Look for any podcast host, guest or anyone
Showing episodes and shows of

Technical Director At Varonis UK

Shows

State of CybercrimeState of CybercrimeThe Oracle Breach Debate📌 We apologize for the technical issues experienced while filming this episode. Now onto the episode details: Oracle recently faced a major security scare after a hacker claimed to have stolen 6 million data records — a breach that has everyone talking. After initially denying the breach, Oracle is now saying their Oracle Cloud Infrastructure has not been compromised, but the exposed data came from old legacy servers. Join Matt and David, along with special guest Joseph Avanzato from Varonis Threat Labs, as they explore the hacker's claims, Oracle's response, and the broader lessons about cloud security and incident management.As alw...2025-04-1924 minState of CybercrimeState of CybercrimeDeepSeek DisruptionDeepSeek, the Chinese AI startup dominating news feeds, has experienced exponential growth while wiping almost $1 trillion off the U.S. stock market. However, the model's rise has now been overshadowed by a surge of malicious attacks. On this special episode of State of Cybercrime, Matt and David explore the rise of this innovative AI tool, the subsequent attacks, and the potential vulnerabilities of the AI model. DeepSeek won’t be the last shadow AI app you have to worry about.So what steps can you take to ensure you can discover and stop shadow AI app...2025-02-0421 minBytesize TechnologyBytesize TechnologySecuring the Future: DSPM with Bytes & VaronisIn this episode of Bytes Talks, we welcome Varonis, one of our key Strategic Partners, to discuss the trending topic of Data Security Posture Management (DSPM). Special guest Matt Lock, Technical Director UK at Varonis, and Joe Hepburn, Data Management Practice Lead at Bytes, delve into the importance of DSPM and why more customers are adopting this platform.Our experts will explain what DSPM is, its significance in the current market, and the challenges it helps organisations tackle. Discover how DSPM is a powerful tool designed to help organisations discover, map, monitor, and protect their data across...2025-01-3131 minRun the NumbersRun the NumbersGuiding Stakeholders Through Business Model Transitions with Varonis CFO & COO Guy MelamedGuy Melamed, CFO & COO of Varonis, joins CJ to discuss the company’s two major transitions. In 2019, Varonis shifted from a perpetual model to an on-prem subscription model, completing the transformation in record time. They are currently in the process of transitioning from an on-prem subscription company to a SaaS company. Guy and CJ delve into the challenges of these transitions, the pressure of doing them in the public eye, and how to communicate these processes to your customers, investors, and sales reps. He highlights the key KPIs that Varonis tracks, the ones that are overrated, and the importance of...2024-12-0553 minMillennium Live | A Leadership & Discovery PodcastMillennium Live | A Leadership & Discovery Podcast🎙️ Episode 307 | Securing the Future: How Varonis is Tackling AI-Driven Cybersecurity ChallengesWelcome back to Millennium Live, the podcast where we explore the technology, innovation, and strategies driving the digital enterprise forward. In this episode, we’re diving into the evolving landscape of cybersecurity, he powerful role AI plays in strengthening cybersecurity defenses, and how Varonis ensures data security in today’s distributed work environments.Our guest is Brian Vecci, Field CTO at Varonis, a leading provider of data security solutions. Varonis helps organizations protect their most valuable asset—data—and in a world where cyber threats are constantly evolving, their expertise is more crucial than ever. We’ll explore wh...2024-11-3040 minRadioteātris bērniemRadioteātris bērniem"Kas ir tavs varonis šodien?". 1. raidījumsLatviešu valodas aģentūras skolēnu radošo darbu konkursa „Kas ir tavs varonis šodien?” uzvarētāju labāko darbu fragmenti. 