Shows
State of CybercrimeThe Oracle Breach Debateđ We apologize for the technical issues experienced while filming this episode. Now onto the episode details: Oracle recently faced a major security scare after a hacker claimed to have stolen 6 million data records â a breach that has everyone talking. After initially denying the breach, Oracle is now saying their Oracle Cloud Infrastructure has not been compromised, but the exposed data came from old legacy servers. Join Matt and David, along with special guest Joseph Avanzato from Varonis Threat Labs, as they explore the hacker's claims, Oracle's response, and the broader lessons about cloud security and incident management.As alw...2025-04-1924 minState of CybercrimeDeepSeek DisruptionDeepSeek, the Chinese AI startup dominating news feeds, has experienced exponential growth while wiping almost $1 trillion off the U.S. stock market. However, the model's rise has now been overshadowed by a surge of malicious attacks. On this special episode of State of Cybercrime, Matt and David explore the rise of this innovative AI tool, the subsequent attacks, and the potential vulnerabilities of the AI model. DeepSeek wonât be the last shadow AI app you have to worry about.So what steps can you take to ensure you can discover and stop shadow AI app...2025-02-0421 min
Bytesize TechnologySecuring the Future: DSPM with Bytes & VaronisIn this episode of Bytes Talks, we welcome Varonis, one of our key Strategic Partners, to discuss the trending topic of Data Security Posture Management (DSPM). Special guest Matt Lock, Technical Director UK at Varonis, and Joe Hepburn, Data Management Practice Lead at Bytes, delve into the importance of DSPM and why more customers are adopting this platform.Our experts will explain what DSPM is, its significance in the current market, and the challenges it helps organisations tackle. Discover how DSPM is a powerful tool designed to help organisations discover, map, monitor, and protect their data across...2025-01-3131 min
Run the NumbersGuiding Stakeholders Through Business Model Transitions with Varonis CFO & COO Guy MelamedGuy Melamed, CFO & COO of Varonis, joins CJ to discuss the companyâs two major transitions. In 2019, Varonis shifted from a perpetual model to an on-prem subscription model, completing the transformation in record time. They are currently in the process of transitioning from an on-prem subscription company to a SaaS company. Guy and CJ delve into the challenges of these transitions, the pressure of doing them in the public eye, and how to communicate these processes to your customers, investors, and sales reps. He highlights the key KPIs that Varonis tracks, the ones that are overrated, and the importance of...2024-12-0553 min
Millennium Live | A Leadership & Discovery Podcastđď¸ Episode 307 | Securing the Future: How Varonis is Tackling AI-Driven Cybersecurity ChallengesWelcome back to Millennium Live, the podcast where we explore the technology, innovation, and strategies driving the digital enterprise forward. In this episode, weâre diving into the evolving landscape of cybersecurity, he powerful role AI plays in strengthening cybersecurity defenses, and how Varonis ensures data security in todayâs distributed work environments.Our guest is Brian Vecci, Field CTO at Varonis, a leading provider of data security solutions. Varonis helps organizations protect their most valuable assetâdataâand in a world where cyber threats are constantly evolving, their expertise is more crucial than ever. Weâll explore wh...2024-11-3040 minState of CybercrimeChatGPT Memory Manipulation + Salt TyphoonHosts Matt Radolec and David Gibson explain how cybercriminals are manipulating AI models like ChatGPT to plant false memories and steal data, along with other cybercrime-related stories like Salt Typhoon. Salt Typhoon is a Chinese hacking group that has reportedly breached multiple key U.S. broadband providers, raising significant concerns about the security of sensitive communications data. The hackers may have had access to these networks for months, raising significant concerns about the security of sensitive communications data. More from Varonis âŹď¸Â  Visit our website: https://www.varonis.com LinkedIn: https://ww...2024-10-1628 minState of CybercrimeSnowflake Security CheckSnowflake, a cloud storage platform used by some of the largest companies in the world, is investigating a targeted attack on its users who lack multifactor authentication. Join Matt Radolec and David Gibson for an episode of State of Cybercrime in which we discuss the increased attacks on Snowflake customers and share our five-point checklist for ensuring your cloud databases are properly configured and monitored. WEâLL ALSO COVER: The worldâs largest botnet ever discoveredGoogleâs algorithm leakThe Black Basta ransomware-as-a-service (RaaS) operationThe cyberattack that destroyed over 600K U.S. routersSneaky new tactics used by e...2024-06-1426 minState of CybercrimeIvanti Zero-DaysCISA issued an emergency directive to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities after learning of malware targeting the software company, allowing unauthenticated threat actors to access Ivanti VPNs and steal sensitive data. CISA is requiring all federal agencies to disconnect from affected Ivanti products by EOD February 2, 2024. The directive also warned that attackers had bypassed workarounds for current resolutions and detection methods. Join Matt, David, and Dvir to learn more about the Ivanti vuln and other cyber threats. OTHER BREAKING STORIES WE'LL COVER: ⢠The latest ChatGPT news ⢠Dee...2024-02-0822 minState of CybercrimeHackers Swatting VictimsEnjoy our first State of Cybercrime episode of 2024 as Matt Radolec and David Gibson cover:Who is to blame for 23andMeâs big breachSECâs X account getting hackedThreat actors swatting patientsVaronis Threat Labs research on a new, widespread vulnerability: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashesMentioned in this episode:NTLM Blog Post: https://www.varonis.com/blog/investigate-ntlm-brute-forceVaronis Threat Labs Blog: https://www.varonis.com/blog/tag/threat-research
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varon...2024-01-1925 minState of CybercrimeLive at Black HatJoin Matt Radolec and David Gibson for this episode of the State of Cybercrime, recording from Black Hat 2023, as they cover the latest threats you need to know about.
Also be sure to check out our webinar, New SEC Cyber Rules: Action Plan for CISOs and CFOs on Tuesday, August 22 | 12 p.m. ET. Link here:
https://info.varonis.com/en/webinar/what-the-new-sec-requirements-mean-for-your-org-2023-08-22Want to join us live? Save a seat here:
https://www.varonis.com/state-of-cybercrime
More from Varonis âŹď¸Â
Visit our website: https://www.varonis.com
LinkedIn: https://www.linkedin.com/company/varonis
X/Twitter: https://twitter.com/varon...2023-08-1016 minState of CybercrimeStorm-0558A Microsoft zero-day vulnerability has allowed hacking group Storm-0558 to forge Azure AD authentication tokens, and breach organizations â including U.S. government agencies â in the past week.
