Shows
Protecting PeopleLooking Ahead: Protecting People and Defending Data in 20232022 continued long-standing cybersecurity risks — aligning with our expectations — alongside new harrowing threats. What does that mean for the new year, and what can we do to best prepare for new tricks in 2023?In this episode, Ryan Kalember, EVP of Cybersecurity Strategy at Proofpoint, joins us to shine a light on best practices for risk prevention, unpack present and potential threats, and more.Join us as we discuss:Potential pain points in cybersecurity for 2023How security leaders should prepare for multiple challengesTop concerns for security leadersRegister for our Power Series: https://go.p...2022-12-0739 min
DISCARDED: Tales From the Threat Research TrenchesThe Many-Faced Threat: Multi-Persona Impersonation (MPI) In Your InboxSocial proof is a potent tool, even in the absence of direct support. When someone is pressured to do something in the presence of trusted peers, they are more likely to follow through unless someone objects. Unfortunately, threat actors have taken notice and are investing significant time and resources into looking like a trusted party to gain access to your personal information.Josh Miller and Sam Scholten join this episode to share their experiences with the evolving intellect of attackers and their multifaceted breach strategies. Using multi-persona impersonation (MPI), attackers establish multiple accounts and increase trust by manipulating social...2022-11-2927 minProtecting PeopleNew Innovations: The Latest Capabilities in Threat ProtectionDespite existing security solutions, organizations are continuing to see their user’s information compromised—whether it be business email compromise, ransomware attacks, phishing, or supply chain threats. The ways attackers are targeting people has evolved, but there's one constant in the ever-changing threat landscape; people are still the primary target.Over the last year, Proofpoint has released several innovations for our overall threat protection platform. In this episode of Protecting People, we invited Neil Hammet, Technical Director at Proofpoint, to join the show to help us understand what these recent innovations mean for our customers. Neil dives deeper into the...2022-11-1626 min
DISCARDED: Tales From the Threat Research TrenchesMachine Learning Is a Party With Camp Disco!In this episode, Dr. Zachary Abzug, Manager and Tech Lead of Data Science at Proofpoint joins the show to discuss a machine learning enabled tool called Camp Discovery, AKA Camp Disco and the importance of the human interaction required for making use of machine learning in malware detection.Join us as we discuss:What exactly Camp Disco is and the need/idea behind its creationHow Camp Disco played a role in the discovery of Chocolatey threat activityWhy Camp Disco uses its own neural network language model instead of an existing language modelNatural...2022-11-0939 min
DISCARDED: Tales From the Threat Research TrenchesReservation Confirmed: Threat Actors Visiting the Hospitality WorldIn this episode, Joe Wise, Threat Researcher at Proofpoint, joins the show to discuss his and Selena’s research into a small e-crime actor, TA558 and its targeting against the hospitality and travel e-crime sector since at least 2018.Join us as we discuss:Classifying threat actors and how it relates to s’moresUnderstanding e-crime vs. APT actorsWhy hospitality and travel e-crimes are still successfulTA558’s TTPs and how their consistencies have aided in Proofpoint’s attribution of their activity over the yearsJoe shares his theories on why TA558 uses so many dif...2022-10-2539 min
DISCARDED: Tales From the Threat Research TrenchesThe Hallow-queen of Cybersecurity: Spooky and Sweet Takes with Sherrod DeGrippoCybersecurity doesn't have to be spooky this Halloween.In this episode, Sherrod DeGrippo, VP of Threat Research and Detection at Proofpoint, joins the show to discuss all things cybersecurity awareness so you can be prepared, not scared, this October. So grab a sweet treat and pull up a seat, the Hallow-queen is about to give her hot takes!Join us as we discuss:The growing risk of TOADs (Telephone Oriented Attack Delivery)Benign phishing reconnaissance emails by threat actorsWhat you need to know to adapt to this ever changing threat landscapeBring awareness...2022-10-1135 minProtecting PeopleIs Cybersecurity a Priority in Your Boardroom? New Insights From 600 Board MembersHow prepared are organizations to deal with a cyberattack? What's the board's relationship with their CISOs? To find out the answers, Lucia Milica, Global Resident CISO at Proofpoint, joins us to discuss the Cybersecurity: 2022 Boards Perspective Report, where 600 board members from around the world were surveyed to share the boards-eye view of the threat landscape. Resources:CISO Hub:https://www.proofpoint.com/us/ciso-hub Cybersecurity: 2022 Boards Perspective Report: https://www.proofpoint.com/us/resources/white-papers/board-perspective-report Voice of the CISO episode: https://podcasts.apple.com/us/podcast/voice-of-the-ciso-insights-from-1-400-cisos-around-the-globe/id1492463146?i=1000561867551 For more e...2022-10-0526 minProtecting PeopleCybersecurity Awareness: How to Positively Impact Your Security CultureIn preparation for Cybersecurity Awareness Month in October, we invited Lisa Plaggemier, Executive Director at the National Cybersecurity Alliance, to join the show to discuss how to drive behavior change, and how to positively impact your cybersecurity culture.Join us as we discuss:What it means to “See Yourself in Cyber” and staying safe onlineHow behavioral science plays a role in driving a positive security cultureHow to measure success of good security culture programCheck out these resources mentioned:https://staysafeonline.org/https://www.proofpoint.com/us/cybersecurity-awareness-hub2022-09-2137 min
DISCARDED: Tales From the Threat Research TrenchesHot off the Press: APT Actors Posing as JournalistsIn this episode, Joshua Miller and Michael Raggi, Senior Threat Researchers at Proofpoint, join the show to discuss APT groups targeting and impersonating journalists. Joshua, Michael, and Crista discovered during their research how APT actors use journalist and their leads as a form of espionage to collect sensitive information.Join us as we discuss:Proofpoint’s unique report on APTs targeting journalists and insight into the motivations behind these attacksUnderstanding the “why” behind threat actors targeting or posing as journalists and media organizationsThe most common methods APT actors use in these campaigns to target or pos...2022-09-1330 minProtecting PeopleFive Minute Forecast for the week of 9/12/2022Five Minute Forecast for the week of September 12th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Ransomware attacks on schools set to riseNorth Korean attackers set their sights on the energy sectorFormer Conti members teach a new dog some nasty tricksAnd Proofpoint VP Threat Research and Detection Sherrod DeGrippo on the threats that keep security leaders up at night.2022-09-1305 minProtecting PeopleInsider Threat Awareness: How to Protect your Organization from Risky UsersSeptember 2022 is the fourth annual National Insider