Join us for the second part of our deep dive into incident response and recovery on the Tech for Business Podcast. In this episode, Todd, COO and CISO, and Nate, Director of Cybersecurity, unpack the challenging balance between acting swiftly and investigating thoroughly. Learn about the critical role of backup systems, the impact of regulatory rules, and the importance of continuous improvement for businesses. They also discuss containment strategies, maintaining business operations during an incident, and how to prepare your organization for future challenges. Don't miss out on their insightful tips and real-life examples!

00:00 Introduction to Incident Response and Recovery

00:34 Balancing Speed and Thoroughness in Incident Response

01:33 Containment and Eradication Strategies

05:25 The Importance of Pre-Planning and Backup Systems

16:12 Challenges in Incident Removal and Insider Threats

18:53 Recovery Time and Prioritization

23:20 Lessons Learned and Continuous Improvement

28:00 Conclusion and Contact Information

Resources:

Master Tabletop Exercises: https://www.cit-net.com/mastering-incident-response-tabletop-exercises/

Your Role in Incident response: https://www.cit-net.com/your-role-in-incident-response/

St Paul Cyber Incident: https://www.cit-net.com/city-of-st-paul-cyber-incident/

SonicWall Vulnerability: https://www.cit-net.com/sonicwall-vulnerability-breakdown/

Eliminate VPNS: https://www.cit-net.com/the-end-of-vpns/

NIST: https://csrc.nist.gov/projects/incident-response

Dive deep into the critical aspects of an effective incident response plan. Our guests, Todd, the COO and CISO, and Nate, the Director of Cybersecurity, discuss the importance of having a well-defined, well-tested plan to handle security incidents. Discover key elements, including escalation paths, communication strategies, and preparation steps, to ensure your business can respond swiftly and efficiently to threats. Follow along as we explore real-world examples and share valuable insights on maintaining business resilience. Don't miss part two of this essential discussion coming next week!

00:00 Introduction to Incident Response

00:34 Key Elements of an Incident Response Plan

01:59 Importance of Communication in Incident Response

03:20 Preparation and Real-World Examples

07:28 Challenges and Adaptability in Incident Response

13:55 Testing and Improving Your Plan

20:24 Emotional and Practical Aspects of Incident Response

24:27 Conclusion and Next Steps

Resources:

Master Tabletop Exercises: https://www.cit-net.com/mastering-incident-response-tabletop-exercises/

Your Role in Incident Response: https://www.cit-net.com/your-role-in-incident-response/

St Paul Cyber Incident: https://www.cit-net.com/city-of-st-paul-cyber-incident/

SonicWall Vulnerability: https://www.cit-net.com/sonicwall-vulnerability-breakdown/

Eliminate VPNS: https://www.cit-net.com/the-end-of-vpns/

NIST: https://csrc.nist.gov/projects/incident-response

In this episode, we delve into the recent SonicWall VPN vulnerability with special guests Todd, our COO and CISO, and Nate, our Director of Cybersecurity. Recorded on August 8th, we discuss the sequence of events leading up to the discovery, the immediate actions taken, and the broader implications for VPN security. Nate provides an in-depth analysis of the attack, including how ransomware groups operate and what businesses can do to protect themselves. Todd expands on why keeping all systems updated and exploring Zero Trust Network Access (ZTNA) solutions is critical for enhanced security. Stay tuned for our upcoming episode on incident response planning. Whether affected or not, this episode is crucial for anyone looking to fortify their cybersecurity posture.

