Sign up to save your podcasts
Or
Share DtSR Episode 253 - Defending the Small-to-Medium Enterprise
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DtSR Episode 253 - Defending the Small-to-Medium Enterprise
On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.
- Blue Cross Blue Shield of Alabama sends out USB sticks
- Security elitists up in arms
- We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content?
- To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives
- So what do we suggest?
- More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against?
- https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/
- MySpace has a major account password reset flaw, allowing account take-over
- Wait ... MySpace is still around?
- But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username
- How many of our sites have this problem, or worse?
- https://www.wired.com/story/myspace-security-account-takeover/
This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points:
- SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer?
- How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins
- SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back)
- Other challenges - including how to achieve scale
Guest:
- Shon Gerber
- Current
- CISO for multinational chemical company with approximately 10K employees
- Recent Past
- Security Operations Supervi
- Current
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9797 ratings
On this podcast - James and I welcome Shon Gerber as we talk through a pair of current events and the topic of the day.
- Blue Cross Blue Shield of Alabama sends out USB sticks
- Security elitists up in arms
- We've taught people to be suspicious - don't click, don't open docs, and don't use USB -- So how do we get our clients content?
- To my fellow security professionals- it's reckless to continue to stand with a firm "no" while offering no alternatives
- So what do we suggest?
- More important - what threat model vector are we saying that blocking the sending out of USB sticks would defend against?
- https://www.theregister.co.uk/2017/07/12/blue_cross_usb_card_mailers/
- MySpace has a major account password reset flaw, allowing account take-over
- Wait ... MySpace is still around?
- But seriously, to exploit this last ditch feature for those who've forgotten everything else all you need is the listed name, date of birth, and username
- How many of our sites have this problem, or worse?
- https://www.wired.com/story/myspace-security-account-takeover/
This week we bring Shon Gerber onto the show to talk about defending the SMB and SME. Here are some of our talking points:
- SMBs/SMEs are uniquely challenged in that they can't afford good security any more than they can accord lack of security -- what's the answer?
- How do we achieve scale, in an area of industry with razor thing margins and tiny profit margins
- SMBs/SMEs are more likely to be catastrophically affected by an attack such as ransomware than big companies -- agree or disagree (#DtSR on twitter to talk back)
- Other challenges - including how to achieve scale
Guest:
- Shon Gerber
- Current
- CISO for multinational chemical company with approximately 10K employees
- Recent Past
- Security Operations Supervi
- Current
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Hacked
187 Listeners
Security Now (Audio)
2,012 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,027 Listeners
Smashing Security
317 Listeners
Click Here
419 Listeners
Darknet Diaries
8,080 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners