Shows
Cybersecurity SenseCan You Trust Your Eyes? Deepfakes, Self-Healing Systems, and AI Risks You’re Not Seeing In this episode of Cybersecurity Sense, host Mark Burnette sits down with Andy Kerr and Kyle Hinterberg for a sharp, insightful look at the real-world impacts of artificial intelligence on cybersecurity. From the alarming rise in deepfake attacks to the evolving landscape of PCI compliance, the trio dives into the current hot topics keeping cybersecurity leaders up at night. Highlights include: How deepfakes are undermining identity verification and fueling advanced phishing schemes The growing compliance demands of PCI 4.0, especially around payment page scripts The rise of self-healing networks and the AI dashboards driving autonomous remediation Why...2025-06-0528 min
Cybersecurity SenseThe Future of AI Security: Legacy AI, Emerging Risks & Business ImpactCybersecurity is evolving, and so is our podcast! 🎙️ New hosts Andy Kerr and Kyle Hinterberg discuss their backgrounds and the a new, broader focus for the podcast—expanding beyond PCI compliance to cover real-world cybersecurity trends. In this episode, you'll learn about the evolution of security challenges and the growing impact of AI in cybersecurity. Key topics include: DeepSeek vs. OpenAI – A new AI model shaking up the industry AI Risks & Compliance – Guardrails, security gaps, and legal concerns Practical Business Impact – How organizations should approach AI securely Tune in for insights on staying ahead in an A...2025-03-1839 min
CyberMAYnia - CyberTalks with May Brooks31 AI, Deepfake & Fraud: The Future of Payment Security with Kyle Hinterberg In this episode of CyberMAYnia, we sit down with Kyle Hinterberg, Senior Manager & PCI QSA at LBMC, to explore the evolving threats in payment security, fraud, and compliance. As AI and deepfake technology continue to advance, businesses face new challenges in protecting financial transactions from cybercriminals.What you’ll learn in this episode:How AI and deepfakes are reshaping fraud and payment securityThe biggest misconceptions about PCI DSS complianceStrategies businesses can implement to protect customer payment dataKyle’s journey into cybersecurity and payments securityWhether you're in cybersecurity, finance, or just curious about the future of d...2025-03-0347 min
All Things Internal AuditTop 5 Episodes of 2024: AI, Ethics, Greenwashing, Quantum Computing, and Financial CrimeThe Institute of Internal Auditors Presents: All Things Internal Audit In today’s episode, to kick off the new year, we’re counting down your top 5 favorite episodes from 2024! From tackling AI risks and ethics to uncovering misleading greenwashing claims and exploring the next frontier of quantum computing, these episodes highlight the key issues shaping the internal audit profession. So, whether you’re a longtime listener or new to All Things Internal Audit, grab a seat and join us as we revisit the episodes that made the biggest impact in 2024. Let the countdown begin! Episode 1: Tackli...2025-01-1427 min
Business NinjasEmpowering Your Success with Accounting & Business Consulting | Business Ninjas: WriteForMe and LBMCIn this episode of Business Ninjas, host Andrew Lippman interviews Mark Burnette, Chief Growth Officer at LBMC, a top 40 professional services firm in the U.S. Mark takes us through LBMC’s impressive growth journey, from its early beginnings in Nashville to becoming a national leader in accounting, advisory, and cybersecurity services. He shares how the firm has stayed true to its people-first approach, which was key during the pandemic, helping them retain top talent, strengthen client relationships, and offer innovative solutions across a variety of industries.Join us as Mark reveals his journey from cybersecurity expert to...2024-10-1728 min
The Virtual CISO MomentS6E45 - Authors Series 2 - Mark BurnetteMark Burnette is the Chief Growth officer for LBMC and the author of Risky Business: Cybersecurity Leadership the Right Way. Driving growth (increased revenue) has been an important part of his career. During his 30+ years in the professional world, he has helped start and build service lines for three major professional service firms, led a boutique consulting firm as President, and co-founded, built, and sold a software company, among other career experiences. W discuss lie after the CISO, how we all are sales persons in some way, his book, and much more. Viewers and listeners can obtain a free...2024-09-1032 min
All Things Internal AuditAI Governance & Ethical ConsiderationsAll Things Internal Audit Tech: AI Governance & Ethical Considerations In this episode, hear from industry thought leaders about governance and ethical considerations of artificial intelligence usage in the internal audit profession. Experts discuss strategies to mitigate risks of sensitive data disclosure in public AI tools and emphasize the importance of governance and monitoring in AI implementation. They address ethical concerns, including preventing AI-generated risks and ensuring safe AI practices in applications involving human safety. This conversation covers: Mitigating Risk of Sensitive Data Disclosure Governance and Monitoring in AI Importance of oversight and ethical auditing practices P...2024-07-1613 min