00:00 Introduction and Context

00:26 Initial Discovery of the Vulnerability

02:21 SonicWall's Response and Recommendations

04:13 Broader Implications for Cybersecurity

04:49 The Importance of Regular Updates and Downtime Planning

07:52 The Shift Towards Zero Trust Network Access (ZTNA)

13:12 Ransomware Attack Details and Indicators

22:25 Incident Response Planning and Best Practices

25:24 Conclusion and Final Thoughts

Resources:

https://www.cit-net.com/sonicwall-zero-day-vulnerability/

https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/250804095336430

https://www.huntress.com/blog/exploitation-of-sonicwall-vpn

Join Todd, our COO & CISO, and Nate, our Director of Cybersecurity, as they discuss the recent cyber attack on the city of St. Paul. Recorded on August 6th, this episode dives into the incident's details, the response measures taken by the city, including invoking the Minnesota National Guard, and the implications for other municipalities. Our experts highlight the importance of a mature cybersecurity program, the role of a Security Operations Center (SOC), and the critical need for proactive measures such as eliminating VPNs and implementing application whitelisting. Plus, they touch on business continuity, communication planning, and the financial impact of such cyber incidents. Don't miss this essential discussion for cities and organizations aiming to bolster their cybersecurity defenses.

Resources:

https://www.stpaul.gov/

https://www.stpaul.gov/news/mayor-carter-declare-state-emergency-response-digital-security-incident

https://www.northstpaul.org/CivicAlerts.aspx?AID=990

https://www.stpaul.gov/news/important-information-city-services-during-digital-security-incident-1

https://www.youtube.com/live/6l8Rzhq60Go?si=rkRMOdeKyjbhr-zs

00:00 Introduction to the Cyber Attack on St. Paul

01:06 Initial Response and Observations

03:42 External Support and National Guard Involvement

06:13 Incident Response and Communication Strategies

08:37 Impact on City Services and Segmentation Importance

12:12 Business Continuity and Manual Processes

20:22 Financial Implications and Recovery Time

26:52 Preventative Measures and Recommendations

34:53 Conclusion and Final Thoughts

In this episode, we delve deeper into CIT's journey towards becoming an AI-first company. Hosted by Andrew, our customer strategy advisor, the discussion features Kyle, our CEO and president, and Todd, our COO and CISO. We explore what 'AI first' means, our initial exposure to AI tools like ChatGPT, and the impactful transitions to advanced use cases. This episode is packed with insights on incorporating AI into business operations, the importance of effective prompting, and strategies to foster organizational buy-in. Learn about the transformative power of AI and how it is revolutionizing the way we work, from legal tasks to customer interactions and beyond.

00:00 Introduction to the Podcast and Guests

00:29 Defining 'AI First' with Kyle and Todd

02:10 CIT Origins and First Encounters with AI

05:18 The Impact of AI on Business Operations

06:57 AI as a Thought Partner and Legal Use Cases

10:05 Implementing AI in Business Strategies

30:43 Encouraging AI Adoption in the Workplace

35:32 Conclusion and Additional Resources

In this episode of Our Tech for Business podcast, join Todd, our COO and CISO, and Nate, our Director of Cybersecurity, as they discuss essential cybersecurity practices to keep in mind while on vacation. From disabling auto-connect on your devices and staying vigilant against phishing attacks to ensuring your passwords and software are up-to-date, Todd and Nate share practical tips to protect your personal and work-related data. They also delve into the importance of using encryption, enabling multi-factor authentication (MFA), and safely managing your financial transactions while traveling. Whether it's logging out of devices at Airbnbs or being cautious of potential data leaks due to public displays on planes and in restaurants, this episode is packed with valuable information to help you stay secure. Don't miss the conversation on how personal security measures are just as crucial as those at work, and why truly disconnecting during your PTO can be a crucial cybersecurity measure. Tune in for expert insights and simple steps to enhance your cybersecurity awareness.

00:00 Introduction to Cybersecurity on Vacation

00:42 Avoiding Auto-Connect WiFi Risks

01:48 Staying Vigilant Against Phishing

03:34 Prepping Devices Before Vacation

10:09 Protecting Personal Accounts and Payments

13:42 Using Secure Payment Methods

15:39 Enabling Multifactor Authentication

16:55 Setting Up Credit Card Notifications

17:28 Bank Alerts and Travel Notifications

18:26 Cybersecurity Practices in Personal Life

21:21 Returning from Travel: Digital Hygiene

25:37 Phishing Awareness at Work

30:02 Final Thoughts on Cybersecurity

In this episode, Nate, CIT’s Director of Cybersecurity, discusses why VPNs are becoming outdated and how Zero Trust Network Access (ZTNA) solutions are the future of secure network access. He explains the differences between traditional VPNs and ZTNA solutions, highlighting the security risks of VPNs and the advantages of ZTNA in terms of cost-effectiveness, scalability, and improved user experience. The discussion also covers compliance implications, potential challenges in transitioning to ZTNA, and practical steps for businesses considering the switch. Tune in to learn why it's time to move away from VPNs and how ZTNA can enhance your organization's cybersecurity posture.