Threat Awareness Month. This month is dedicated to emphasizing the importance of safeguarding our nation and organization by detecting, deterring, and mitigating insider threats.In honor of National Insider Threat Awareness Month, we invited Jonathan Care, Cybersecurity Expert and Former Gartner Analyst, to join us to help bring awareness to this crucial topic and dive deeper into insider risks and threats within organizations.Join us as we discuss:The difference between insider threat and insider risk in organizationsSome of the common behavior patterns that indicate there might be...2022-09-0639 minProtecting PeopleChanging Behaviors and Influencing Employees Through Security CultureSince 2003, the United States has recognized the month of October as Cybersecurity Awareness Month. In preparation for October, Dr. Bob Hausmann, Assessment and Learning Architect at Proofpoint, joins the show to discuss how to build a strong security culture, and why it's essential to do so.Join us as we discuss:3 aspects that define organizational cultures and the key elements of building out a strong security cultureThe impact of having a good security cultureWhy training alone isn’t sufficient for building a great security cultureHow to reinforce a security culture within an or...2022-08-3030 min
DISCARDED: Tales From the Threat Research TrenchesThe Art of Threat Detection EngineeringIn this episode, Konstantin Klinger, Senior Security Research Engineer at Proofpoint, joins the show to chat about his role on the threat research team, focusing on DDX (Detonation, Detection, and Extraction). You won’t want to miss his breakdown of the Pyramid of Pain and how to utilize it for threat detection engineering.Join us as we discuss:Real-life examples of complex attack chain with multiple steps and how to they can be detectedUtilizing the Pyramid of Pain for threat detection engineeringHow to write detections for geofencingThe perks of incorporating automated MITRE AT...2022-08-0930 minProtecting PeopleUpdates from Washington, D.C.: Recap of the National CISO Policy ConferenceIn this episode of Protecting People, Host Lucia Milica, Global Resident CISO at Proofpoint, speaks with Patrick Gaul, Executive Director of the National Technology Security Coalition, as they discuss the 2022 NTSC 5th Annual National CISO Policy Conference. This event hosts CISOs and technology security executives from all over the United States to come together and discuss today's top issues impacting cybersecurity policy and legislation. Lucia and Patrick share their key learnings and updates from their time in Washington DC, as well as some of the latest industry development security professionals need to know about.Join us as we discuss:2022-08-0223 minProtecting PeopleFive-Minute Forecast for the week of 7/18/2022Five Minute Forecast for the week of July 18. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Media outlets face increasingly advanced espionage attemptsH0lyGh0st ransomware group linked to North Korea—but maybe not its governmentCIA insider convicted in massive data leakJoining us to discuss media-focused APT attacks is Proofpoint Threat Researcher Crista Giering.2022-07-1805 min
DISCARDED: Tales From the Threat Research TrenchesThe Dark-Side of CryptocurrencyIn this episode, Jared Peck, Senior Threat Researcher at Proofpoint, explains cryptocurrency and how bad actors are causing trouble with these new decentralized, anonymous currencies.Join us as we discuss:Credential harvesting and phishingMalicious campaigns and extortionDigital money launderingResources:https://www.proofpoint.com/us/blog/threat-insight/how-cyber-criminals-target-cryptocurrencyhttps://twitter.com/ChicagoCyber/status/1521492543707430912https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.htmlhttps://www.proofpoint.com/us/podcasts/threat-digest#113131https://www.proofpoint.com/us/blog/threat-insight/advance-fee-fraud-emergence-elaborate-crypto-schemesKeep up with the latest tales from the threat...2022-07-1234 minProtecting PeoplePresenting to the Board: The Art of Storytelling From a CISOJohn Checco, Resident CISO at Proofpoint joins the show this episode to discuss The Art of Storytelling. CISOs are often presenting technical or complex ideas at the board-level. Trying to do so in a simple yet compelling way can prove challenging, and that is where mastering the ancient art of storytelling can play a critical role in cybersecurity.Join us as we discuss:Six basic concepts of storytelling for businessThe importance of data relevance and context when presentingStrategies for the improvisational moments of storytellingThe biggest mistakes CISOs and security leaders make when...2022-07-0526 minProtecting PeopleFive Minute Forecast for the week of 06/27/2022Five Minute Forecast for the week of June 27th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.FTC advises LGBTQ+ dating app users to beware of cyber extortionLockbit ransomware gets into the bug bounty gameUK delivery services Yodel is hit by cyber attackJoining us is Selena Larson from the Proofpoint Threat Research team, to discuss the latest news on social engineering strategies.2022-06-2705 minProtecting PeopleFive Minute Forecast for the week of 06/20/2022Five Minute Forecast for the week of June 20th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Law enforcement arrest thousands in global social engineering stingsIcefall vulnerabilities put thousands of critical systems around the world at riskBlackcat takes ransomware victim shaming to a new levelJoining us is Proofpoint VP of Threat Research and Detection, Sherrod DeGrippo, who shares her thoughts on this year’s Human Factor report.2022-06-2205 min
DISCARDED: Tales From the Threat Research TrenchesA Day in the Life of a Threat Researcher: Emerging Threats EditionTony Robinson, Threat Researcher, joins the podcast to share his expertise as a member of the Emerging Threats team at Proofpoint. Tony gives us an inside look into a day in his life as he and his teammates discover new strains of malware, respond to major vulnerabilities, and ensure that customers are protected. He also shares his advice for those interested in a career in Threat Research.Join us as we discuss:How the Emerging Threats team at Proofpoint impacts customers daily livesUsing cybersecurity rule-sets to find new strains of malwareUtilizing the open source...2022-06-2133 minProtecting PeopleDetermining Your Organization’s Risk AppetiteMost of the time, security slip-ups happen because of careless, accidental behavior. Through educating people and focusing on changing behaviors, those cyber risks can be mitigated. That’s the idea behind the importance of people-centric cybersecurity. Today we hear from Jeffrey Wheatman, Cyber Risk Evangelist at Black Kite, about implementing people-centric cybersecurity and assessing your organization’s risk appetite. Join us as we discuss:Why people-centric cybersecurity mattersEvaluating risk quantification in the cybersecurity industryThe importance of determining your organization’s risk appetiteRisk appetite versus risk tolerance Check out this reso...2022-06-1433 minProtecting PeopleFive Minute Forecast for the week of 06/13/2022Five Minute Forecast for the week of June 13th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Unpatched router vulnerabilities are being exploited by state-sponsored attackersUkrainian security authorities warn of active Follina campaignsDetails of a massive Facebook phishing campaign revealedJoining us is senior threat researcher Jared Peck, for a discussion about cryptocurrency and cyber crime. Link to the blog post mentioned: https://www.proofpoint.com/us/blog/threat-insight/how-cyber-criminals-target-cryptocurrency2022-06-1405 min