Watch this State of Cybercrime episode to hear our experts break down how this attack happened, see the discoveries made by the Varonis Threat Labs team, and learn what you can do to make sure your data is safe and secure.Want to join us live? Save a seat here:
https://www.varonis.com/state-of-cybercrime
More from Varonis âŹď¸Â
Visit our website: https://www.varonis.com
LinkedIn: https://www.linkedin.com/company/varonis
X/Twitter...2023-07-2228 minState of CybercrimeDODâs Response to Data LeaksIn the wake of the U.S. defense leak, the Pentagon CIO has given a one-week deadline for all defense agencies to ensure compliance with DOD information security protocols. But what does that actually mean?
Join Matt, David, and Varonis Team Lead Engineer for U.S. Public Sector Trevor Brenn for a State of Cybercrime episode that breaks down what the DOD is demanding from its agencies and how this influences the future of information security within government.Want to join us live? Save a seat here:
https://www.varonis.com/state-of-cybercrime
More from Varonis âŹď¸Â
Visit our website: https://www.varon...2023-05-0435 minState of CybercrimeU.S. Defense Papers LeakLinks mentioned in this episode: ⢠Video course (free) on building an IR plan: https://info.varonis.com/thank-you/course/cyber-incident-response ⢠Blog post about LockBit: https://www.varonis.com/blog/anatomy-of-a-ransomware-attack⢠Blog post about HardBit: https://www.varonis.com/blog/hardbit-2.0-ransomware
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram...2023-04-1735 min
The Somerford PodcastZero-Day Vulnerability ExplainedâWhat CISOs Need to Know About Zero-Day Vulnerabilities | w/ VaronisMatt Lock, Technical Director at Varonis UK, returns to the Somerford Podcast in conversation with Anne Mundy. In this episode, they discuss zero-day vulnerabilities, and what steps CISOs can take to be proactive rather than reactive to potential threats.They also list real-world scenarios alongside what impacts this can have on other organisations and the importance of tackling anomalies before they become threats.â Request Varonis' Free Ransomware Preparedness Risk Assessment on our website: https://www.somerfordassociates.com/varonis-dra-resource-page/#ransomware-preparedness-risk-assessmentâś Listen on Spotify: https://open.spotify.com/show/00soJ9kAQuVCh9EBRHOGzJâś Listen on Google...2022-03-0930 minThe Somerford PodcastHelping a CFO Navigate Security Spend â Varonis Cyber Resilience PodcastAnne is joined by Matt Lock, Technical Director at Varonis UK, with the aim to break down the new challenges CFOs face as key decision-makers in cyber security. â Request Varonis' Free Ransomware Preparedness Risk Assessment on our website: https://www.somerfordassociates.com/varonis-dra-resource-page/#ransomware-preparedness-risk-assessmentâââââ Learn More About Varonis on our Website:https://www.somerfordassociates.com/varonis/â Keep Notified of News & Announcements on Linkedin:https://www.linkedin.com/company/somerford-associates-limited/â View our Complimentary Varonis Events: https://www.somerfordassociates.com/events/#varonis-eventsâ Contact Somerford for More Information Regardin...2021-09-1538 minThe Somerford Podcast5 Things a CISO Needs to Prioritise and how Varonis can Help | Varonis Cyber Resilience PodcastAnne is joined by Matt Lock, Technical Director at Varonis UK, to analyse five priorities for a CISO and how Somerford & Varonis can help with their Cyber Resilience and Cloud Security Assessments.They also explore how safe is your data, the ability to detect and respond to a breach, demonstrating appropriate handling of data, increasing the adoption of Cloud in a secure manner and getting the best value from your tools. â Request Varonis' Free Ransomware Preparedness Risk Assessment on our website: https://www.somerfordassociates.com/varonis-dra-resource-page/#ransomware-preparedness-risk-assessmentâââââ Learn More About Varonis on our Websit...2021-07-1634 minState of CybercrimeNew Hacking with Friends Livestream!Thanks for watching the first season of the security tools podcast! Want more? We're live on the SecurityFwd YouTube channel twice per week! Come hack with us or watch any of the previously recorded streams.
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/2020-06-2300 minState of CybercrimeHacking Through School: College Cybersecurity Jobs with Nick GodshallNick's Twitter: https://twitter.com/nickgodshallKody's Twitter: https://twitter.com/kodykinzieVaronis Cyber Attack Workshop: https://www.varonis.com/cyber-workshop/
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/2020-05-1449 minState of CybercrimeCatching Russian Hackers in Decommissioned Servers with Adrian from ThinkstCanary Tokens - https://canarytokens.org/generateLearn more about canaries - https://canary.tools/Adrian's Twitter - https://twitter.com/sawaba
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/2020-04-2850 minState of CybercrimeBreaking Facial Recognition With Vic From F-SecureApologies for the scratchy mic!Vic's Blog on Defeating Facial Recognition: https://vicharkness.co.uk/2019/02/01/the-art-of-defeating-facial-detection-systems-part-two-the-art-communitys-efforts/Check out Vic's Twitter:  https://twitter.com/VicHarknessKody's Twitter: https://twitter.com/kodykinzieVaronis Cyber Attack Workshop: https://www.varonis.com/cyber-workshop/Â
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagr...2020-04-0758 minState of CybercrimeAutomating the Fight Against Scammers & Unfair Parking Tickets with DoNotPayJoshua's Twitter: https://twitter.com/jbrowder1DoNotPay's website: https://donotpay.comSue Phone Scammers: https://donotpay.com/learn/robocall-compensationThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonis...2020-03-1443 minState of CybercrimeHacking the Wi-fi of Today & Tomorrow With Mathy VanhoefMathy's Website: https://www.mathyvanhoef.comMathy's YouTube Channel: https://twitter.com/vanhoefmMathy's Paper on Defeating MAC Address Randomization: https://papers.mathyvanhoef.com/asiaccs2016.pdfThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/Â
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varoni...2020-03-041h 06State of CybercrimeArduino Hacking with SeytonicSeytonic's Malduino Website: https://maltronics.com/Seytonic's Website: https://seytonic.com/Seytonic's YouTube Channel: https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeAThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https...2020-02-1549 minState of CybercrimeCreepDetector - Detecting Stalkers with WardrivingAlex's Website: http://alexlynd.comCheck out the Creep Detector Video: https://www.youtube.com/watch?v=ug9dHwm3h0sAlex Lynd's Twitter: https://twitter.com/alexlyndCheck out Alex's GitHub: https://github.com/AlexLyndThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varon...2020-02-0147 minState of CybercrimeMaltego - Open-source Intelligence and ForensicsCheck out Maltego: https://www.maltego.com/Maltego Twitter: https://twitter.com/maltegohqCheck out Maltego use cases: https://docs.maltego.com/support/solutions/articles/15000012022-use-cases This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varoni...2020-01-2050 minState of CybercrimeObjective-See - Advanced MacOS Security Tools by Ex-NSA Hacker Patrick WardleCheck out Objective-See: https://objective-see.com/Objective-See Twitter: https://twitter.com/objective_seeObjective-See Patreon: https://www.patreon.com/objective_seeWhile In Russia: Patrick's RSA talk on hacking journalists - Patrick's Twitter: https://twitter.com/patrickwardle This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Visit our website...2019-12-1656 minState of CybercrimeESP8266 - The Low-cost Wi-Fi Microchip with a Full TCP/IP StackStefan's Site with links to all of his projects: https://spacehuhn.io/Twitter: https://twitter.com/spacehuhnYouTube: https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8twAn overview of the ESP8266 https://www.espressif.com/en/products/hardware/esp8266ex/overviewStefan's Github https://github.com/spacehuhnESP8266 Deauther 2.0 https://github.com/spacehuhn/esp8266_deautherWiFi Duck - Wireless injection attack Platformhttps://github.com/spacehuhn/WiFiDuckWiFi Satellite - monitoring and logging 2.4GHz WiFi TrafficThis podcast is brought to...2019-11-2248 minState of CybercrimeGrabify - the IP Logging, Honeypot Tracking URL ShortenerA honeypot is a tool that acts as bait, luring an attacker into revealing themselves by presenting a seemingly juicy target. In our first Security Tools podcast, we explore a free tool called Grabify that can gather information about scammers or attackers when they click on a honeypot tracking link.https://grabify.link/https://jlynx.net/https://twitter.com/grabifydotlinkThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/
Want to...2019-11-0845 minState of CybercrimeBe the First to KnowWe wanted you to be the first to know that next week; we will be back in this same feed with a new security podcast from Varonis.The new Security Tools podcast will keep you up to date with the most exciting and useful tools the Infosec community has to offer.Join us on the new show to hear from the researchers and hackers behind tools like Grabify, a link-based Honeypot service that unmasks scammers leveraging the same web tracking tactics used by most modern websites. Weâll find out why itâs so hard to s...2019-11-0501 minState of CybercrimeChanging User BehaviorSummer is approaching, and of course, thatâs when we feel the most heat. However, for cybersecurity managers, they feel the heat all the time. They must be right every time because cybercriminals only have to be right once. So summer can potentially feel like itâs year-round for cybersecurity pros and it can cause job burnout.
Another problem that managers face is the potential ineffectualness of cybersecurity awareness training. Learning and sharing interesting security information in a class is really wonderful and expansive for a userâs mind. However, if it doesnât change a userâs behavior...2019-05-2926 minState of CybercrimeSecurity and Technology UnleashedSearching a travelerâs phone or laptop is not an extension of a search made on a piece of luggage. As former commissioner of Ontario Ann Cavoukian said, âYour smartphone and other digital devices contain the most intimate details of your life: financial and health records.â
In general, itâs also dangerous to connect laws made in accordance with the physical world to the digital space. But even with GDPR thatâs aimed to protect consumer data, the law hasnât taken action against any major technology firms such as Google or Facebook.
It seems our relation...2019-05-1622 min
State of CybercrimeWeâd Love to Upgrade, ButâŚItâs great to be Amazon to only have one on-call security engineer and have security automated. However, for many organizations today, having security completely automated is still an aspirational goal. Those in healthcare might would love to upgrade, but what if youâre using a system thatâs FDA approved, which makes upgrading a little more difficult. What if hackers were able to download personal data from a web server because many werenât up-to-date and had outdated plugins. Meanwhile, hereâs a lesson from veteran report, Brian Krebs on how not to acknowledge a data breach.
By the w...2019-04-2224 min
State of CybercrimeSecurity on Easy ModeRecently in the security space, thereâs been a spate of contradicting priorities. For instance, a recent study showed that programmers will take the easy way out and not implement proper password security. Antidotally, a security pro in a networking and security course noticed another attendee who covered his webcam, but noticeably had his bitlocker recovery code is printed on a label attached to his screen. When protocols and skills compete for our attention, ironically, security gets placed on easy mode. In the real word, when attackers can potentially create malware that would automatically add ârealistic, malignant-seeming growths to CT or...2019-04-1020 min
State of CybercrimeThe Making of the Modern CISOShould CISOs use events or scenarios to drive security, not checklists? It also doesnât matter how much you spend on cybersecurity if ends up becoming shelfware. Navigating oneâs role as a CISO is no easy feat. Luckily, the path to becoming a seasoned CISO is now easier with practical classes and interviews. But when cybersecurity is assumed to not be not very important. Does that defeat the leadership role of a CISO?
Panelists: Cindy Ng, Sean Campbell, Mike Buckbee, Kris Keyser
Want to join us live? Save a seat here: https://www.varo...2019-03-2528 min
State of CybercrimeThe Psyche of DataWith data as the new oil, weâve seen how different companies responded. From meeting new data privacy compliance obligations to combining multiple data anonymized points to reveal an individualâs identity â it all speaks to how companies are leveraging data as a business strategy. Consumers and companies alike are awakening to dataâs possibilities and weâre only beginning to understand the psyche and power of data.
Tool of the Week: Zorp
Panelists: Cindy Ng, Kilian Englert, Mike Buckbee
Want to join us live? Save a seat here: https://www.varonis.com/state...2019-02-2521 min
State of CybercrimeThe Dance Between Governance, Risk Management, and ComplianceThe combination of business and technology-related challenges and the requirement to meet regulatory compliance obligations as well as managing risk is no easy feat. European officials have been disseminating information on how to prevent online scams, general tips as well as warning signs. Other attorneys have been reflecting on legislative developments to prepare for the year ahead. Meanwhile, businesses like Facebook and Reddit are finding their rhythm as they dance between running their business, meeting compliance requirements and keeping their usersâ data safe and secure.
Want to join us live? Save a seat here: https://www.va...2019-02-0523 min
State of CybercrimeReflecting on Breaches, Scams and Fake EverythingOn the last week of the year, the Inside Out Security panelists reflected on the yearâs biggest breaches, scams and fake everything. And is computer security warfare? Well, it depends on who you ask. A 7th grader trying to change her grades isnât an enemy combatant. But keep in mind as another argues, âThere's an opponent who doesn't care about you, doesn't play by the rules, and wants to screw you as fully as possible.â
Panelists: Cindy Ng, Mike Buckbee, Kilian Englert, Kris Keyser
Want to join us live? Save a seat here: ht...2019-01-0426 min
State of CybercrimeWhen IT, Data and Security CollideThe CIO is responsible for using IT to make the business more efficient. Meanwhile, the CISO is responsible for developing and executing a security program thatâs aimed to protect enterprise systems and data from both internal and external threats. At the end of the day, the CISO makes security recommendations to the CIO has the final say. Perhaps itâs time that the CISO gets a seat at the table.