All Things Internal AuditRisk and Cyber Audit Opportunities With AIAll Things Internal Audit: Risk & Cyber Audit Opportunities with AI In this episode, thought leaders discuss the groundbreaking applications of AI in enhancing compliance programs, continuous risk assessment, and cybersecurity audits. Industry experts share real-world examples, such as the use of ChatGPT for PCI DSS compliance and dynamic risk scoring frameworks. Discover how AI is making audit processes more efficient, accurate, and cost-effective, and learn about the crucial role it plays in improving internal audit services. This conversation covers: AI's role in developing and testing PCI DSS compliance programs Training AI models on organizational systems for t...2024-06-2808 min
Cybersecurity SensePCI Monthly Update: Latest News and Updates to Requirement 12Join us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment covering the impact of PCI v4.0 and how organizations are adjusting. In case you missed it - Andy Kerr joined PCI Practice Partner Stewart Fey for an interactive Q&A session on PCI 4.0. If you're interested in watching this session, reach out to our team for a link. Next up, we'll cover the last requirement - Requirement 12 - the "Information Security Catch-All Requirement."...2024-05-2139 min
Cybersecurity SensePCI Monthly Update: Latest PCI News, Requirement 11 Overview, and QSA InsightsJoin us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment covering the launch of PCI v4.0 and the ins and outs of the new INFI (Items Noted For Improvement) Worksheet. Next up, we'll cover Requirement 11 - Test security of systems and networks regularly. This requirement can either be the easiest or hardest for organizations depending on their setup. Our QSA experts provide their insights on best practices and what has changed in v4.0.2024-04-3033 min
Cybersecurity SensePCI Monthly Update: Version 4.0 Countdown, Requirement 10, and QSA InsightsIn this edition of the PCI Monthly Update, we’re counting down to the launch of PCI 4.0! We start this month's podcast with a reminder that v4.0 goes into full effect on March 31. Our focus then shifts to Requirement 10 covering logging and monitoring all access to system components and card holder data and what is changing with v4.0. This podcast is your monthly briefing on PCI standards - an indispensable listen for anyone tasked with safeguarding payment card data.2024-03-1927 min
Cybersecurity SensePCI Monthly Update: Gearing Up for Version 4.0, Mastering Requirement 9, and QSA InsightsIn this January edition of the PCI Monthly Update, we’re on the brink of exciting changes with version 4.0 just around the corner! We start with a spotlight on the ongoing Request for Comments (RFC) period for PCI DSS v4.0, inviting insights from industry experts. Plus, we discuss the Global Content Library, showcasing insights from the 2023 Community Meetings. Our focus then shifts to Requirement 9, where we break down the critical protocols for restricting physical access to cardholder data. We'll cover everything from documenting security policies to managing visitor access, ensuring secure storage and destruction of media with ca...2024-01-3029 min
Cybersecurity SensePCI Monthly Update: December News, Deep Dive into Requirement 8, and QSA Q&AJoin us for the latest episode of our PCI Monthly Update podcast, where we explore the latest developments in the world of payment card industry security. We begin with a news segment highlighting the PCI SSC's TRA Guidance. Next, we delve into Requirement 8 of the PCI DSS, dedicated to identifying users and authenticating access to system components. We'll explore the intricate details of this requirement, covering sub-requirements 8.1 to 8.6. These discussions will include processes for user identification, strict management of user and administrator accounts, strong authentication methods, and the implementation of multi-factor authentication (MFA) to ensure the security...2024-01-1135 min
Cybersecurity SensePCI Monthly Update: October - New SAQ Review, Focused Look at Requirement 7, and Expert QSA InsightsDive into the latest in the PCI landscape with our October update. We kick off with a news segment spotlighting the new SAQ SPOC (Software PIN Entry on COTS) which includes portions of PCI DSS Requirements 3, 8, 9, and 12. Transitioning to Requirement 7, we discuss restricting access to system components and cardholder data based on business necessity, delving into sub-requirements 7.1 to 7.3, and discussing the principles of 'need to know' and 'least privileges.' Our QSA Q&A segment addresses the applicability of Requirement 7 to customer/cardholder accounts, clarifying the scope and the specific entities impacted by this requirement.2023-11-0729 min
Cybersecurity SensePCI Monthly Update: September Highlights & Requirement 6 Deep Dive Catch the latest news in our September "PCI Monthly Update" from Tuesday, September 26, 2023. We kick things off with key insights from the recent PCI Community Meeting. Next, we dive into Requirement 6, discussing the essence of secure software development, from processes to security vulnerabilities, web application protection, and change management. Our QSA Q&A segment addresses a vital question: What documentation should you expect from PCI DSS compliant service providers? Join us for a succinct roundup of September's essential PCI updates and insights. Perfect for both newcomers and seasoned PCI professionals.2023-10-1731 min
Cybersecurity SensePCI Monthly Update: August Highlights & Requirement 5 BreakdownTune in to the August edition of our PCI Monthly Update. We kick off with a sneak peek into the upcoming PCI North America Community Meeting in Portland and introduce the newly launched PCI Community Job Board—a dedicated platform for security talent and job postings in the payment industry. Next, we delve into Requirement 5, shedding light on anti-malware solutions. We explore the criteria for system components which do not require anti-malware, delve into the specifics of anti-malware implementation, and highlight the periodic evaluations required for maintaining optimal security. Wrapping up, our QSA Q&A se...2023-09-0524 min