DISCARDED: Tales From the Threat Research TrenchesThe Buzz on Bumblebee MalwareFloat like a butterfly. Sting like Bumblebee malware.In this episode, Kelsey Merriman, Threat Research Analyst, and Pim Trouerbach, Senior Reverse Engineer, both with Proofpoint, share their insights from their research of the new malware downloader called Bumblebee. You won’t want to miss their breakdown of Bumblebee’s unique characteristics and their predictions of how its features will develop over time.Join us as we discuss:The difference in tracking Crimeware versus AAPTHow threat actors are using BumblebeeThe exit of BazaLoader malware and its connection to Bumblebee Check out these...2022-06-0730 minProtecting PeopleFive Minute Forecast for the week of 06/06/2022Five Minute Forecast for the week of June 6th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.A cyber attack causes chaos in one of Italy’s largest citiesHas FluBot delivered its last message? European law enforcement thinks so.Apple blocks over 1.6 million malicious and untrustworthy apps from iPhonesJoining us is senior threat researcher Daniel Blackford, to discuss highlights from this year’s Human Factor report.Human Factor Report: https://www.proofpoint.com/us/resources/threat-reports/human-factor2022-06-0605 minProtecting People2022 Human Factor Report: Reviewing a Year of Headline-Making ThreatsProofpoint’s biggest release of the year is here: the 2022 Human Factor Report. To ensure you don’t miss a thing, Protecting People has your on-the-go breakdown of the report straight from the source,Sherrod DeGrippo, Vice President of Threat Research and Detection at Proofpoint, joins the show to talk about some of the key findings and topics from the Proofpoint 2022 Human Factor Report and how to best protect yourself and your organization in this new threat landscape.Join us as we discuss:The three key areas of user riskHow to identify vulnerable users within orga...2022-06-0239 min
DISCARDED: Tales From the Threat Research TrenchesSocial Engineering: How Threat Actors Manipulate Their TargetsThreat actors always take the path of least resistance to their payday. But it's a mistake to think they aren't willing to put in the work to get a human to hand feed them.Their attempts to manipulate their targets into taking action are called social engineering. What role do people play in cybersecurity?In this episode, Daniel Blackford, Threat Researcher at Proofpoint, explains how bad actors capitalize on our humanity to attack us.Join us as we discuss:What lies beneath 95% of cyber attacksThe two factors that reduce people's sensitivity to threats...2022-05-2431 minProtecting PeopleFive Minute Forecast for the week of 5/23/2022Five Minute Forecast for the week of May 23rd. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Conti ransomware calls time on direct attacks, but remains highly influentialHalf a million Chicago students have their personal information stolen in a security breachU.S. authorities recover $15m from ad fraud operatorsJoining us is Proofpoint’s Cheryl Tang, for a review of customer insights at our recent Protect and Wisdom events.2022-05-2405 minProtecting PeopleVoice of the CISO: Insights from 1,400 CISOs around the globeWhat attacks keep CISOs up at night? Are your employees prepared for those attacks? Is remote work putting you at risk?To find out the answers, Lucia Milica, Global Resident CISO at Proofpoint, joins us to discuss this year's Voice of the CISO Report, where 1,400 CISOs from around the world were interviewed to share their experiences of the past 12 months and offer their insights for the years ahead.Listen in to our conversation with Lucia about:Why CISOs aren't more worriedIs threat modeling really helping?Which threats are softening upWhat security concern...2022-05-1739 minProtecting PeopleFive Minute Forecast for the week of 5/16/2022Five Minute Forecast for the week of May 16th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Managed service providers could let attackers scale supply chain attacksGCHQ says that Russian attackers continue to target Ukraine supportersFirmware bugs affect over 200 models of HP computersJoining us is Proofpoint cybersecurity evangelist, Brian Reed, for a preview of our Voice of the CISO report, launching this week.2022-05-1705 min
DISCARDED: Tales From the Threat Research TrenchesPaying Attention to BEC: The Most Costly Threat by Individual LossesWhen you think about the most costly threat to individual losses, most people will assume ransomware.The real threat, however, is business email compromise (BEC). But why aren’t more companies talking about it, then?In this episode, Tim Kromphardt, Email threat teacher at Proofpoint, and Jake G. explain BEC and why organizations need to start paying more attention.Join us as we discuss:The definition of BEC & why companies are paying so little attentionUsing Supernova to defend against email attacksReporting on employment fraudCheck out these resources we mentioned:IC...2022-05-1039 min
DISCARDED: Tales From the Threat Research TrenchesPaying Attention to BEC: The Most Costly Threat by Individual LossesWhen you think about the most costly threat by personal losses, most people will assume ransomware.The real threat, however, is business email compromise (BEC). But why aren’t more companies talking about it, then?In this episode, Tim Kromphardt and Jake G. explain BEC and why organizations need to start paying more attention.Join us as we discuss:The definition of BEC & why companies are paying so little attentionUsing Supernova to defend against email attacksReporting on employment fraud Check out these resources we mentioned:BEC Taxonomy: https://www.p...2022-05-1039 minProtecting PeopleWhat to Expect at Protect & Wisdom 2022Two conferences, four main tracks, numerous speakers, a cybersecurity ecosystem and community — plus the snazzy jackets. You won’t want to miss the all-virtual events Protect 2022 and Wisdom 2022 from Proofpoint.Hear our conversation with Tim Choi, Vice President Product Marketing at Proofpoint:Why “versus” is the event theme this yearWhat to expect in the four different tracksWho the keynote speakers are (hint: Magic Johnson!)Puns, community, and the jackets we all loveMore information about Tim and today’s topics:Protect 2022: https://www.proofpoint.com/us/events/protectWisdom 202...2022-05-0517 min