Meanwhile, good Samaritans such as Chris Vickery and Troy Hunt help companies find leaked data and hopes the company seal the leak before cybercriminals find it.
2018-12-2427 min
State of Cybercrime#2018inFiveWords [Regarding Our Security Landscape]We need to do better. Exhausting. Dramatic. Thatâs how the Inside Out Security panelists described our 2018 security landscape. We see the drama unfold weekly on our show and this week was no different.
As facial recognition software becomes more prevalent, weâre seeing it used in security to protect even the biggest stars like Taylor Swift. Her security team set up a kiosk replaying rehearsal highlights. Meanwhile, onlookers who stopped were cross checked against their database of stalkers. What a stealthy way to protect one of our favorite singers in the world!
And hereâs a st...2018-12-2024 min
State of CybercrimeA Spotlight on Technology's DilemmaThereâs a yin and yang to technology. For instance, the exchange for convenience and ease with our data. Unfortunately Facebook is getting most of the blame, when many companies have collect many points of data as the default setting.
Meanwhile, as quickly as diligent security pros are eager to adopt and advance security solutions with biometrics, cybercriminals are equally determined to thwart these efforts.
Other articles discussed:
⢠Googleâs plan to mitigate bias in their algorithm
⢠Australia approves bill, requiring tech companies to provide data upon request
Want to join us live? Sa...2018-12-1433 min
State of CybercrimeSecurity and Privacy are Joined at the HipWeâve completed almost 100 podcast panels and sometimes it feels like weâre talking in circles. Over the years, the security and privacy landscape have gotten more complex, making baseline knowledge amongst industry pros ever so more important. Old concepts are often refreshed into current foundational security concepts.
Technological advancements as well as decline also bring forth new challenges. When thereâs a decline, we need to reserve the right to change our strategy. For years, users were blamed and labeled as the enemy, but our infrastructure wasnât built with security in mind. So, perhaps the weakest...2018-11-2031 min
State of CybercrimeWhat New Tech Can Learn From Old TechPasswords are easy to use. Everyone knows how it works. However, many security pros point out the inherent design flaw in passwords as a safe form of authorization and authentication. The good news is that we can reflect upon what old technologies can teach new technologies as weâre creating new products and services. One vital concern to keep in mind are terms and conditions, particularly with DNA ownership rights.
Other articles discussed:
How did Iran find CIA spies? They Googled It
Panelists: Cindy Ng, Kilian Englert, Forrest Temple, Matt Radolec
Want to join us...2018-11-1422 min
State of CybercrimeDisguises, Online and OfflineLearning about the CIAâs tips and tricks on disguising oneâs identity reminded us that humans are creatures of habit and over a period of time, can illuminate predictable behavioral patterns, which are presented as biometric data. As a result, businesses can leverage and integrate these data points with their operations and sales process.
For instance, businesses are buying data about oneâs health and also creating patents to measure a userâs pulse and temperature. Others are learning about the psychology about a user and making it difficult for a user to cancel a service.
Ot...2018-10-3027 min
State of CybercrimeIf You Canât Build In Security, Build In AccountabilityVulnerability after vulnerability, weâve seen that thereâs no perfect model for security. Hence, the catchphrase, âIf you canât build in security, then build in accountability.â
But history has also shown that even if there was enough political will and funding, consumers arenât interested in paying a huge premium for security when a comparable product with the features they want is available much more cheaply.
Will that theory hold when it comes to self-driving cars? At the very least, safety should be a foundational tenet. Whatâs the likelihood that anyone would enter a self-d...2018-10-2537 min
State of CybercrimeHow CISOs Explain Security to the C-SuiteAfter the latest Microsoft Ignite conference, the enduring dilemma of how CISOs explain security matters to the C-Suite bubbled to the surface again. How technical do you get?
Also, when the latest and greatest demos are given at one of the worldâs most premier technology show, it can be easy to get overwhelmed with fancy new tools. Whatâs more important is to remember the basics: patching, least privilege, incident response, etc.
Other articles discussed:
Engineer fined for not disclosing a vulnerability responsibly
Young Mirai botnet authors avoid jail time
Is public shaming bad...2018-10-0330 min
State of CybercrimeThe False Binary of CyberWeâre in an impermanent phase with technology where circumstances and cyberattacks are not always black or white. Hereâs what weâre contending with: would you prefer a medical diagnosis from a human or machine? In another scenario, would a cyberattack on a stateâs power grid be an act of war? Officially, itâs not considered so, yet. Or, perhaps a scenario less extreme where you buy a video and then 5 years later, it disappears from your library bc the company where you bought your video from loses the distribution rights. Data ownership is an important part of data se...2018-09-1929 min
State of CybercrimeIâm Mike McCabe, Systems Engineering Manager of SLED West at Varonis, and This is How I WorkSystems engineering manager Mike McCabe understands that State, Local and Education (SLED) government agencies want to be responsible stewards of taxpayerâs funds. So it makes sense they want to use security solutions that have proven themselves effective. For the past six years, heâs brought awareness on the tried and true efficacy of how Varonis solutions can secure SLEDâs sensitive unstructured data.
In our podcast interview, he explains why data breaches are taking place, why scripts arenât the answer, and how weâre able to provide critical information about access to SLEDâs sensitive data.
We als...2018-09-0417 min
State of CybercrimeComputer Scientists Arenât PhilosophersOur community is finally discussing whether computer science researchers should be required to disclose negative societal consequences of their work to the public. Computer scientists argue that they arenât social scientists or philosophers, but caring about the world isnât about roles, itâs the responsibility of being a citizen of the world. At the very least, researchers ought to be effective communicators. Weâve seen them work with law enforcement and vulnerability announcements. There must be more they can do!
Tool of the week: Wget, Proof of Concept
Panelists: Cindy Ng, Mike Thompson, Kilian E...2018-08-2923 min
State of CybercrimeLiving Vicariously through Blackhat Attendees and SpeakersWhile some of our colleagues geeked out at Blackhat, some of us vicariously experienced it online by following #BHUSA.
The keynote was electric. Theyâre great ideas and weâve seen them implemented in certain spaces. However, the reality is, we have a lot more work to do.
There was also a serious talk about burn out, stress, and coping with alcohol as a form of escape. We learned that mental health is growing concern in the security space. As more organizations rely on technology, security pros are called on at all hours of the day...2018-08-1520 min
State of CybercrimeIâm Colleen Rafter, Professional Services Education Manager at Varonis, and This is How I WorkOver the past six years, Colleen Rafter has been educating Varonis customers on the latest and greatest data security best practices. Share or NTFS permissions? She has an answer for that.
Aware that security pros need to meet the latest GDPR requirements, she has been responsibly reading up on the latest requirements and developing course material for a future class.
In our podcast, Colleen advises new Varonis customers what to do once they have our solutions and which classes to take and in what order.
Want to join us live? Save a...2018-08-1011 min
State of CybercrimeSecurity Poverty LineThis weekâs podcast was inspired by chief information security officer Wendy Natherâs article, The Security Povery Line and Junk Food. Itâs 2018 and weâre still struggling to get a proper security budget. Is it a mindset? Is that why when we hire pen testers to identify vulnerabilities, theyâre usually able to gain admin access? On the bright side, a company with a bigger budget, Google recently declared victory with a USB key that prevented phishing for an entire year.
Other articles discussed:
Dangers of biometric data
ACLU falsely matched 28 members of congress with mugsh...2018-08-0229 min
State of CybercrimeMoral OverloadWhen we create new technologies, we want security and privacy, economic prosperity and sustainability, accountability but insist on confidentiality. The reality is that it is difficult to embed all of these values in one pass. As technologies get built, it also elucidates some values we hold to a higher regard than others.
To cope with moral overload, some have suggested that we start designing security and privacy controls as a gradient. Or perhaps certain controls get a toggle on/off switch.
Weâre also seeing this moral dilemma in AI â is the technology too volatile or p...2018-07-1921 min
State of CybercrimeWhen Your Security Brain Never Runs Out Of Problems To FindFor years, technologists wondered why the law canât keep pace with technology. Instead of waiting for the government to pass a regulation, should we enlist private companies to regulate?
However, in a recent interview with privacy and cybersecurity attorney Camille Stewart, she said that laws are built in the same way a lot of technologies are built: in the form of a framework. That way, it leaves room and flexibility so that technology can continue to evolve.
While technologists and attorneys continue that debate, the US Federal Trade Commission is hard at work. They re...2018-07-1222 min
State of CybercrimeWinner Takes AllThere are many advantages to being first, especially in the business world. Securing a first place finish usually rewards the winner with monopoly-like status and securing the largest and most dominant market share. A byproduct, however, of the winner takes all mentality is sacrificing security. Thatâs what Thomas Dullien, Google Project Zero presenter suggested in his latest presentation on the relationship between complexity and failure of security. He is onto something because weâre seeing strange incidents occur that we would have never imagined. A Melbourne man got shot because his image in Googleâs database is associated with c...2018-06-2829 min
State of CybercrimeCore Security Principles Drive Us into The FutureWhile reading about our latest technological advances, such as digital license plates and self-driving cars, I wondered about our industryâs core security principles that set the foundation for all our innovation.
However, what about user agreements? Weâre able to create incredible new advances, however we canât get our user agreements right. Even though the agreements are for the users, itâs rare that they want to read the legalese. Itâs just easier to click âacceptâ. As the author suggests, there must be a better way for end users to interact with tech companies.
Want...2018-06-1330 min
State of CybercrimeIâm Sean Campbell, Systems Engineer at Varonis, and This is How I WorkIn April of 2013, after a short stint as a professional baseball player, Sean Campbell started working at Varonis as a Corporate Systems Engineer.
Currently a Systems Engineer for New York and New Jersey, he is responsible for uncovering and understanding the business requirements of both prospective and existing customers across a wide range of verticals. This involves many introductory presentations, proof of concept installations, integration expansion discussions, and even the technical development of Varonis channel partners. Sean also leads a team of subject matter experts(SME) for our innovative DatAlert platform.
According to his manager...2018-06-0417 min
State of CybercrimeData Protectionism: Friend or Foe?Data protectionism - restricting the movement of data between countries - will be an option that governments will elect to implement in the upcoming months and years. As the world economy become more data-driven, impacting global GDPs, they will soon find their way into trade deals, requiring data to be held in servers inside certain countries.
Itâs not just a business decision. Exporting data on individuals is also heavily restricted because of privacy concerns. And we saw a Belgian legislator voice this concern during a discussion with Facebookâs CEO on his value as a user.
2018-05-3123 min
State of CybercrimeTurning People into DevicesOutsourcing tedious tasks is a dream of many and at the latest Google Developerâs conference, Â the audience beamed when Google Assistant booked an appointment. However, attendees were quick to worry about potential exploits those devices might face.
Medical devices are a good example of what computerized assistants might face in the future. Yes, medical devices can save lives and certainly serve a more noble cause than outsourcing tedious tasks, but the security aspect of these life-saving pacemakers and defibrillators still require firmware updates.
Seems that we still havenât learned our lesson: embed security at th...2018-05-1728 min
State of CybercrimeIâm Brian Vecci, Technical Evangelist at Varonis, and This is How I WorkIf youâve ever seen Technical Evangelist Brian Vecci present, his passion for Varonis is palpable. He makes presenting look effortless and easy, but as we all know excellence requires a complete devotion to the craft. I recently spoke to him to gain insight into his work and to shed light on his process as a presenter.
âWhen I first started presenting for Varonis, Iâd have the presentation open on one half of the screen and Evernote open on the other half and actually write out every word I was going to say for each slide,â said Bri...2018-05-1419 min
State of CybercrimeVaronis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part TwoIn part two of my interview with Varonis CFO & COO Guy Melamed, we get into the specifics with data breaches, breach notification and the stock price.
Whatâs clear from our conversation is that you can no longer ignore the risks of a potential breach. There are many ways you can reduce risk. However, if you choose not to take action, minimally, at least have a conversation about it.
Also, around 5:11, I asked a question about IT pros who might need some help getting budget. Thereâs a story that might help.
Do Data...2018-05-0708 min
State of CybercrimeNot Everything is a No BrainerWhen I asked our podcast panelists about the difficulty in discerning real businesses from fake or answering innocuous questions about your first pet, it can be time consuming, mentally exhausting and not naturally intuitive.
As technology gets even more difficult to navigate, think about how important it is when presenting time-to-value security solutions to C-Suite executives.
A popular catchphrase amongst IT pros is: âItâs a no brainer.â When an idea presented is expressed as a no brainer, itâs assumed that the idea has obvious value, when processes and strategic decisions are more complicated than it...2018-05-0418 min
State of CybercrimeVaronis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part OneRecently, the SEC issued guidance on cybersecurity disclosures, requesting public companies to report data security risk and incidents that have a âmaterial impactâ for which reasonable investors would want to know about.