Cybersecurity SensePCI Monthly Update: July Insights & InnovationsDive into the latest PCI news in our July PCI Update. This episode covers key PCI developments, an in-depth exploration of Requirement 4, and a helpful QSA Q&A. We kick off this episode by previewing the upcoming PCI Community Meeting in Portland and discuss our hosts' presentation on "Generative AI: Your New Secret Weapon or an Insider Threat?" We also talk about the INFI worksheet and the importance of Continuous Compliance. In the Requirement 4 segment, we focus on strong cryptography, robust security protocols, and the need to secure PAN during transmission over public networks. We...2023-08-0824 min
Cybersecurity SenseWorried about Ransomware?Do you know the average payout organizations are hit with for every attack? William Parks and Bill Dean discuss a service dedicated to helping your organization (big or small) withstand a ransomware attack. Bill and his team are ready to help you and your organization obtain peace of mind when it comes to these advanced threats. Questions for Bill? Find him here: bill.dean@lbmc.com2023-05-2315 minCybersecurity SenseAdvance Guard Could Save YouLBMC Shareholder Bill Dean and William Parks spend today’s episode discussing Advance Guard, a new service offering from LBMC's Security Technical Team. Learn how Advance Guard may help protect your organization's most valuable assets, save time on compliance audits, and give peace of mind about your current security stance.  Want to see Bill’s “Prescription”? Check out the link below: https://www.lbmc.com/wp-content/uploads/2023/01/AdvanceGuard-Sample-Schedule.pdf Questions for Bill? Find him here: bill.dean@lbmc.com2023-04-1117 minCybersecurity SensePCI Monthly Update: March News & Requirement 3 Stay up to date with the latest in PCI compliance. In this episode, William Parks, Andy Kerr, and Kyle Hinterberg discuss the latest in PCI news, new restrictions around PAN data, and how to master Requirement 3 while preparing for PCI 4.0. Don't miss our upcoming webinar: "How to Reduce Your PCI Scope: Tips & Technology Your Organization Needs to Know" on Thursday, April 13 at 11am CT. Register Now! For any questions, feel free to reach out to us here: Kyle Hinterberg: kyle.hinterberg@lbmc.com Andy Kerr: andy.kerr@lbmc.com William Parks: w...2023-03-2935 minCybersecurity SenseChatGPT: What You Need to KnowChatGPT is making headlines worldwide and its impact is making a lot of business owners uncomfortable. What is ChatGPT? How will this tool change how you do business? Is ChatGPT a security risk? What to expect from ChatGPT4? William Parks interviews LBMC's Data Insights team members to discuss this controversial topic, dive into facts your organization needs to know, and explore probable scenarios that could happen with this level of Artificial Intelligence. Want more insights? Contact LBMC's Data Insights team: Jon Hilton, Shareholder (jon.hilton@lbmc.com) Will Son, Senior Manager (will.son...2023-03-2156 minCybersecurity SenseInterviewing a Real HackerWilliam Parks takes this podcast to introduce a key member of LBMC Information Security’s Technical Services team, Daniel Nguyen. Daniel is a manager on the team with quite the insightful background. William and Daniel spend time discussing current steps to keep your organization successful in their journey to a healthier security posture. Questions for Daniel? Find him here: daniel.nguyen@lbmc.com  2023-02-1617 min
The Virtual CISO MomentThrowback Thursday - A Conversation with Mark BurnetteFrom September 28, 2022 -  Mark Burnette, Shareholder-In-Charge at LBMC Information Security, discusses his path from Senior IT Auditor to overseeing and directing LBMC’s Risk Services practice nationwide. He is very active in the information security community, including as co-founder and past president of the Middle Tennessee ISSA chapter (one of the largest in the world), and co-founder and board member of the Southern CISO Security Council. His certifications include CPA, CISA, CISSP, CISM, and CRISC, and he frequently speaks on information security topics, including a fabulous TEDx talk on the Humanity Behind Cyber Attacks - https://www.ted.com/tal...2023-01-2626 minCybersecurity SensePCI Monthly Update: January News & Requirement 1Stay up to date with the latest in PCI compliance. In this episode, William Parks, Andy Kerr, and Kyle Hinterberg discuss the latest in PCI news and how to master Requirement 1 while preparing for PCI 4.0. For any questions, feel free to reach out to us here: Kyle Hinterberg: kyle.hinterberg@lbmc.com Andy Kerr: andy.kerr@lbmc.com William Parks: william.parks@lbmc.com2023-01-1234 min
The Beer Mighty Things Podcast# 166 - On Cybersecurity Safety with Mike Ciunci of LBMCToday we're joined by Cybersecurity Specialist Mike Ciunci of LBMC Information Security to cover the state of the cyber industry. Â
We review & learn how to identify the common cyber scams: phishing, social engineering, ransomware and what to do if your systems are breached, but first we discuss his current fitness challenge: #75Hard
We discuss a few real-life examples of brewery hacks and we stress the importance of creating a trustworthy culture while educating your staff using the free tools available on the web.
We debunk the common myths like "We're too small to b...2022-12-2057 min
Invest:Insights by Capital AnalyticsTraversing today’s information security landscapeMay 10, 2022
Today's economy is ripe with innovation, presenting a plethora of challenges and opportunities to businesses. With Invest:Insights, Shareholder-in-Charge of LBMC’s Information Security practice Mark Burnette discussed his unique approach to cybersecurity training, the importance of advisory teams in today's economy and his thoughts on the development of regulatory framework and subsequent compliance moving forward. 👉 Register to read all Capital Analytics reports for free: https://www.capitalanalyticsassociate...
2022-12-1908 minCybersecurity SensePCI Monthly Update: December News & FAQsWilliam Parks, Andy Kerr, and Kyle Hinterberg discuss the latest PCI news, share how to create and what should be covered in an executive summary for a PCI assessment, and answer a few questions from our listeners. If you’d like us to answer and address questions on our next episode, reach out to us here: Andy Kerr – andy.kerr@lbmc.com Kyle Hinterberg – kyle.hinterberg@lbmc.com William Parks – William.parks@lbmc.com2022-12-0634 minCybersecurity SensePCI SSC Community Meeting Top TakeawaysIn this podcast, Host William Parks discusses with LBMC Information Security Senior Managers Andy Kerr and Kyle Hinterberg some of the top takeaways at this year’s PCI SSC Community Meeting. Topics discussed during this episode include changes to the “In-Place with Remediation” reporting option which was added in PCI DSS v4.0, what to do if you miss an ASV Scan, new ways to interact with the PCI Council, SAQ updates, and much more!2022-11-0828 minCybersecurity SenseKeeping Your Digital Identity Secure with Mark BurnetteThe Internet provides access to lots of good data, useful websites, social media options, and entertainment, but unfortunately, it also poses some risks to the security and privacy of individuals. In this episode, William Parks and Mark Burnette will share some practical tips for how you can keep yourself and your family safe and secure online. You will learn how to keep your kids safe on social media, how to avoid having to remember hundreds of online passwords (and how to avoid having them hacked), and how to protect your privacy while surfing the Internet. Episode Bonus...2022-10-1347 minCybersecurity SenseAll About HITRUSTIn this episode, Host William Parks interviews LBMC Shareholder Robyn Barton about HITRUST, what it is, the relationship between HITRUST and HIPAA, and the new HITRUST i1, r2, and bC Assessments.2022-09-2913 min
The Virtual CISO MomentThe Virtual CISO Moment S4E44 - A Conversation with Mark BurnetteIn this month's special end of month Wednesday episode Mark Burnette, Shareholder-In-Charge at LBMC Information Security, discusses his path from Senior IT Auditor to overseeing and directing LBMC’s Risk Services practice nationwide. He is very active in the information security community, including as co-founder and past president of the Middle Tennessee ISSA chapter (one of the largest in the world), and co-founder and board member of the Southern CISO Security Council. His certifications include CPA, CISA, CISSP, CISM, and CRISC, and he frequently speaks on information security topics, including a fabulous TEDx talk on the Humanity Behind Cyber At...2022-09-2826 minCybersecurity SenseAIG Cyber Mercenary Group Raises ConcernIn this episode, Host William Parks shares the latest on the new cyber mercenary group, Atlas Intelligence Group or AIG.2022-08-2312 minCybersecurity SenseRansomware AwarenessIn this episode, Host William Parks shares ransomware awareness tips and cybersecurity best practices to keep your company safe from attacks.2022-04-2807 minCybersecurity SenseWomen in CyberSecurityTo celebrate Women's History Month, LBMC interviews a panel of our women cybersecurity experts on their unique career journeys, what advice they would give to women looking to work in the field, and goals for the future. 2022-03-2428 minCybersecurity SenseHiring PerspectivesIn this episode, the LBMC team gives listeners insight into what to expect when interviewing for a role in information security. Learn what qualities hiring managers are looking for as you prepare for your job interview.2020-12-0842 minCybersecurity SenseInformation Security Careers (Part 2)Part two of our Information Security Careers podcast series. Our panel of experts share their paths to their first infosec jobs and provide advice for pursuing a career in the field.2020-11-1021 minCybersecurity SenseInformation Security CareersLearn how a few members of the LBMC Information Security team got started in their careers, and what you should consider when going into the field. 2020-10-2136 minCybersecurity SenseWhat is the Cybersecurity Maturity Model Certification (CMMC)?In this episode, Caryn Wooley joins us to discuss the Cybersecurity Maturity Model Certification (CMMC). Learn why the Department of Defense created the model to improve security for government contractors and subcontractors. Hear what you can do to start preparing for CMMC today.2020-10-2128 minCybersecurity SenseBill Dean - Nancy SpizzoNancy Spizzo, Senior Manager at LBMC Information Security, joins Bill Dean to talk about HITRUST and the new LBMC Information Security HITRUST Guide being released later this fall. 2020-09-1813 minCybersecurity SensePCI Pen TestingIn this episode Bill Dean and Stewart Fey discuss penetration testing for PCI compliance. Learn about the differences between penetration testing and vulnerability assessments, and what is needed to meet requirements for PCI compliance.2020-07-1027 minCybersecurity SenseThe Return to a "New Normal"In this episode Nancy Spizzo joins Bill Dean to discuss re-entry to the workplace. They'll discuss what items you should consider from a security and technology perspective as organizations plan to reopen their facilities. 