DISCARDED: Tales From the Threat Research TrenchesWeb Bugs & the Tubthumping Tactics of Chinese Threat Actor TA416Chinese Threat Actor TA416, otherwise known as Mustang Panda, has been active for a long time, and every time they get knocked down, they get up again. In this episode, Michael Raggi, Senior Threat Researcher, and Pim Trouerbach, Senior Reverse Engineer, both with Proofpoint, give us an overview of TA416 — the “Tubthumping” villains of the threat landscape. Join us as we discuss:The evolving tactics of TA416PlugX malware and control flow flatteningTips for dealing with emerging threats Check out these resources we mentioned:Michael’s Twitter: https://twitter.com/aRtAGGI/sta...2022-04-2636 minProtecting People“Your Tax Refund Is Ready” & Other Tax-Themed ScamsTax season is fast upon us in the United States. Here’s the rundown of tax-related phishing trends to make you more wary and alert.Hear our conversation with John Checco, Resident CISO at Proofpoint:Tax-themed phishing trends old and newWhat’s real and what’s not about IRS messagingTop preventative measures to enact today More information about John and today’s topics:LinkedIn Profile: https://www.linkedin.com/in/checco/Company Website: https://www.proofpoint.com/us For more episodes like this one, subscribe to Protecting Pe...2022-04-0416 min
DISCARDED: Tales From the Threat Research TrenchesThreat Actor 2541: The Latest Tricks & PatternsHow are threat actors like Olympic snowboard halfpipe athletes?When their good tricks get stolen by competitors, they add new ones to their repertoire.In this episode, we hear from Joe Wise, Threat Researcher at Proofpoint, about the latest tricks from TA2541 (and why it’s so fun to research that group).Join us as we discuss:Changes that TA2541 has made over timeTheir current strategies and patternsSnowboarding, Home Alone, and what makes TA2541 unique Check out this resource we mentioned:Charting TA2541's Flight | Proofpoint US 2022-03-2923 minProtecting PeopleHow the New Normal Affects Phishing in 2022Everyone gets phishing emails. Not everyone falls for them. In this episode, we discuss the eighth annual State of the Phish report and learn how vulnerable users are to today’s so-called New Normal.What should you know and how should you respond?Today we hear from Gretel Egan, Sr. Security Awareness Training Strategist at Proofpoint and primary author of the annual State of the Phish report, about the outlook for phishing in 2022.Join us as we discuss:What “phishing” and “vulnerability” mean in the reportThe effect that remote work has had on cyberattackersDiffe...2022-03-2237 minProtecting PeopleWhat AI/ML Means for CybersecurityIn this episode, Ken Spencer Brown, Senior Manager, Marketing Strategy and Content at Proofpoint, helps us navigate the new possibilities and challenges posed by artificial intelligence and machine learning in cybersecurity. We'll uncover how it's being used, where it's going, and why we should take notice.Join us as we discuss:The differences between AI, machine learning, and deep learningHow machines actually "learn"Ways ML can help threat detection… and threat actorsWho wins in the AI vs. human face-offFor more episodes like this one, subscribe to us on Apple Po...2022-03-1423 minProtecting PeopleFive Minute Forecast for the week of 3/07/2022Five Minute Forecast for the week of March 7th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Attackers leak Nvidia secrets after the chip giant refuses to negotiateResearchers get a closer look at the inner workings of Conti, including source codeJoining us is Proofpoint Director of Threat Research and Intelligence, Wes Drone, for a look at the cybersecurity implications of the Russian invasion of Ukraine.2022-03-0806 min
DISCARDED: Tales From the Threat Research TrenchesDiscussing RTF Template Injection: A Malicious Phishing AttemptIf you asked for M&M’s and received Skittles, you might pop a few in your mouth, but it won’t take long to realize something’s off.This is exactly what’s happening with RTF files: Instead of the intended attachment, unaware companies are delivering these files and realizing later that they were actually malicious.On this episode of Protecting People, hosts Selena Larson and Crista Giering chat with Michael Raggi, Senior Threat Research Engineer at Proofpoint, about RTF files, template injection, and campaigns using the technique in an effort to make sure customers aren’t being surp...2022-03-0225 minProtecting PeopleFive Minute Forecast for the week of 2/28/2022Five Minute Forecast for the week of February 28th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.War in Ukraine spills over into the cyber security arenaToyota pauses car production after supply chain cyber attackAnd Conti pulls the plug on Trickbot a week after taking overJoining us is Proofpoint cyber security evangelist, Brian Reed, to talk about the growing role of CISA in setting security standards for U.S. organizations and businesses.2022-02-2805 minProtecting PeopleHow to Defend Your Organization Against Ransomware AttacksRansomware attacks are becoming both more targeted and more damaging. Is your organization prepared?In this episode, host Itir Clark interviews Neko Papez, Manager, Product Marketing at Proofpoint, about the newest trends in ransomware — and the best strategies for prevention.Join us as we discuss:Human-operated ransomware and its dangerous effectivenessIllustrations of how damaging ransomware can truly beThe big-game-hunting mentality shift of ransomware threat actorsPhishing emails: the origin of most ransomwareCheck out these resources we mentioned during the podcast:2021 Verizon DBIR report: https://enterprise.verizon.com/co...2022-02-0317 minProtecting PeopleFive Minute Forecast for the week of 1/24/2022Five Minute Forecast for the week of January 24th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.CISA tells U.S. organizations to prepare for possible data-wiping attacksLaw enforcement links new ransomware to The Trick banking TrojanThe Red Cross urges cyber attackers to do the right thingJoining us to kick off Data Privacy Week is Proofpoint Cybersecurity Evangelist, Brian Reed.2022-01-2405 minProtecting PeopleFive Minute Forecast for the week of 1/17/2022Five Minute Forecast for the week of January 17th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Russian authorities arrest 14 in REvil crackdownWorld’s largest marketplace for stolen credit cards closes its doorsCISA warns government agencies of vintage threatsJoining us is Proofpoint’s Fabiola Fernandez to talk about the launch of this year’s Phishing Awareness Kit.2022-01-1905 minProtecting People#ThreatDigest: A Comprehensive Guide to Phish KitsYou can buy a phish kit online for 10 bucks. But beware, since it’ll probably come back to bite you in ways you might not expect.In this episode, hosts Selena Larson and Crista Giering chat with Jared Peck, Senior Threat Researcher at Proofpoint, about the pros and cons of phish kits — and why there’s no honor among thieves.Join us as we discuss:What a phish kit is and how it worksWays a phish kit relates to MFA tokens and other authorizationsMonetization, credentials for initial access, and the attack chainHow or...2022-01-1822 minProtecting PeopleHow to Defend Your Organization Against Ransomware AttacksRansomware attacks are becoming both more targeted and more damaging. Is your organization prepared?
In this episode, host Itir Clark interviews Neko Papez, Manager, Product Marketing at Proofpoint, about the newest trends in ransomware — and the best strategies for prevention.