How does the latest guidance impact a CFOâs responsibility in preventing data breaches? Â Luckily, I was able to speak with Varonisâ CFO and COO Guy Melamed on his perspective.
In part one of my interview with Guy, we discuss the role a CFO has in preventing insider threats and cyberattacks and why companies might not take action until they see how vulnerable they are with...2018-04-3012 min
State of Cybercrime41% of organizations have at least 1,000 sensitive files open to all employeesThis week, we talk about our annual data risk assessment report and sensitive files open to every employee! 41% of companies are vulnerable. The latest finding put organizations at risk as unsecure folders give attackers easy access to business roadmaps, intellectual property, financial and health data, and more. We even discussed how data open to everyone in an organization relates to user-generated data shared with 3rd party apps. Is it a data security or privacy problem? At the very least, panelists think itâs a breach of confidence.
Other articles discussed:
Dead peopleâs privacy rights
Bill Gate...2018-04-1627 min
State of CybercrimeVaronis Track at RSA 2018Weâre all counting down to the RSA Conference in San Francisco April 16 â 20, where you can connect with the best technology, trends and people that will protect our digital world.
Attendees will receive a Varonis branded baseball hat and will be entered into a $50 gift card raffle drawing for listening to our presentation in our North Hall booth (#3210).
Attendees that visit us in the South Hall (#417) will receive a car vent cell phone holder.
In addition to stopping by our booth, below are sessions you should consider attending. Youâll gain important insights into bes...2018-04-0928 min
State of CybercrimeIâm Elena Khasanova, Professional Services Manager at Varonis, and This is How I WorkPrior to Varonis, Elena Khasanova worked in backend IT for large organizations. She did a bit of coding, database administration, project management, but was ready for more responsibility and challenges.
So seven years ago, she made the move to New York City from Madison, Wisconsin and joined the professional services department at Varonis.
With limited experience speaking with external customers and basic training, Varonis entrusted her to deploy products as well as present to customers. Elena recalls, âNot every company will give you a chance to talk to external customers without prior experienceâŚ.But it was...2018-03-2822 min
State of CybercrimeAre Users and Third-Party Vendors Frenemies?In the midst of our nationwide debate on social media companies limiting third party appsâ access to user data, letâs not forget that companies have been publicly declaring who collects our data and what they do with it. Why? These companies have been preparing for GDPR, the new EU General Data Protection Regulation as it will go into effect on May 25th.
This new EU law is a way to give consumers certain rights over their data while also placing security obligations on companies holding their data.
In this episode of our podcast, weâve fou...2018-03-2222 min
State of CybercrimeDetails Matter in Breaches and in BusinessWith one sensational data breach headline after another, we decided to take on the details behind the story because a concentrated focus on the headline tends to reveal only a partial dimension of the truth.
For instance, when a bankâs sensitive data is compromised, it depends on how as well as the what. Security practitioner Mike Buckbee said, âItâs very different if your central data storage was taken versus a Dropbox where you let 3rd party vendors upload spreadsheets.â
Weâre also living in a very different time when everything we do in our person...2018-03-0822 min
State of CybercrimeInnovate First, Deliver PSAs LaterToday even if we create a very useful language, IoT device, or software, at some point, we have to go back to fix the security or send out PSAs.
Troy Hunt, known for his consumer advocacy work on breaches, understands this very well. He recently delivered a very practical PSA: Donât tell people to turn off Windows update, just donât.
We also delivered a few PSAs of our own: cybercriminals viewour linkedin profiles to deliver more targeted phish emails, whether weâd prefer to deal with ransomware or cryptomalware, and the six laws of tec...2018-02-2821 min
State of CybercrimeSecurity Alert WoesIT pros could use a little break from security alerts. They get a lot of alerts. All. The. Time.
While alerts are important, a barrage of them can potentially be a liability. It can cause miscommunication, creating over reactivity. Conversely, alerts can turn into white noise, resulting in apathy. Hence the adage: if everything is important, nothing is. Instead, should we be proactive about our security risks rather than reactive?
Articles discussed:
Heatmap reveals secret military bases
ICE gets access to license plate numbers
Does it matter if you put your password on a...2018-02-0818 min
State of CybercrimeManifesting Chaos or a Security Risk?Regular listeners of the Inside Out Security podcast know that our panelists canât agree on much. Well, when bold allegations that IT is the most problematic department in an organization can be, ahem, controversial.
But whether you love or hate IT, we canât deny that technology has made significant contributions to our lives. For instance, grocery stores are now using a system, order-to-shelf, to reduce food waste. There are apps to help drivers find alternate routes if theyâre faced with a crowded freeway. Both examples are wonderful use cases, but also have had unforeseen side e...2018-01-2426 min
State of CybercrimeThe Security of Legacy SystemsItâs our first show of 2018 and we kicked off the show with predictions that could potentially drive headline news. By doing so, weâre figuring out different ways to prepare and prevent future cybersecurity attacks.
Whatâs notable is that IBM set up a cybersecurity lab, where organizations can experience what itâs like go through a cyberattack without any risk to their existing production system. This is extremely helpful for companies with legacy systems that might find it difficult to upgrade for one reason or another. But we can all agree whatâs truly difficult are the te...2018-01-1922 min
State of CybercrimeWho is in Control? The Data or Humans?Self-quantified trackers made possible what was once nearly unthinkable: for individuals to gather data on oneâs activity level in order to manage and improve oneâs performance. Some have remarked that self-quantified devices can hinge on the edge of over management. As we wait for more research reports on the right dose of self-management, weâll have to define for ourselves what the right amount of self-quantifying is.
Meanwhile, it seems that businesses are also struggling with a similar dilemma: measuring the right amount of risk and harm as it relates to security and privacy.
Acti...2017-12-1922 min
State of CybercrimeSecurity and Privacy Concerns with Chatbots, Trackers, and moreThe end of the year is approaching and security pros are making their predictions for 2018 and beyond. So are we! This week, our security practitioners predicted items that will become obsolete because of IoT devices. Some of their guesses - remote controls, service workers, and personal cars.
Meanwhile, as the business world phase out old technologies, some are embracing the use of new ones. For instance, many organizations today use chatbots. Yes, theyâll help improve customer service. But some are worried that when financial institutions embrace chatbots to facilitate payments, cyber criminals will see it as an...2017-12-0721 min
State of CybercrimeThe Challenges and Promise of Digital DrugsRecently the Food and Drug Administration approved the first digital pill. This means that medicine embedded with a sensor can tell health care providers â doctors and individuals the patient approves â if the patient takes his medication. The promise is huge. It will ensure a better health outcome for the patient, giving caretakers more time with the ones they love. Whatâs more, by learning more about how a drug interacts with a human system, researchers might find a way to prevent illnesses that was once believed impossible to cure. However, as security pros there are some in the industry that b...2017-11-2228 min
State of CybercrimeBring Back Dedicated and Local Security TeamsLast week, I came across a tweet that asked how a normal user is supposed to make an informed decision when a security alert shows up on his screen. Great question!
