Sign up to save your podcasts
Or
Share THE Security Insights Show Episode 278: Pumpkin Patch Phishers: Carving Out Your Data This Halloween
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
THE Security Insights Show Episode 278: Pumpkin Patch Phishers: Carving Out Your Data This Halloween
Picture this: It’s the witching hour of cybersecurity, where jack-o’-lanterns glow with malevolent code and candy corn conceals keyloggers. In this spine-tingling episode of The Security Insights Show, we dive headfirst into the ghoulish guts of seasonal phishing scams – those crafty creeps who lure you in with “Free Zombie Apocalypse Prep Kits” emails, only to carve up your credentials like a deranged pie maker at a harvest festival.
Join our hosts as they unmask the tricks-or-treats of spear-phishing spooks, ransomware pumpkins that explode in your inbox, and why your two-factor auth is the garlic necklace against digital Dracula. We’ll roast real-world horror stories – like the exec who traded his soul (and SSO login) for a “haunted house discount” – and arm you with tricks to keep your data from doing the monster mash.
This episode of “THE Security Insights Show” discusses the risks and security challenges associated with artificial intelligence (AI), particularly concerning phishing scams during the Halloween season (0:21). The hosts, Rodney and Franklin, touch on various aspects of AI, its adoption, and the evolving landscape of cybersecurity.
Key discussion points include:
* The hosts’ return and show changes: Rodney and Franklin discuss their return to the show after a summer break, moving to a bi-weekly Thursday schedule to allow more time for content creation and guest planning (1:02-6:54).
* October as Cybersecurity Awareness Month: They emphasize the importance of cybersecurity awareness, noting a lack of guest speakers this year compared to previous years (4:17-4:33).
* Artificial Intelligence (AI) and its security implications: A significant portion of the discussion revolves around AI, specifically the challenges of securing and governing it (7:47). They highlight the increasing use of AI in creating sophisticated phishing campaigns and the alarming potential for “non-human entities” or “agentic offerings” to be compromised or act as “double agents” in an environment (10:10-10:57).
* Understanding AI architecture and threats: Franklin argues that securing AI is fundamentally about securing compute, identity, data, and networks, with the Large Language Model (LLM) being a new threat (11:31-12:29). They discuss the role of the MCP (Microsoft Collaboration Protocol) server in providing context between chatbots and data sources, acknowledging that generative AI can sometimes provide inaccurate responses (13:03-15:41).
* Challenges in AI security and training: The hosts express concern about the lack of fundamental understanding of AI among security professionals and the trend of training courses merely adding “with AI” to existing content without real value (28:41-31:21). They also discuss the emergence of highly specialized roles in AI security, like the “Chief Artificial Intelligence Risk Officer (CAIRO),” and the potential for a “corporate fear of missing out” driving quick, potentially insecure, AI adoption (36:06-38:29).
* The CISO’s role and application expectations: Franklin suggests that CISOs have the necessary tools for AI security, viewing it as another application to secure, while Rodney believes many are unprepared due to rapid adoption and an “outnumbered” feeling in defense (37:42-43:52).
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com
View all episodes
By Rod TrentPicture this: It’s the witching hour of cybersecurity, where jack-o’-lanterns glow with malevolent code and candy corn conceals keyloggers. In this spine-tingling episode of The Security Insights Show, we dive headfirst into the ghoulish guts of seasonal phishing scams – those crafty creeps who lure you in with “Free Zombie Apocalypse Prep Kits” emails, only to carve up your credentials like a deranged pie maker at a harvest festival.
Join our hosts as they unmask the tricks-or-treats of spear-phishing spooks, ransomware pumpkins that explode in your inbox, and why your two-factor auth is the garlic necklace against digital Dracula. We’ll roast real-world horror stories – like the exec who traded his soul (and SSO login) for a “haunted house discount” – and arm you with tricks to keep your data from doing the monster mash.
This episode of “THE Security Insights Show” discusses the risks and security challenges associated with artificial intelligence (AI), particularly concerning phishing scams during the Halloween season (0:21). The hosts, Rodney and Franklin, touch on various aspects of AI, its adoption, and the evolving landscape of cybersecurity.
Key discussion points include:
* The hosts’ return and show changes: Rodney and Franklin discuss their return to the show after a summer break, moving to a bi-weekly Thursday schedule to allow more time for content creation and guest planning (1:02-6:54).
* October as Cybersecurity Awareness Month: They emphasize the importance of cybersecurity awareness, noting a lack of guest speakers this year compared to previous years (4:17-4:33).
* Artificial Intelligence (AI) and its security implications: A significant portion of the discussion revolves around AI, specifically the challenges of securing and governing it (7:47). They highlight the increasing use of AI in creating sophisticated phishing campaigns and the alarming potential for “non-human entities” or “agentic offerings” to be compromised or act as “double agents” in an environment (10:10-10:57).
* Understanding AI architecture and threats: Franklin argues that securing AI is fundamentally about securing compute, identity, data, and networks, with the Large Language Model (LLM) being a new threat (11:31-12:29). They discuss the role of the MCP (Microsoft Collaboration Protocol) server in providing context between chatbots and data sources, acknowledging that generative AI can sometimes provide inaccurate responses (13:03-15:41).
* Challenges in AI security and training: The hosts express concern about the lack of fundamental understanding of AI among security professionals and the trend of training courses merely adding “with AI” to existing content without real value (28:41-31:21). They also discuss the emergence of highly specialized roles in AI security, like the “Chief Artificial Intelligence Risk Officer (CAIRO),” and the potential for a “corporate fear of missing out” driving quick, potentially insecure, AI adoption (36:06-38:29).
* The CISO’s role and application expectations: Franklin suggests that CISOs have the necessary tools for AI security, viewing it as another application to secure, while Rodney believes many are unprepared due to rapid adoption and an “outnumbered” feeling in defense (37:42-43:52).
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit www.microsoftsecurityinsights.com