Join us as we discuss:
- Human-operated ransomware and its dangerous effectiveness
- Illustrations of how damaging ransomware can truly be
- The big-game-hunting mentality shift of ransomware threat actors
- Phishing emails: the origin of most ransomware
Check out these resources we mentioned during th...2022-01-1422 minProtecting PeopleFive Minute Forecast for the week of 1/10/2022Five Minute Forecast for the week of January 10th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.FBI warns that USB drives sent through the mail probably aren’t belated holiday giftsIt’s a crime, but is it art? Thieves steal $2 million of NFTsFamous authors phished for unpublished manuscriptsJoining us is Proofpoint Cybersecurity Evangelist, Brian Reed, for a look ahead at 2022.2022-01-1005 minProtecting PeopleFive Minute Forecast for the week of 12/20/2021Five Minute Forecast for the week of December 20th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Threat actors exploit Log4Shell with a variety of attacksAnubis banking trojan targets almost 400 Android finance appsThieves make off with another big cryptocurrency scoreJoining us is Proofpoint Threat Researcher Selena Larson to discuss a spate of recent campaigns targeting customers of German financial institutions.2021-12-2005 minProtecting People#ThreatDigest: Discussing RTF Template Injection: A Malicious New TechniqueIf you asked for M&M’s and received Skittles, you might pop a few in your mouth, but it won’t take long to realize something’s off.This is exactly what’s happening with RTF files: Instead of the intended attachment, unaware companies are delivering these files and realizing later that they were actually malicious.On this episode of Protecting People, hosts Selena Larson and Crista Giering chat with Michael Raggi, Senior Threat Research Engineer at Proofpoint, about RTF files, template injection, and campaigns using the technique in an effort to make sure customers aren’t being surp...2021-12-1425 minProtecting PeopleFive Minute Forecast for the week of 12/13/2021Five Minute Forecast for the week of December 13th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Log4Shell puts the security industry on high alertWifi and Bluetooth flaws could leave millions of devices vulnerableEmotet gives the gift of Cobalt Strike this holiday seasonJoining us is Proofpoint Threat Researcher Eric Koeppen to discuss a series of holiday-themed campaigns launched by threat actor TA575.2021-12-1306 minProtecting PeopleFive Minute Forecast for the week of 12/06/2021Five Minute Forecast for the week of December 6th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Hundreds of thousands of patient records stolen from Planned ParenthoodThieves make off with a $200 million haul in the latest crypto heistLabor activists communicate with service industry workers through hacked point-of-sale printersJoining us is Proofpoint Senior Threat Intelligence Analyst, Selena Larson, for an update on pandemic-themed cyber attacks.2021-12-0905 minProtecting PeopleFive Minute Forecast for the week of 11/29/2021Five Minute Forecast for the week of November 29th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Interpol arrests almost 1000 suspects in cyber crime operationA hardware bug could let attackers listen in on Android phone callsThe Huawei AppGallery delivers malware to nine million phones Joining us is Proofpoint Senior Threat Research Engineer, Michael Raggi, for a look at a dangerous new phishing technique.2021-11-2905 minProtecting People#ThreatDigest: How to Bait a TOAD: Avoiding and Reporting Phone ThreatsHave you ever been bitten by a TOAD? No, we're not talking about the marsh-dwelling amphibian. We're discussing telephone oriented attack deliveries (TOADs) in which scammers use real phone numbers to gain access to information and accounts.TOADS represent an atypical — but very poisonous — online threat especially to men in the 20-50 age range. Featuring believable fake invoices and U.S.-based phone numbers, these scammers can hop off with hundreds or thousands of your dollars.On this episode of Protecting People, hosts Selena Larson and Crista Giering chat with Tim Kromphardt, Email Threat Researcher at Proofpoint, about TOAD...2021-11-2320 minProtecting PeopleFive Minute Forecast for the week of 11/22/2021Five Minute Forecast for the week of November 22nd. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Emotet back from the dead almost a year after shutdownSix million routers left at risk in the U.K.GoDaddy breach exposes data of 1.2 million customersJoining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, for an update on North Korea-aligned threat activity.2021-11-2205 minProtecting PeopleThe Inside Line on Information Protection: Bringing Your DLP Program into the 21st CenturyWhat does Data Loss Prevention look like in an increasingly remote world? Is the entire concept of DLP flawed? And at the end of the day, whose responsibility is DLP?DLP is a complex and complicated topic that is crucial for any business to fully understand. After all, you’re protecting your most valuable assets, your intellectual property.On this episode of Protecting People, host Brian Reed sits down for a conversation with Cosmo Romero, Sr. Sales Engineer at Proofpoint, for a conversation all about DLP, incident response, and more.Join us as we discuss:What a...2021-11-1637 minProtecting PeopleFive Minute Forecast for the week of 11/15/2021A Five Minute Forecast for the week of November 15th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Fake security emails sent from the FBI’s own serverA massive breach at Robinhood affects 7 million accountsAn Iranian group seeks stolen data on the dark webJoining us is Daniel Blackford, Proofpoint Senior Threat Researcher, for a preview of our new Fall/Winter threat update.2021-11-1505 minProtecting People#ExpertInsights 12: Holiday Scams to Watch Out For in 2021It’s the holiday season!While that might conjure up images of family gatherings and gift-giving, internet scams are, unfortunately, all too common during this season as well.In this Expert Insights episode, host Sara Pan interviews Brian Reed, Cybersecurity Strategist at Proofpoint, about how you can protect yourself when the cyber Grinch comes knocking.Join us as we discuss:Suspicious gift card offers and shipping confirmationsPhishing and smishing involving coupon codes and discountsThe consequences of falling for holiday scamsHow to combat brand spoofing and lookalike domainsCh...2021-11-1020 minProtecting PeopleFive Minute Forecast for the week of 11/8/2021Five Minute Forecast for the week of November 8th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Foreign attackers breach targets in defense, energy and other key sectorsA $10m bounty for anyone who can shine a light on DarkSide ransomwareAnd President Biden orders government agencies to clean houseJoining us is Brian Reed, Proofpoint Director, Cyber Security Strategy, to discuss the ramifications of the Biden Administration’s latest directive.2021-11-0906 minProtecting PeopleFive Minute Forecast for the week of 11/1/2021Five Minute Forecast for the week of November 1st. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Israeli businesses hit by attacks from state-sponsored cyber criminalsGerman police set their sights on an REvil kingpinHelloKitty ransomware sharpens its clawsJoining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to talk about a new threat actor impersonating government departments in the Philippines.2021-11-0105 minProtecting People#ThreatDigest: Trends Among Iranian Espionage Threat ActorsAPT stands for advanced persistent threat and refers to threat actors who are acting in the interests of other political states.In other words, espionage.In this episode of our #ThreatDigest series, hosts Selena Larson and Crista Giering, Senior Threat Intelligence Analysts at Proofpoint, interview Joshua Miller, Senior Threat Researcher at Proofpoint, about the advanced persistent threat landscape in Iran.Join us as we discuss:Determining whether malware is motivated for finances or for espionageHow Iranian threat actors have shifted their strategy since COVIDWhat we can infer about Iranian government priorities from...2021-10-2924 minProtecting PeopleFive Minute Forecast for the week of 10/25/2021Five Minute Forecast for the week of October 25th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Russia launches new cyber attacks in defiance of U.S. sanctionsA cyber criminal gang recruits unwitting security professionals to carry out attacksEvil Corp launches a new strain of ransomwareJoining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to talk about a legitimate “red team” security tool being used by cyber criminals.2021-10-2605 minProtecting PeopleFive Minute Forecast for the week of 10/18/2021Five Minute Forecast for the week of October 18th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.90% of Americans are concerned about the threat of cyber attacksThe U.S. Treasury identifies over $5 billion in ransomware paymentsGoogle reports a huge increase in attacks by state-sponsored groupsJoining us is Crista Giering, Proofpoint Senior Threat Intelligence Analyst, to talk about the return of a major cyber crime group.2021-10-1905 minProtecting PeopleFive Minute Forecast for the week of 10/11/2021Five Minute Forecast for the week of October 11th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast.Gaming site Twitch is hit by a massive breachNew legislation proposes strict timelines for ransomware reportingMicrosoft closes the door on a popular malware vectorJoining us is Daniel Blackford, Proofpoint Senior Threat Researcher, to talk about Excel, macros and malware.2021-10-1104 minProtecting PeopleThe Inside Line on Information Protection: From Malicious to Careless: How to Investigate Insider ThreatsHow is an insider threat incident response like a murder investigation?You start with motive, then leverage investigative tools and knowledge of people to unearth a trail of mistakes. (Yes, it’s actually quite exciting!)In this episode, series host Sai Chavali speaks with fellow Protecting People host Brian Reed, Cybersecurity Evangelist at Proofpoint, about insider threat cases and what makes a successful incident response.Join us as we discuss:The three buckets of insider threatsSpecific insider threat cases every investigator should studyAsking “who, what, why, and when” to protec...2021-10-0529 minProtecting PeopleFive Minute Forecast for the week of 10/4/2021Five Minute Forecast for the week of October 4th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. The U.K. makes plans to strike back against future cyber attacks President Biden rallies international support in the fight against ransomware Six thousand Coinbase customers fall victim to an account recovery vulnerability Joining us is Selena Larson, Proofpoint Senior Threat Analyst, to talk about a series of campaigns by prolific threat actor, TA544.2021-10-0505 minProtecting People#ThreatDigest: Stop Making These Initial Access MistakesGone are the days of 2016 when we saw 12 million ransomware attachments randomly blasted out per day. It’s 2021 now, when threat actors selectively deploy ransomware against high value targets across the victim organization’s entire network in order to secure initial access.Why is initial access so often overlooked in protecting against the multiplicity of ransomware threats?In the inaugural episode of our Threat Digest series, series hosts Selena Larson and Crista Giering, Senior Threat Intelligence Analysts at Proofpoint, interview Daniel Blackford, Senior Threat Researcher at Proofpoint, about initial access and what can happen afterwards. ...2021-09-2228 minProtecting PeopleFive Minute Forecast for the week of 9/20/2021Five Minute Forecast for the week of September 20th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. The government blitz on cyber crime takes aim at Bitcoin Grief ahead for victims of one ransomware gang The FBI counts the cost of romance scams Joining us is Proofpoint Senior Threat Researcher, Daniel Blackford, to discuss the relationship between ransomware and cryptocurrency.2021-09-2005 minProtecting PeopleThe Inside Line on Information Protection: You Desperately Need an Insider Threat ProgramGuess how many organizations found they had an insider threat incident at least once — 69%.Of the remaining 31%, it’s most likely the case that they simply don’t have the capability to identify insider threats, not that they were incident-free.In this episode, series host Sai Chavali speaks with Proofpoint’s Deborah Watson, Resident CISO, and Jeremy Wittkop, Senior Director, Technology Services, PCMS, about jumpstarting a successful insider threat program.Join us as we discuss:What insider threats are and where they can come fromHow to monitor for the unknownWhy...2021-09-1545 minProtecting PeopleFive Minute Forecast for the week of 9/13/2021Five Minute Forecast for the week of September 13th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. Cyber criminals infiltrate the UN Vacation’s over as REvil returns And Yandex is battered by a history-making attack Joining us is Proofpoint Threat Analyst, Davide Canali, to discuss a cryptocurrency spin on one of the oldest attacks in the books.2021-09-1406 minProtecting PeopleFive Minute Forecast for the week of 9/6/2021Five Minute Forecast for the week of September 6th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. • Billions of devices at risk from Bluetooth bugs • Ransomware source code leaked online • Funny business on Banksy’s website – but for once the artist isn’t to blame Joining us is Sherrod DeGrippo, Proofpoint’s Vice President, Threat Research and Detection, to discuss the perennial threat of business email compromise.2021-09-0805 minProtecting PeopleFive Minute Forecast for the week of 8/30/2021Five Minute Forecast for the week of August 30th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. Tech’s biggest hitters join the fight against cyber attacks Samsung reveals a secret ‘kill switch’ hidden in its televisions Attackers are still profiting from fear and doubt over the pandemic Joining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to discuss how cyber criminals are continuing to use the pandemic in their attacks.2021-08-3105 minProtecting PeopleFive Minute Forecast for the week of 8/23/2021Five Minute Forecast for the week of August 23rd. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. Anonymous sources confirm a potentially serious breach at the State Department Data theft puts telecom giants in the spotlight A ransomware gang seeks insider help Joining us is Selena Larson, Proofpoint Senior Threat Intelligence Analyst, to talk the insider threat of ransomware.2021-08-2305 minProtecting People#ExpertInsights 11: More Complex, More Targeted, More Urgent: Ransomware TodayRemote desktop protocol, email vector, and VPN — the three most common methods of ransomware attack. However, virtually 100% of all attacks still rely on human vulnerability, not software vulnerability… Making security awareness training one of your most valuable shields against ransomware.In this Expert Insights episode, we interview Neko Papez, Manager, Product Marketing at Proofpoint, about changes in the ransomware threat landscape and how Proofpoint can help.In this episode we discuss:- Why ransomware is such a common attack type- The importance of ransomware education- How to h...2021-08-1917 minProtecting PeopleFive Minute Forecast for the week of 8/16/2021Five Minute Forecast for the week of August 16th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. Most Americans think the government can’t keep them safe from cyber attacks DarkSide still tapping Colonial Pipeline months after their initial breachA cryptocurrency thief steals a record haul before giving it all back Joining us is Ryan Kalember, Proofpoint’s EVP, Cybersecurity Strategy, to discuss the latest developments in the ongoing ransomware crisis.2021-08-1705 minProtecting PeopleFive Minute Forecast for the week of 8/9/2021Five Minute Forecast for the week of August 9th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. CISA announces a new public-private task force featuring some of the biggest names in tech The Conti ransomware gang’s playbook leaks online And millions of home internet routers potentially at risk Joining us is Brian Reed, Proofpoint’s cyber security evangelist, to talk about how enterprise-scale businesses are responding to the current wave of cyber attacks.2021-08-1005 minProtecting PeopleFive Minute Forecast for the week of 8/2/2021Five Minute Forecast for the week of August 2nd. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. Don’t ban ransomware payments, the FBI warns congress A new ransomware gang rises from the ashes of REvil and DarkSide And Iranian cyber attackers play the long game Joining us is Sherrod DeGrippo, Proofpoint’s Senior Director of Threat Research and Detection, to explain why some threat actors spend so long developing relationships with their victims.2021-08-0305 minProtecting PeopleFive Minute Forecast for the week of 7/26/2021Five Minute Forecast for the week of July 26th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. China denies involvement in cyber crime and points the finger at the United States Kaseya unlocks ransomed systems after getting its hands on an R-Evil decryption key More printer woes for Windows users as yet another vulnerability is discovered Joining us is Ryan Kalember, Proofpoint’s Executive Vice President of Cyber Security Strategy, to discuss how cyber security has become a part of the global political conversation.2021-07-2605 minProtecting People#ExpertInsights 10: Business Email Compromise and Email Fraud Defense - Part 2Fraudsters who perpetrate BEC and various other types of email scams are a serious and continuous threat to businesses today. In 2019, there were 26.2 billion dollars in reported losses from these kinds of malicious malware attacks.For part two of our Expert Insights into Business Email Compromise (BEC) and email fraud protection, host Sherrod DeGrippo leads a lively discourse with Robert Holmes, Sr. Director of Threat Research and Detection, and Sam Scholten, CISSP, and Staff Email Fraud Researcher, both of Proofpoint — a company at the forefront of using AI and machine learning for radical, comprehensive threat protection. 2021-07-2221 minProtecting PeopleFive Minute Forecast for the week of 7/19/2021Five Minute Forecast for the week of July 19th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. Human rights activists around the world are targeted with military-grade spyware Yet more trouble at Solar Winds, as a new zero day vulnerability lets in attackers A high-profile ransomware group goes dark, but are they really gone or just on vacation? Joining us is Sherrod DeGrippo, Proofpoint’s Senior Director of Threat Research and Detection, to explain what’s really happening when cyber criminal groups go on hiatus.2021-07-2005 minProtecting PeopleFive Minute Forecast for the week of 7/12/2021Five Minute Forecast for the week of July 12th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. A patch is released for Microsoft’s Printer bug, but the nightmare isn’t over for everyone Attackers send out fake security updates for the recent Kaseya supply chain breach And a ransomware gang’s gotta catch ‘em all as they demand rare Pokemon cards as payment Joining us is Proofpoint Cybersecurity Evangelist, Brian Reed, to discuss Solar Winds, Kaseya, and the growing threat of software supply chain compromise.2021-07-1205 minProtecting PeopleFive Minute Forecast for the week of 7/5/2021Five Minute Forecast for the week of July 5th. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. No letup in sight from the recent wave of cyber attacks Solar Winds still blowing as notorious attacker strikes again And cracked versions of popular video games provide a crypto-mining bounty Joining us is Proofpoint Threat Researcher Selena Larson with a primer on how cyber criminals are using a legitimate security testing tool called Cobalt Strike to make their attacks even more effective.2021-07-0705 minProtecting PeopleThe Inside Line on Information Protection: Information Protection Transformation & Protect Recap w/ Tim ChoiProofpoint has concluded 3 of their 2021 conferences: Wisdom, Protect, & Protect EMEA with great success; highlighting their guest speakers and information protection—the show takes a behind-the-scenes look at the action.Tim Choi, Vice President Product Marketing at Proofpoint, joins the show to discuss the Proofpoint conferences.What we talked about:- The Structure of the Protect, Protect EMEA, & Wisdom Conferences- Discussing the Conference Panel Participants- COVID-19 and the Information Protection Transformation- Security Awareness Training within an OrganizationCheck out these resources we mentioned during the po...2021-07-0120 minProtecting PeopleFive Minute Forecast for the week of 6/28/2021June 28. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast. The NSA opens its doors to the cyber security research communitySan Francisco’s water supply is threatened by a digital breach And copyright activists block access to piracy sites with an unusual piece of malware Joining us is Proofpoint Threat Researcher Selena Larson, to explain why cyber criminals are now operating fake movie streaming sites and support call centers.2021-06-3005 minProtecting PeopleFive Minute Forecast for the week of 6/21/2021Five Minute Forecast for the week of June 21. All the cyber security news you need to stay ahead, from Proofpoint’s Protecting People podcast Presidents Biden and Putin butt heads over cyber security strategy US businesses pay big money to ransomware gangs, but the FBI is clawing some of it back And attackers hide in plain sight on Steam – a popular gaming platform Joining us is Proofpoint Threat Researcher Daniel Blackford, giving the lowdown on the steganography techniques attackers are using to place malware on the Steam platform.2021-06-2305 minProtecting People#ExpertInsights 8: Protecting the Vulnerabilities of WFH EmployeesAbout 85% of threats involve some sort of human interaction, and about 50% of organizations have experienced a successful phishing attack.So, attacks are overwhelmingly focused on people.In a recent Expert Insights episode of Protecting People, we spoke with Brett Shaw, Senior Product Marketing Manager at Proofpoint, about some of the latest trends in the threat landscape — and how to protect people from them.What we talked about:- Email is the easiest way to prey on vulnerabilities- Reducing risk means developing a multi-layered approach to security- A...2021-06-1021 minProtecting PeopleThe Inside Line on Information Protection: Talking Technology, People and Process w/ Dan HoldenDan Holden, VP of Cybersecurity at BigCommerce takes a threat centric angle when discussing information security. He emphasizes the importance of awareness around the extent of cybercrime capability. What we talked about:- Different ways to handle information security- Changes in the threat landscape - External aspects of cybercrime capability - Framework vs. Strategy Check out these resources we mentioned during the podcast:- Proofpoint Protect 2021For more episodes like this one, subscribe to us on Apple Podcasts, Spotify, and...2021-05-0623 minProtecting PeopleThe Inside Line on Information Protection: A People-Centric ApproachThe new world has changed our concerns about how information is accessed and handled. Remote work has accelerated the insider threat, insider risk, and DLP concern. The need for information protection is at an all-new high.In this episode in our Inside Line on Information Protection series, host Brian Reed chatted with Tim Choi, Vice President Product Marketing at Proofpoint, about information protection and the upcoming Protect 2021 conference.What we talked about:- New information protection situations Tim has seen- Why Protect 2021 is focused on customers...2021-04-2314 minProtecting People#ExpertInsights 6: Protect Your Employees from Tax-Related PhishingWhen everyone is feeling overwhelmed by taxes and afraid of doing something wrong, that’s when the phishing, smishing, and website impersonation reaches its height.How can we reassure and train our employees about tax-related scams?In this episode of our Expert Insights series, we interview Susan Mackowiak, Senior Director, Program Content at Proofpoint, about resources to avoid being a victim of a tax scam.What we talked about:- What scammers are trying to accomplish- How the IRS contacts you and how to contact the IR...2021-03-3019 minProtecting PeopleThe People Variable: A Discussion of Social Media BehaviorPeople spend over 3.5 hours on their mobile phone every day, and 50% of that time is spent on social media. If you think your employees aren’t representing your company on social media platforms, you’re just plain wrong. In this episode, we interview Amanda Anderson, Product Marketing Manager, Compliance at Proofpoint, about understanding security risks on social media from a people-centric perspective. What we talked about: - How social media is integral to modern business - Trends and types of social media-related risks - How technical and administrative controls play a role in social media compliance and security Resources we mentioned d...2020-12-1522 minProtecting PeopleHow