2020-05-2021 minCybersecurity SenseThe Impact of Remote Work on IT AuditsIn this episode, Chelsea Smith talks with Bill Dean about the impact of remote work on IT audits during the COVID-19 pandemic. 2020-05-0615 minCybersecurity SenseUsing Zoom SecurelyZoom is soaring in popularity as a large population of remote workers are using it for video conferencing. With it's surging popularity, the platform's loose security protocols made it an easy target for hackers to take advantage and disrupt calls. "Zoombombing" allowed anyone to login to unprotected links to intrude on the calls often sharing lewd photos and videos. Listen to our most recent podcast to hear what you can do to use Zoom securely. 2020-04-2221 minCybersecurity SenseNot All Phishing Assessments Are EqualIn this episode, LBMC's cybersecurity experts discuss the topic of social engineering via phishing. Learn the difference in using phishing software solutions versus penetration testing services for your cybersecurity program.2020-04-1016 minCybersecurity SenseMFA is NOT a Silver BulletLBMC Cybersecurity expert, Derek Rush, joins Bill Dean as they discuss the benefits and limitations of multi-factor authentication. 2020-04-1018 min
Cybersecurity SenseLBMC HITRUST Conference RecapThe LBMC Information Security team recaps the 2019 HITRUST conference that was held in Texas in May. The team talks about the latest news on third-party assurance, HITRUST CSF adoption and controls implementation, SOC 2 + HITRUST, and the latest initiatives in the quality sub committee.2019-08-1620 min
Cybersecurity SenseKey Insights on PCI DSS Version 4.0In this podcast, LBMC Information Security’s Mark Burnette offers a summary and perspective on the council’s insights—specifically addressing the three likely changes for the next version of the PCI DSS.2019-05-3013 min
Cybersecurity SenseNew Tools for PCI ComplianceIn this podcast, LBMC Information Security’s Bill Dean and John Dorling discuss some of the new tools available to help merchants who are trying to achieve PCI compliance.2019-05-1515 min
Cybersecurity Sense2018 Was Second-Most Active Year for Data Breaches2018 was one of the biggest years for data breaches to date, with more than 6,500 data breaches reported throughout the year. In this podcast, LBMC Information Security’s Bill Dean dives deeper into these recent data breach statistics and why it’s important to keep investing in the hard work involved with combating cyber-attacks to prevent data breaches in the days to come.2019-03-2010 min
Cybersecurity SenseTargeted Attacks Compared to Opportunistic AttacksAll companies are subject to opportunistic attacks, but do you know if you are subject to a targeted attack based on the data you generate or maintain? In this podcast, LBMC Information Security’s Bill Dean addresses this question while diving deeper into the key differences between targeted attacks and opportunistic attacks.2018-10-0308 min
Info Risk Today PodcastCritical Elements of a Solid Cybersecurity ProgramHealthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Security, who formerly was CISO at Vanderbilt University and Medical Center.2018-10-0300 min
Data Breach Today PodcastCritical Elements of a Solid Cybersecurity ProgramHealthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Security, who formerly was CISO at Vanderbilt University and Medical Center.2018-10-0300 min
Cybersecurity SenseIncident Response Should Be Common SenseSince incident response issues are no longer just an IT issue and can often involve legal issues, it is important for organizations to develop an incident response team, seek outside expertise, and have an overall action plan in the event of an incident. In this podcast, LBMC Information Security’s Bill Dean discusses how a complex situation like incident response can be purely based on common sense.2018-08-1607 min
Cybersecurity SenseAttack SimulationIn a previous podcast, we discussed purple-teaming as it compares to a conventional penetration test. Let’s now build on that approach, starting with the differences between attack simulation and conventional penetration tests. The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection. So, how does attack simulation differ from purple-teaming? With purple-teaming, everyone know what controls are being tested and when. The attack simulation is a bit different, asthe focus is the emulation of a specific attacker group and their met...2018-07-1806 min
Cybersecurity SensePurple-TeamingMost penetration testers are considered “red team,” while most defenders are considered “blue team.” Thus, the irony of a conventional penetration test is that these two groups are typically pitted against each other. When the red teams and blue teams are working together, you have what’s called a “purple team.” While purple-teaming has not always been a thing, it can be a win for both groups. Purple-teaming has now become somewhat of a buzzword. However, the effort behind it has great merit and value. In this podcast, LBMC Information Security’s Bill Dean helps purple-teaming, as well some of the...2018-07-1006 min
Cybersecurity SenseGDPR and Preparing for DSARsThe EU’s General Data Protection Regulation (GDPR) permits users certain rights (referred to as “data subject access rights” or “DSARs” in the documentation) that organizations will need to be prepared to accommodate if they must comply with GDPR. For organizations to be prepared to respond, it’s important to have a clear understanding of DSARs before you risk consuming too much time, money, and resources in efforts to remain compliant. In this podcast, LBMC Information Security’s Drew Hendrickson shares some considerations for how to prepare and respond when a customer chooses to request action on one of their new r...2018-05-0815 min