00:00 Introduction to VPNs and Cybersecurity

00:39 Understanding VPN Security Risks

02:24 ZTNA Solutions: The Future of Network Security

04:05 Practical Applications and Use Cases

06:13 Cost and Scalability of ZTNA Solutions

17:56 Implementation and Transition Challenges

31:09 Future of ZTNA and Final Thoughts

In this episode of Our Tech for Business podcast, we delve into the complex world of AI ethics in business, featuring insightful discussions with Kyle, the CEO and President, Ann, the Quality Assurance Analyst, and Andrew, the Customer Strategy Advisor. Join us as we explore the importance of integrating AI responsibly while maintaining data security, privacy, and transparency. Kyle highlights the need for balancing innovation with ethical considerations, while Anne emphasizes the necessity of educational guardrails. Andrew discusses the implications of data bias and privacy in AI, offering practical advice on maintaining customer trust. Tune in to gain a comprehensive understanding of how businesses can leverage AI technologies ethically to enhance productivity and strategic decision-making.

00:00 Introduction to AI Ethics in Business

01:01 Kyle on the Importance of AI Ethics

02:39 Ann's Perspective on Compliance and Ethics

04:26 Andrew Discusses Practical AI Applications

06:33 Addressing AI Bias and Data Quality

14:54 Ensuring Data Privacy and Ethical Use

22:42 Maintaining Customer Trust and Transparency

28:36 The Human Element in AI Implementation

36:57 Conclusion and Future of AI Ethics

Secure AI Adoption for Businesses: Practical Steps and Considerations

In this episode of Our Tech for Business podcast, Todd (COO and CISO) and Nate (Director of Cybersecurity) discuss the practical adoption of AI in businesses, emphasizing security and privacy concerns. They cover key topics such as the importance of cybersecurity teams leading AI initiatives, developing AI policies, addressing shadow AI, setting up guardrails, and working with vendors who use AI. The conversation highlights the need for businesses to balance innovation with risk management, meet users where they are, and stay informed about evolving AI regulations and frameworks. This episode provides valuable insights for organizations looking to implement AI securely and responsibly.

00:00 Introduction to AI Tools in Business

00:26 The Role of Cybersecurity in AI Adoption

03:56 First Steps in Implementing AI: Policy and Governance

09:02 Common Concerns and Mistakes in AI Adoption

17:46 Understanding and Addressing Shadow AI

21:16 Setting Up Guardrails for AI Use

25:08 Working with Vendors Who Use AI

28:52 Final Thoughts on Practical AI Adoption

Ann, CIT's Quality Assurance Analyst, joins us to discuss the critical topic of AI policy. With the rapid evolution and adoption of AI technology, organizations need to establish clear guidelines and ethical considerations. Ann shares insights on how AI can be leveraged within different industries, defining AI in the context of policy, and the importance of collaborative efforts in policy creation. Learn about the critical foundational elements, the role of training, transparency, and how to ensure ethical use in your AI initiatives. Whether your company is just starting or looking to refine its AI policy, this episode offers invaluable guidance and expert advice.

00:00 Introduction to AI Policy

00:23 Defining AI in Policy Context

03:24 Collaborative Efforts in Policy Making

06:37 Effective Communication of AI Policies

08:27 Ethical Considerations in AI Policy

13:49 Transparency in AI Use

25:53 Starting Points for Creating AI Policies

31:03 Common Missteps and Foundational Elements

35:10 Conclusion and Final Thoughts