis

      652 Listeners