Cybersecurity SenseGDPR—How to PrepareAs organizations determine whether the E.U.’s General Data Protection Regulation (GDPR) is applicable to them, there are several important things to consider when it comes to compliance. Among those things involves preparing for and responding to personal data breaches which is not just a requirement of the GDPR; it’s a good business practice in general), data consent, and how you are protecting our data (like data pseudonymisation). With GDPR, personal data is defined a bit differently, which means there’s potentially much more data for organizations to protect. In this podcast, LBMC Information Security’s Drew He...2018-05-0816 min
Cybersecurity SenseDoes GDPR Apply to Me?As the May 25, 2018 GDPR enforcement date fast approaches, many organizations are asking, “How does the GDPR will apply to my organization?” As the GDPR extends to U.S. organizations that offer services to or monitor behaviors of E.U. citizens, it’s important to understand how to classify your organization’s data to determine GDPR applicability. While the GDPR presents new challenges for organizations storing or processing personal data, maintaining compliance with the proper guidance is essential. In this podcast, LBMC Information Security’s Drew Hendrickson explains GDPR, how it can apply to you, and why GDPR compliance 2018-05-0814 min
Cybersecurity SenseWhy Employees Are Your Number One RiskThe question is not, “Will your employees will get your company hacked?” but rather “When will your employees get your company hacked?” A recent article from HITECH Answers highlights this sad reality of human-error being the most common reason for a cyber intrusion and data compromise. So, while employee actions can circumvent most every security control you have invested in, security awareness training is critical to prevent your employees from being your number one risk. Users are often the last line in your cyber-defense efforts, and there is no patch for people wanting to be helpful or wanting t...2018-04-1909 min
Cybersecurity SensePhishing Emails with 100% Click RateIn a recent report from Wombat Security Technologies based on data from millions of simulated phishing attacks, it was found that 76% of organizations said they experienced phishing attacks in 2017, and nearly half of information security professionals said that the rate of attacks increased from 2016 to 2017. F-Secure also recently released research data indicating that over one-third of security incidents start with phishing emails or malicious attachments sent to company employees. In this podcast, LBMC Information Security’s Bill Dean digs into these research findings and shares some reasons why training employees to spot phishing emails, messages, and pre-texting calls...2018-04-1006 min
Cybersecurity SenseIIA Knoxville—Implementing Cloud-Managed SecurityWhen cloud-managed security was first introduced, there was some concern about the levels of security as compared to the security of data on an organization’s premises. Today, security professionals have implemented the appropriate controls to help could-based data management be safe and effective. As many organizations are now embracing and migrating to the cloud, it is important to know the risks and proper controls associated with the movement. In this podcast from the Institute of Internal Audit meeting in Knoxville, LBMC Information Security’s Bill Dean and Sese Bennett discuss the effectiveness and concerns surrounding migrating to c...2018-04-1007 min
Cybersecurity SenseIIA Knoxville—Risky BusinessNo matter the industry—government, healthcare, financial, or even smaller, mom-and-pop businesses—each deal with some type of sensitive customer information, and each has decisions to make when it comes to managing risk. Most security and audit frameworks (HIPAA, ISO, PCI, NIST, SOC 2, etc.) have requirements for risk assessment, making them one of the first things auditors or regulators ask for. Many companies are still using spreadsheets when it comes to performing risk assessments, which can be ineffective and insecure. Such a lack of functionality can keep a company from moving beyond assessment and into true risk management. In...2018-03-1907 min
Cybersecurity SenseIIA Knoxville—Dear President Trump: How to Secure the United States & Demonstrate That Your Company IsIn the information security world, we all wish we had more access to senior executives. Following that logic, if you’re responsible for security at your organization, and you are lucky enough to ride on the same elevator with a senior executive from your company, you should be prepared with your “elevator pitch” on what to say about improving the cybersecurity posture of the organization. When asked, you want to have your message fine-tuned and be able to communicate it clearly and succinctly (before the elevator reaches the parking garage). In this podcast, LBMC Information Security’s Mark Burn...2018-03-1207 min
Cybersecurity SenseSOC for Cybersecurity—An Interview from IIA KnoxvilleThe AICPA Cybersecurity Working Group brought to life a new type of cybersecurity examination report in 2017 known as SOC (System and Organization Control) for Cybersecurity. These reports are intended to provide a consistent approach for evaluating and reporting on an entity’s cybersecurity risk management program and give management the ability to consistently describe its cybersecurity risk management program. Additionally, the flexibility of the reports allows management to use any recognized security framework as a baseline while enabling a CPA to provide independent assurance on the effectiveness of the program’s design. In this podcast from the Inst...2018-03-0505 min
Cybersecurity Sense5 Reasons Why Organizations Don’t Detect a Cyber BreachIncident response consultants are often contacted by clients who are in complete shock that their systems or networks have been compromised. Many times, these clients are hoping our analysis will ultimately prove that the incident was just a “flesh wound” to their systems and that they didn’t experience an actual data breach. It’s quite common for organizations to assume that data breaches won’t happen to them, and consequently, they typically don’t have an incident response plan. Not only do organizations need an incident response plan, but they also need to test it via incident res...2018-01-1809 min