I found a possible answer to that question at New York Times director of infosecurity, Runa Sandvikâs recent keynote at the OâReilly Security Conference.
She told the attendees that many moons ago, Yahoo had three types of infosecurity departments: core, dedicated and local.
Core was the primary infosec department. The dedicated group were subject matter experts on security, still on the...2017-11-0822 min
State of CybercrimeThe Moral Obligation of Machines and HumansCritical systems once operated by humans are now becoming more dependent on code and developers. There are many benefits to machines and automation such as increased productivity, quality and predictability.
But when websites crash, 911 systems go down or when radiation-therapy machines kill patients because of a software error, itâs vital that we rethink our relationship with code and as well as the moral obligations of machines and humans.
Should developers who create software that impact humans be required to take a âdo no harmâ ethics training? Should we begin measuring developers by the functionality they c...2017-10-2428 min
State of CybercrimeThe Anatomy of a Cybercriminal StartupOutlined in the National Cyber Security Centreâs âCyber crime: understanding the online business model,â the structure of a cybercrime organization is in many ways a lot like a regular tech startup. Thereâs a CEO, developer, and if there are enough funds, an IT department.
However, one role outlined on an infographic on page nine of the report that was a surprise and does not exist in legitimate businesses. This role is known as a âmoney mule.â Vulnerable individuals are often lured into these roles with titles such as âpayment processing agentsâ or âmoney transfer agents.â
But when âmone...2017-10-1224 min
State of CybercrimeHow Weightless Data Impacts Data SecurityBy now, weâre all aware that many of the platforms and services we use collect and store information about our data usage. Afterall, they want to provide us with the most personalized experience.
So when I read that an EU Tinder user requested information about her data and was sent 800 pages, I was very intrigued with the comment from Luke Stark, a digital technology sociologist at Dartmouth University, âApps such as Tinder are taking advantage of a simple emotional phenomenon; we canât feel data. This is why seeing everything printed strikes you. We are physical creatu...2017-10-0523 min
State of CybercrimePenetration Testers Sanjiv Kawa and Tom PorterWhile some regard Infosec as compliance rather than security, veteran pentesters Sanjiv Kawa and Tom Porter believe otherwise. They have deep expertise working with large enterprise networks, exploit development, defensive analytics and I was lucky enough to speak with them about the fascinating world of pentesting.
In our podcast interview, we learned what a pentesting engagement entails, assigning budget to risk, the importance of asset identification, and so much more.
Regular speakers at Security Bsides, they have a presentation on October 7th in DC, The World is Y0ur$: Geolocation-based Wordlist Generation with Wordsmith.
2017-09-2938 min
State of CybercrimeOfer Shezaf, Varonis Director of Cyber Security, Part IIOfer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University.
In this second part of the interview, we explore ways to improve data security through security by design techniques at the development stage, pen testing, deploying Windows 10s, and even labeling security products!
Want...2017-09-2613 min
State of CybercrimeOfer Shezaf, Varonis Director of Cyber Security, Part IOfer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University. In this first part of the interview, Ofer shares his thoughts on the changing threat landscape.
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis âŹď¸Â Vis...2017-09-2009 min
State of CybercrimeWhen Hackers Behave Like GhostsWeâre a month away from Halloween, but when a police detective aptly described a hotel hacker as a ghost, I thought it was a really clever analogy! Itâs hard to recreate and retrace an attackerâs steps when there are no fingerprints or evidence of forced entry.
Letâs start with your boarding pass. Before you toss it, make sure you shred it, especially the barcode. It can reveal your frequent flyer number, your name, and other PII. You can even submit the passengerâs information on the airlineâs website and learn about any future fligh...2017-09-0724 min
State of CybercrimeSecurity Doesnât Take a VacationDo you keep holiday photos away from social media when youâre on vacation? Security pros advise that it's one way to reduce your security risk. Yes, the idea of an attacker mapping out a route to steal items from your home sound ambitious. However, weâve seen actual examples of a phishing attack as well as theft occur.
Alternatively, the panelists point out that this perspective depends on how vulnerable you might be. If attackers need an entry and believe that youâre a worthy target is vastly different from the general noise of regular social media...2017-08-3025 min
State of CybercrimeThe Security of Visually Impaired Self-Driving CarsHow long does it take you to tell the difference between fried chicken or poodle? What about a blueberry muffin or Chihuahua? When presented with these photos, it requires a closer look to differentiate the differences.
It turns out that self-driving car cameras have the same problem. Recently security researchers were able to confuse self-driving car cameras by adhering small stickers to a standard stop sign. What did the cameras see instead? A 45 mph speed limit sign.
The dangers are self-evident. However, the good news is that there are enough built-in sensors and cameras to...2017-08-2428 min
State of CybercrimeDeleting a File Is More than Placing It into the TrashWhen we delete a file, our computerâs user interface makes the file disappear as if it is just a simple drag and drop. The reality is that the file is still in your hard drive.
In this episode of the Inside Out Security Show, our panelists elaborate on the complexities of deleting a file, the lengths IT pros go through to obliterate a file, and surprising places your files might reside.
Kris Keyser explains, âWhen youâre deleting a file, youâre not necessarily deleting a file. Youâre deleting the reference to that file.â...2017-08-1723 min
State of CybercrimeAre Cyber War Rooms Necessary?While some management teams are afraid of a pentest or risk assessment, other organizations - particularly financial institutions - are well aware of their security risks. They are addressing these risks by simulating fake cyberattacks. By putting IT, managers, board members and executives who would be responsible for responding to a real breach or attack, they are learning how to respond to press, regulators, law enforcement, as well as other scenarios they might not otherwise expect.
However, other security experts would argue that cyber war rooms are financially prohibitive for most organizations with a limited budget. Whatâs...2017-08-1128 min
State of CybercrimeBlackhat Briefings That Will Add to Your Tool BeltWeâre counting down to Blackhat USA to attend one of the worldâs leading information security conference to learn about the latest research, development and trends.
Weâll also be at booth #965 handing out fabulous fidget spinners and showcasing all of our solutions that will help you protect your data from insider threats and cyberattacks.