1. raidījums. Konkursā piedalījās skolēni no dažādiem Latvijas novadiem, kā arī no Latviešu skolām pasaulē un Latviešu valodas aģentūras tālmācību nodarbību audzēkņi. Pirmajā raidījumā skan fragmenti no domrakstiem, kuru autori ir: Kristers Jaunzems, Gulbīša pamatskolas 3.klase Annika Leonoviča, Aglonas Katoļu ģimnāzijas 4. klase Aleksandrs Drande, Liepājas Draudzīgā aicinājuma vidusskolas 4. c klase Sāra Paegle...2024-11-0300 minState of CybercrimeState of CybercrimeChatGPT Memory Manipulation + Salt TyphoonHosts Matt Radolec and David Gibson explain how cybercriminals are manipulating AI models like ChatGPT to plant false memories and steal data, along with other cybercrime-related stories like Salt Typhoon. Salt Typhoon is a Chinese hacking group that has reportedly breached multiple key U.S. broadband providers, raising significant concerns about the security of sensitive communications data. The hackers may have had access to these networks for months, raising significant concerns about the security of sensitive communications data. More from Varonis ⬇️  Visit our website: https://www.varonis.com LinkedIn: https://ww...2024-10-1628 minState of CybercrimeState of CybercrimeSnowflake Security CheckSnowflake, a cloud storage platform used by some of the largest companies in the world, is investigating a targeted attack on its users who lack multifactor authentication. Join Matt Radolec and David Gibson for an episode of State of Cybercrime in which we discuss the increased attacks on Snowflake customers and share our five-point checklist for ensuring your cloud databases are properly configured and monitored. WE’LL ALSO COVER: The world’s largest botnet ever discoveredGoogle’s algorithm leakThe Black Basta ransomware-as-a-service (RaaS) operationThe cyberattack that destroyed over 600K U.S. routersSneaky new tactics used by e...2024-06-1426 minState of CybercrimeState of CybercrimeIvanti Zero-DaysCISA issued an emergency directive to mitigate Ivanti Connect Secure and Ivanti Policy Secure vulnerabilities after learning of malware targeting the software company, allowing unauthenticated threat actors to access Ivanti VPNs and steal sensitive data. CISA is requiring all federal agencies to disconnect from affected Ivanti products by EOD February 2, 2024. The directive also warned that attackers had bypassed workarounds for current resolutions and detection methods. Join Matt, David, and Dvir to learn more about the Ivanti vuln and other cyber threats. OTHER BREAKING STORIES WE'LL COVER: • The latest ChatGPT news • Dee...2024-02-0822 minState of CybercrimeState of CybercrimeHackers Swatting VictimsEnjoy our first State of Cybercrime episode of 2024 as Matt Radolec and David Gibson cover:Who is to blame for 23andMe’s big breachSEC’s X account getting hackedThreat actors swatting patientsVaronis Threat Labs research on a new, widespread vulnerability: https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashesMentioned in this episode:NTLM Blog Post: https://www.varonis.com/blog/investigate-ntlm-brute-forceVaronis Threat Labs Blog: https://www.varonis.com/blog/tag/threat-research Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varon...2024-01-1925 minState of CybercrimeState of CybercrimeLive at Black HatJoin Matt Radolec and David Gibson for this episode of the State of Cybercrime, recording from Black Hat 2023, as they cover the latest threats you need to know about. Also be sure to check out our webinar, New SEC Cyber Rules: Action Plan for CISOs and CFOs on Tuesday, August 22 | 12 p.m. ET. Link here: https://info.varonis.com/en/webinar/what-the-new-sec-requirements-mean-for-your-org-2023-08-22Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime More from Varonis ⬇️  Visit our website: https://www.varonis.com LinkedIn: https://www.linkedin.com/company/varonis X/Twitter: https://twitter.com/varon...2023-08-1016 minState of CybercrimeState of CybercrimeStorm-0558A Microsoft zero-day vulnerability has allowed hacking group Storm-0558 to forge Azure AD authentication tokens, and breach organizations — including U.S. government agencies — in the past week. Watch this State of Cybercrime episode to hear our experts break down how this attack happened, see the discoveries made by the Varonis Threat Labs team, and learn what you can do to make sure your data is safe and secure.Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime More from Varonis ⬇️  Visit our website: https://www.varonis.com LinkedIn: https://www.linkedin.com/company/varonis X/Twitter...2023-07-2228 minState of CybercrimeState of CybercrimeDOD’s Response to Data LeaksIn the wake of the U.S. defense leak, the Pentagon CIO has given a one-week deadline for all defense agencies to ensure compliance with DOD information security protocols. But what does that actually mean? Join Matt, David, and Varonis Team Lead Engineer for U.S. Public Sector Trevor Brenn for a State of Cybercrime episode that breaks down what the DOD is demanding from its agencies and how this influences the future of information security within government.Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrime More from Varonis ⬇️  Visit our website: https://www.varon...2023-05-0435 minState of CybercrimeState of CybercrimeU.S. Defense Papers LeakLinks mentioned in this episode: • Video course (free) on building an IR plan: https://info.varonis.com/thank-you/course/cyber-incident-response • Blog post about LockBit: https://www.varonis.com/blog/anatomy-of-a-ransomware-attack• Blog post about HardBit: https://www.varonis.com/blog/hardbit-2.0-ransomware Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram...2023-04-1735 minThe Somerford PodcastThe Somerford PodcastZero-Day Vulnerability Explained—What CISOs Need to Know About Zero-Day Vulnerabilities | w/ VaronisMatt Lock, Technical Director at Varonis UK, returns to the Somerford Podcast in conversation with Anne Mundy. In this episode, they discuss zero-day vulnerabilities, and what steps CISOs can take to be proactive rather than reactive to potential threats.They also list real-world scenarios alongside what impacts this can have on other organisations and the importance of tackling anomalies before they become threats.✓ Request Varonis' Free Ransomware Preparedness Risk Assessment on our website: https://www.somerfordassociates.com/varonis-dra-resource-page/#ransomware-preparedness-risk-assessment▶ Listen on Spotify: https://open.spotify.com/show/00soJ9kAQuVCh9EBRHOGzJ▶ Listen on Google...2022-03-0930 minThe Somerford PodcastThe Somerford PodcastHelping a CFO Navigate Security Spend — Varonis Cyber Resilience PodcastAnne is joined by Matt Lock, Technical Director at Varonis UK, with the aim to break down the new challenges CFOs face as key decision-makers in cyber security. ✓ Request Varonis' Free Ransomware Preparedness Risk Assessment on our website: https://www.somerfordassociates.com/varonis-dra-resource-page/#ransomware-preparedness-risk-assessment━━━━✓ Learn More About Varonis on our Website:https://www.somerfordassociates.com/varonis/✓ Keep Notified of News & Announcements on Linkedin:https://www.linkedin.com/company/somerford-associates-limited/✓ View our Complimentary Varonis Events: https://www.somerfordassociates.com/events/#varonis-events✓ Contact Somerford for More Information Regardin...2021-09-1538 minThe Somerford PodcastThe Somerford Podcast5 Things a CISO Needs to Prioritise and how Varonis can Help | Varonis Cyber Resilience PodcastAnne is joined by Matt Lock, Technical Director at Varonis UK, to analyse five priorities for a CISO and how Somerford & Varonis can help with their Cyber Resilience and Cloud Security Assessments.They also explore how safe is your data, the ability to detect and respond to a breach, demonstrating appropriate handling of data, increasing the adoption of Cloud in a secure manner and getting the best value from your tools. ✓ Request Varonis' Free Ransomware Preparedness Risk Assessment on our website: https://www.somerfordassociates.com/varonis-dra-resource-page/#ransomware-preparedness-risk-assessment━━━━✓ Learn More About Varonis on our Websit...2021-07-1634 minState of CybercrimeState of CybercrimeNew Hacking with Friends Livestream!Thanks for watching the first season of the security tools podcast! Want more? We're live on the SecurityFwd YouTube channel twice per week! Come hack with us or watch any of the previously recorded streams. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/2020-06-2300 minState of CybercrimeState of CybercrimeHacking Through School: College Cybersecurity Jobs with Nick GodshallNick's Twitter: https://twitter.com/nickgodshallKody's Twitter: https://twitter.com/kodykinzieVaronis Cyber Attack Workshop: https://www.varonis.com/cyber-workshop/ Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/2020-05-1449 minState of CybercrimeState of CybercrimeCatching Russian Hackers in Decommissioned Servers with Adrian from ThinkstCanary Tokens - https://canarytokens.org/generateLearn more about canaries - https://canary.tools/Adrian's Twitter - https://twitter.com/sawaba Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagram: https://www.instagram.com/varonislife/2020-04-2850 minState of CybercrimeState of CybercrimeBreaking Facial Recognition With