Cybersecurity Sense2017 Year-End Healthcare Breach ReviewIn comparison to previous years, 2017 was a good year as the number of healthcare records compromised was significantly down. As of December 30, there had been 341 breaches reported, affecting a little less than 5 million individuals. This compares to 327 breach reports in 2016 but with 16.6 million individuals affected. When this information is contrasted with 2015 statistics, fewer breaches (268) were reported, however more than 113 million patients were affected. So, why the significant drop in affected individuals? In this podcast, LBMC Information Security’s Mark Fulford offers some leading theories for these statistics, as well as a quick rundown of the top five he...2018-01-1211 min
Cybersecurity SenseLaw Firms are Cybersecurity TargetsA recent report from cybersecurity firm, FireEye revealed that Chinese hackers have been actively targeting a shortlist of multinational law firms since at least June of 2017. This was an apparent effort to spy on lawyers and steal confidential information, proving that not only are law firms targets of nation states, but attackers are also keeping up with current news, using well-designed phishing campaigns that contain references to pertinent, high-profile U.S. news stories. Although law firm data breaches are not often in the news, they are happening at an alarming rate, and cybersecurity professionals need to be aware and...2017-12-1907 min
Cybersecurity SenseSOC for CybersecuritySince business leaders and board members are not often technically-inclined, they tend to have many questions about cybersecurity. Because of this, the AICPA recently recognized the need for a new type of cybersecurity examination report and put together a task force to bring to life what’s now known as SOC (System and Organization Control) for Cybersecurity. These reports will be beneficial in giving business leaders and board members an independent assurance and solid understanding of risk management and working with third-party cybersecurity professionals. In this podcast, LBMC Information Security’s Mark Burnette and Drew Hendrickson discuss SOC...2017-12-1223 min
Cybersecurity SenseInformation Security Questions for SMBsA key observation that can be made within the information security industry today is that cybersecurity is not extremely difficult, it is just hard and requires long-term dedication, focus, and commitment. Considering this observation, a key question all cybersecurity professionals must ask is, “If you don’t know where you are, how do you know where you need to improve?” Knowing the answer to this question is essential for beginning or enhancing an organization’s cybersecurity program. In this podcast, LBMC Information Security’s Bill Dean discusses some information security basics that many organizations are overlooking. Bill also walks...2017-12-0510 min
Cybersecurity SenseCloud Storage and User Authentication Compromises: Managing the Integrity of Your DataOften in the information security industry, professionals can be accused of spreading fear, uncertainty, and doubt with cybersecurity concerns. However, considering the implications of integrity attacks, it is essential to pay close attention to them. As more organizations move to cloud storage, user authentication compromises are increasing. If an organization has sensitive information that can be accessed from anywhere online by simply using a username and password, that information is at risk, and organizations should make an effort to make their networks more secure.  In this podcast, LBMC Information Security’s Jason Riddle and Mark Fulford discuss the...2017-11-2715 min
Cybersecurity SenseManufacturing and Industrial Sectors Are Cybersecurity TargetsAs operational technology (OT) networks are used with specialized Industrial Control Systems (ICS) to monitor and control physical processes such as assembly lines, mixing tanks, and blast furnaces, these networks have become ripe targets for adversaries. The lack of basic protections like antivirus can enable attackers to quietly perform reconnaissance before sabotaging these physical processes and compromising industrial devices. Once attackers have compromised an OT network, it is easier for them to learn how the equipment is configured and eventually manipulate it.  In this podcast, LBMC Information Security’s Bill Dean discusses how the manufacturing and...2017-11-1307 min
Cybersecurity SenseAttacking the InfoSec Supply ChainThough not in the recent limelight, it’s no secret that espionage from nation states is happening once again. With sophisticated attacks on InfoSec supply chain companies in 2012, 2013—and as recently as the past few months—many people are left wondering who would target these specific companies? In the end, we know that despite agreements between countries, we have valuable intel within the United States that these attackers are seeking.  In this podcast, LBMC Information Security’s Bill Dean offers valuable insight on attackers who focus on the InfoSec supply chain.  Listen, an...2017-11-0108 min
touch point podcastTP39 - Cyber Security Risks for HospitalsFor hospitals and health systems trying to embrace the digital age, it’s important to understand the pros and cons of such an approach. In this episode, hosts Chris Boyer and Reed Smith discuss a very important topic: data and cyber security risks. Tasked with protecting HIPAA and PHI, the constant pressure to keep data safe and secure is critical. Chris and Reed share ways in which, CIOs and IT departments are adapting their tools and processes to adopt a safe digital environment while meeting the pressing demand by consumers for more open and transparent digital communications. They welcome da...2017-11-011h 10