In this podcast episode, we discuss sessions you should attend as well as questions to ask that will help you reduce risk. We even cover why it isn't wise to only rely on important research methods like honeypots save you fro...2017-07-2526 min
State of CybercrimeCyber Threats Are Evolving and So Must Two-FactorFinally, after years of advocacy many popular web services have adopted two-factor authentication (2FA) as a default security measure. Unfortunately, as you might suspect attackers have figured out workarounds. For instance, attackers that intercept your PIN in a password reset man-in-the-middle attack.
So what should we do now? As the industry moves beyond 2FA, the good news is that three-factor authentication is not on the shortlist as a replacement. Googleâs identity systems manager, Mark Risher said, âOne of the truths weâve found is that people wonât accept more security than they think they need.â
Ther...2017-07-2120 min
State of CybercrimeBudgets and EthicsRight now, many companies are planning 2018âs budget. As always, it is a challenge to secure enough funds to help with ITâs growing responsibilities. Whether youâre a nonprofit, small startup or a large enterprise, youâll be asked to stretch every dollar. In this weekâs podcast, we discussed the challenges a young sysadmin volunteer might face when tasked with setting up the IT infrastructure for a nonprofit.
And for a budget interlude, I asked the panelists about the growing suggestion for engineers to take philosophy classes to help with ethics related questions.
Other Arti...2017-07-1225 min
State of CybercrimeIs Data Worth More Than Money?When it comes to infosecurity, we often equate treating data like money. And rightfully so. After all, data is valuable. Not to mention the human hours devoted to safeguarding an organizationâs data.
However, when a well-orchestrated attack happens to destroy an organizationâs data, rather than for financial gain, we wondered if data is really worth more than money.
Sure you can quantify the cost of tools, equipment, hours spent protecting data, but what about intellectual and emotional labor? How do we assign proper value to the creative essence and spirit of what makes our...2017-07-0727 min
State of CybercrimeSix Degrees of Kevin Bacon (Security Edition)Since security pertains to everyone, in this episode of the IOSS we challenged ourselves to tie security back to Kevin Bacon. You might have to give us a few passes, but the connection is still strong.
Keira Knightley: Earlier this year, a man applied for credit account at Best Buy using Keira Knightleyâs driverâs license information. If they didnât catch him, it would have affected her FICO score.
And speaking of FICO, they just created an Enterprise Security Score, which rates how secure an organization is. We debated whether or not a score w...2016-10-0719 min
State of CybercrimeAttraction of Repulsion (to Ransomware)When it comes to ransomware, we canât stop talking about it. Thereâs a wonderful phrase for our syndrome, âthe attraction of repulsion,â meaning that something is so awful you canât stop watching and/or talking about it.
How awful has ransomware been? According to the FBI, in the first three months of 2016, ransomware attacks cost their victims a total of $209 million. And it doesnât stop there. Itâs impacted many businesses including financial firms, government organizations, healthcare providers, and more.
In this episode of the Inside Out Security Show(IOSS), we cover three type...2016-09-2229 min
State of CybercrimeBring Your Geek To CourtLast week, Alpesh Shah of Presidio joined us to discuss law firms and technology. With big data, ediscovery, the cloud and more, itâs of growing importance that law firms leverage technology so that they can better serve their clients. And in doing so, law firms can spend more time doing âlawyerly thingsâ and, um, more billing.
Hallmarks of this episode include:
why itâs critical for law firms to leveraging technology
why clients demand that law firms care about data security
and
extra steps law firms need to take if they want to work with h...2016-09-0928 min
State of CybercrimeThe Vulnerability of ThingsWe were thrilled when Pen Testing veteran, Ken Munro joined our show to discuss the vulnerabilities of things.
In this episode, Ken reveals the potential security risks in a multitude of IoT devices â cars, thermostats, kettle and more. We also covered GDPR, Privacy by Design and asked if Ken thinks âThe Year of Vulnerabilitiesâ will be hitting headlines any time soon.
Munro runs Pen Testing Partners, a firm that focuses on penetration testing on the Internet of Things. Heâs a regular on BBC, and most recently, he was interviewed by one of our bloggers, Andy Green...2016-09-0637 min
State of CybercrimeGo Open Source!Whether youâre a proponent of open-source or proprietary software, thereâs no doubt that the promise of open-source is exciting for many.
For one thing, itâs mostly free. Itâs built and maintained by passionate developers who can easily âlook under the hoodâ. The best part is that youâre not married to the vendor.
Yes, there are many helpful open-source security tools as well as awesome projects based on Go. But lately, there has been a controversial case of open-source ransomware. Originally created to educate others about ransomware, itâs turned into a mashup ransomware witho...2016-09-0131 min
State of CybercrimeMoods and Motives of a Smooth CriminalAfter reading about an IT admin at large bank who went rogue, we put on our empathy hats to understand why.
And in this episode, we came up with three reasons:
Instead of being recognized as a revenue generator, IT is seen as a cost center
Despite all the tests and certificates, Â IT people arenât as valued as, say, doctors or lawyers
And lastly, IT people are often overworked and underappreciated
Could changing the way you dress and improving your communication style be the answer?
What do you think? Let us know!
...2016-08-2919 min
State of CybercrimeExcellent Adventures at Black HatHackers, Executives, Military Folks, IT People who work in Insurance, even Cab Drivers all had something to teach us about security and privacy at the latest Black Hat event in Vegas.
Subscribe Now
Join us Thursdays at 1:30ET for the Live show on Youtube, or use one of the links below to add us to your favorite podcasting app.
iTunes
Android
RSS
The post Excellent Adventures at Black Hat â IOSS 18 appeared first on Varonis Blog.
Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeM...2016-08-2533 min
State of CybercrimeMore Articles on Privacy by Design than ImplementationGoing from policy to implementation is no easy feat because some have said that Privacy by Design is an elusive concept.
In this episode, we meditated on possible solutions such as incentivizing and making privacy as the default setting. We even talked about the extra expense of having a Privacy by Design mindset.
What do you think about going from policy to implementation? Share with us your thoughts!
Subscribe Now
Join us Thursdays at 1:30ET for the Live show on Youtube, or use one of the links below to add us t...2016-08-2227 min
State of CybercrimeThreatbustersIf thereâs something strange on your network, who should we call?
The security team!
Well, I like to think of them as Threatbusters. Why? Theyâre insatiable learners and they work extremely hard to keep security threats at bay.
In this episode, we talk about awesome new technologies(like computer chips that self-destruct and ghost towns that act like honeypots), how to get others within your organization to take security threats seriously, and awesome threatbusters that are doing applause-worthy work.
Subscribe Now
Join us Thursdays at 1:30ET for the L...2016-08-1936 min