to Be a Cyber Criminal: Malware ScamsThe word malware comes from “malicious” + “software” — and it’s as bad as it sounds. To get inside the minds of cyber criminals, we asked 2 security experts to teach us about malware. In this episode, we interviewed Christopher Budd, Principal at Christopher Budd Security, and Sherrod DeGrippo, Sr. Director, Threat Research and Detection at Proofpoint, about how to get and avoid malware. What we talked about: - What malware is & how to get it - Different types of malware like rats & banking Trojans - COVID-themed lures vs. classic lures for malware - Whether it’s better business sense to buy or build your own mal...2020-10-0719 minProtecting People#TacklingUserBehavior 4: Symphony in Your Security Awareness ProgramWe recently put this question to three security awareness experts: Where do you start with a company-wide training program? In this #TacklingUserBehavior episode, we interview Eddie Whittingham, founder of the recently-acquired The Defence Works, Kurt Wescoe, Former CMU Faculty and Chief Architect at Proofpoint Security Awareness Training, and Robert Shields, Sr. Product Marketing Manager at Proofpoint. What we talked about: - The need to have specific goals instead of doing “everything” - Donuts as an excellent motivator - Incorporating personal examples into training - Focusing on your organization's unique risks and user landscape to tailor education Find additional content and subscribe to P...2020-09-0230 minProtecting PeopleHow to Be a Cyber Criminal: Email Phishing ScamsNot all cybercriminals are evil. Some send phishing emails to their coworkers for their own good. We’re talking about simulated phishing emails for education. In this episode, we interview Jason Riegner, Jr Front End Developer at Proofpoint, about the Microsoft TEAMS phish he designed, which most of us fell for. What we talked about: - How to identify a phishing email - What to do & especially what not to do when you get one - The nuanced design of phishing emails, from intricate to innocuous - We had a contest! Who wins our respect? Find additional content and subscribe to Protect...2020-08-1940 minProtecting People#TacklingUserBehavior 2: Navigating the Complex Privacy LandscapeSecurity is like having a foolproof safe. Privacy is like telling everyone the combination. When it comes to the complex security and privacy landscape, where do you even start with awareness training? In this episode of the #TacklingUserBehavior series, we interview Daniel Solove, Founder of TeachPrivacy and John Marshall Harlan Research Professor of Law at the George Washington University Law School. What we talked about: - The overlap between privacy and security - The “hub and spokes” approach to training employees in security - The qualities of effective privacy training - Enforcement in the age of COVID-19 Check out this resource we...2020-07-2222 minProtecting PeopleHow to Be a Cyber Criminal: Business Email Compromise Scams80% of what you need to be a cybercriminal is Internet access. The other 20% is mostly social engineering. Effective cybercriminals understand how people think. In this episode, we interview Robert Holmes, VP and General Manager, Email Fraud Defense at Proofpoint, about the easy process for business email compromise (BEC) attacks. What we talked about: - Smaller companies are more likely to be victimized than larger companies - Cybercriminals pretend to be a trusted persona (like your CEO) - Super easy but insidious tech tips that people fall for all the time - Phishing, vishing & smishing: What are they? Find additional content and subs...2020-07-1526 minProtecting People#TacklingUserBehavior 1: New Ways of Tackling Old ProblemsUsers still clicking phishing emails? Reusing passwords? Don't worry - you're not alone. In this inaugural episode of our new #TacklingUserBehavior series, we interview Kurt Wescoe, VP of Engineering at Proofpoint and former Carnegie Mellon University faculty, about how to achieve successful user behavior change. What we talked about: - The importance of user buy-in and engaging security awareness programs - Contextualizing education for users might mean incident-by-incident training - How to be adaptable in setting achievable goals Find additional content and subscribe to Protecting People on Apple Podcasts, Spotify, or our website.2020-07-0827 minProtecting People#ExpertInsights 2: How Cyber Criminals Manipulate the Shock State of Remote WorkersYour workers are 100% remote now… using their personal devices and personal accounts for work. Cybercriminals will capitalize on their shock and fear to cause as much data loss as possible. In this #ExpertInsights episode, I interview Tim Choi, VP of Product Marketing at Proofpoint, about how to protect your people from cybercrimes… remotely. What we talked about: - Examples of shock-based phishing (some are quite clever) - What employees can do to protect themselves - What employers can do to protect employees & data Find additional content and subscribe to Protecting People on Apple Podcasts, Spotify, or our website.2020-07-0829 minProtecting PeopleSo You Want to Be a Cyber CriminalDo you think you have what it takes to be a cybercriminal? It’s not a profile you might expect: high in people skills… low in tech. In this episode, we interview Adenike Cosgrove, Director of International Product Marketing at Proofpoint, about skills that cybercriminals need. What we talked about: - Ideal places to live for cybercrime - People skills, not tech skills - Who criminals research — VAPs (very attacked people) - Examples of successful cyber crimes Find additional content and subscribe to Protecting People on Apple Podcasts, Spotify, or on our website.2020-07-0115 minProtecting PeopleManaging Privilege: Balancing Access with SecurityPrivilege is an entity's degree of power within an org. Think technical access, like a DevOp manager’s ability to manipulate sensitive files and systems. Or a finance team member’s authority to issue wire transfers on behalf of the org. We are rounding out our series on risk by interviewing Roie Cohen Duwek, Director of Security Research at Proofpoint, about privilege-based attacks. What we talked about: - Why EAC attacks are so insidious and effective - Privilege abuse and cloud-based attacks - Ways that legitimate accounts get compromised - What CISOs should do to protect their employees Find additional content and s...2020-03-0923 minProtecting PeopleWhy All Threats Are Not Created EqualIf you could send an email as anyone, who would it be? You might pick an executive assistant, the agent of your favorite band, or a payroll employee. Jumping from persona to persona is the game that hackers are playing now. In this episode, we interview Sherrod DeGrippo, Sr. Director of Threat Research and Detection at Proofpoint, about the psychology of today’s hackers. What we talked about: - The psychology of threat agents and how they bounce across personas in an organization - Analyzing attacks from a people-centric viewpoint - The pattern and process of attacks, start to finish - Tools a...2020-03-0226 minProtecting PeopleExploring Vulnerability: Why Phishing WorksJust 61% of survey respondents knew what the definition of phishing was — and that was from a multiple-choice list. This response is a huge indication of the language gap between InfoSec and users, which speaks to the urgent need for security awareness training. In this episode, we interview Gretel Egan, Security Awareness and Training Strategist at Proofpoint, about the extent of vulnerabilities. What we talked about: - What effective security awareness training looks like - The 2020 State of the Phish Report’s robust data - How employees are putting their organizations at risk - Pain points for companies (55% had a successful attack) C...2020-02-2432 minProtecting PeopleA Model for Assessing Today’s ThreatsWhy would you do something hard when you could do something easy? That’s exactly what attackers are thinking. 99% of attacks rely on duping a human to run malicious code. In this episode, we interview Ryan Kalember, EVP of Cybersecurity Strategy at Proofpoint, about why today’s attacks are about people, not infrastructure. What we talked about: - Social engineering is at the heart of over 99% of cyberattacks - 26 billion cyberattacks are only a tiny fraction - Industry focuses on technology while attackers focus on people Subscribe to Protecting People at Apple Podcasts, Spotify, or our website.2020-02-1732 min