Cybersecurity SenseKaspersky vs the U.S. GovernmentFor the past 20 years, Kaspersky Lab has provided deep threat intelligence and security expertise for businesses, critical infrastructure, governments, and consumers around the globe. More than 400 million users benefit from protection services provided by Kaspersky, in addition to approximately 270,000 corporate clients. Recently, Kaspersky has found itself under question from the U.S. Government regarding accusations that the company is hiding backdoors into its software to help Russia spy on high-profile users. In fact, the U.S. Government removed Kaspersky from its approved vendor list, citing spying concerns as the reason.  In this podcast, LBMC Information Security’s Bil...2017-10-0309 min
Cybersecurity SenseRansomware and Unintended DisclosureWhen an organization experiences a data breach, one would hope that a quick recovery is ideal, right? But, did you know that there are instances when a quick breach recovery can hurt an organization? For one healthcare facility, this was the case, as it fell prey to a ransomware attack. While the organization was able to quickly recover operations, it recovered so quickly that it failed to preserve needed evidence for proper forensic analysis. So, what did this organization do as a result? In this podcast, LBMC Information Security’s Bill Dean explains how quick breach recovery hu...2017-09-2409 min
Cybersecurity SenseRisk of Email Data BreachesSadly, email data breaches continue to be an increasing problem for businesses and organizations who retain large amounts of sensitive client and customer data. In fact, more than 700 million email accounts and millions of associated passwords were recently leaked in the biggest spambot dump ever. Breaches of this scale and impact have happened to Dropbox, LinkedIn, and Adobe in the past few years. So, what is the risk to your organization? In this podcast, LBMC Information Security’s Bill Dean discusses the numerous ways these data breaches are also a risk to your organization. Take a...2017-09-1410 min
Cybersecurity SenseThe Risks of Remote AccessRemote access to networks has become commonplace in today’s IT environments, as this access is mainly used for IT support, power users, and developers. While this capability can be provided in a safe and secure manner, it can also be deployed in a manner that leaves the organization at great risk. When Remote Desktop is enabled, attackers can brute force administrator credentials, because you can’t lock out the administrator account due to excessive failed logins. With this access, an organization’s entire network could be at risk of compromise and data theft. In this podcast, LBMC I...2017-08-2909 min
Cybersecurity SenseAttacker Dwell TimeEspecially for healthcare IT systems, cyber attacks can lead to the exposure of patient data, service disruptions, time-consuming recovery processes, and high costs in the form of paying a ransom or spending money on new servers, security systems, or consultants. However, that is only when an organization is aware of the breach. Some network breaches can go on for months or even years before an organization learns about it, and these can even be organizations that take information security very seriously with compliance requirements, appropriate budgets, and talented security personnel. The time elapsed between the initial breach...2017-08-2208 min
Cybersecurity SenseCombating Insider ThreatsIt’s true—insider threat events are typically much less frequent than external attacks. However, insider threats often pose a much higher severity of risk for organizations when they do happen. As insiders are given access to sensitive information for work purposes, there’s a great potential for them to do a tremendous amount of damage to a business if they accidentally break policy or choose to steal. Even more, it has been reported that nearly a third of all organizations still have no capability to prevent or deter an insider incident or attack.  In this po...2017-08-0809 min
Cybersecurity SenseBusiness Email Compromise: When The Threat is InternalSince January of 2015, all 50 of the United States have reported an increase in business email compromise (BEC) attacks—a 1,300 percent increase, to be exact. Even worse, organizations have reported a loss of nearly one billion dollars. With everyone now being a potential target, it’s been noted that reconnaissance, social media, and social engineering has played a crucial role, as cyber thieves monitor and learn an organization’s “system.”  In this podcast, LBMC Information Security’s Bill Dean addresses BEC attacks and offers a few solutions for how to combat business email attackers.  Listen i...2017-08-0812 min
Cybersecurity SenseHow To Create ROI With Your SIEMSIEM, or security information & event management, is becoming a fairly common security control these days. It focuses on aggregation and analysis of log data. For this podcast we will assume you have a basic understanding of SIEM and how it’s commonly deployed. If you don’t have that base-level of understanding, you might want to check out one of our other podcasts that focuses on SIEM fundamentals.  We’re going to focus on 3 key value points that any SIEM implementation should provide. The reason for breaking these down for you is that we see far too...2017-08-0116 min
Cybersecurity SenseCybersecurity Sense: The Value of Incident Response Table Top ExercisesAre you prepared for a ransomware attack? Bill Dean, Senior Manager, LBMC Information Security, discusses a low-cost approach method to determine how well you will respond to computer cybersecurity incidents, similar to those that you are reading about in the news, by performing incident response tabletop exercises. 2017-07-2609 min