Vic From F-SecureApologies for the scratchy mic!Vic's Blog on Defeating Facial Recognition: https://vicharkness.co.uk/2019/02/01/the-art-of-defeating-facial-detection-systems-part-two-the-art-communitys-efforts/Check out Vic's Twitter:  https://twitter.com/VicHarknessKody's Twitter: https://twitter.com/kodykinzieVaronis Cyber Attack Workshop: https://www.varonis.com/cyber-workshop/  Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonisInstagr...2020-04-0758 minState of CybercrimeState of CybercrimeAutomating the Fight Against Scammers & Unfair Parking Tickets with DoNotPayJoshua's Twitter: https://twitter.com/jbrowder1DoNotPay's website: https://donotpay.comSue Phone Scammers: https://donotpay.com/learn/robocall-compensationThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/ Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https://twitter.com/varonis...2020-03-1443 minState of CybercrimeState of CybercrimeHacking the Wi-fi of Today & Tomorrow With Mathy VanhoefMathy's Website: https://www.mathyvanhoef.comMathy's YouTube Channel: https://twitter.com/vanhoefmMathy's Paper on Defeating MAC Address Randomization: https://papers.mathyvanhoef.com/asiaccs2016.pdfThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/  Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varoni...2020-03-041h 06State of CybercrimeState of CybercrimeArduino Hacking with SeytonicSeytonic's Malduino Website: https://maltronics.com/Seytonic's Website: https://seytonic.com/Seytonic's YouTube Channel: https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeAThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/ Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varonisX/Twitter: https...2020-02-1549 minState of CybercrimeState of CybercrimeCreepDetector - Detecting Stalkers with WardrivingAlex's Website: http://alexlynd.comCheck out the Creep Detector Video: https://www.youtube.com/watch?v=ug9dHwm3h0sAlex Lynd's Twitter: https://twitter.com/alexlyndCheck out Alex's GitHub: https://github.com/AlexLyndThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/ Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varon...2020-02-0147 minState of CybercrimeState of CybercrimeMaltego - Open-source Intelligence and ForensicsCheck out Maltego: https://www.maltego.com/Maltego Twitter: https://twitter.com/maltegohqCheck out Maltego use cases: https://docs.maltego.com/support/solutions/articles/15000012022-use-cases This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/ Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website: https://www.varonis.comLinkedIn: https://www.linkedin.com/company/varoni...2020-01-2050 minState of CybercrimeState of CybercrimeObjective-See - Advanced MacOS Security Tools by Ex-NSA Hacker Patrick WardleCheck out Objective-See: https://objective-see.com/Objective-See Twitter: https://twitter.com/objective_seeObjective-See Patreon: https://www.patreon.com/objective_seeWhile In Russia: Patrick's RSA talk on hacking journalists - Patrick's Twitter: https://twitter.com/patrickwardle This podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/ Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Visit our website...2019-12-1656 minState of CybercrimeState of CybercrimeESP8266 - The Low-cost Wi-Fi Microchip with a Full TCP/IP StackStefan's Site with links to all of his projects: https://spacehuhn.io/Twitter: https://twitter.com/spacehuhnYouTube: https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8twAn overview of the ESP8266 https://www.espressif.com/en/products/hardware/esp8266ex/overviewStefan's Github https://github.com/spacehuhnESP8266 Deauther 2.0 https://github.com/spacehuhn/esp8266_deautherWiFi Duck - Wireless injection attack Platformhttps://github.com/spacehuhn/WiFiDuckWiFi Satellite - monitoring and logging 2.4GHz WiFi TrafficThis podcast is brought to...2019-11-2248 minState of CybercrimeState of CybercrimeGrabify - the IP Logging, Honeypot Tracking URL ShortenerA honeypot is a tool that acts as bait, luring an attacker into revealing themselves by presenting a seemingly juicy target. In our first Security Tools podcast, we explore a free tool called Grabify that can gather information about scammers or attackers when they click on a honeypot tracking link.https://grabify.link/https://jlynx.net/https://twitter.com/grabifydotlinkThis podcast is brought to you by Varonis, if you'd like to learn more check out the Cyber Attack Lab at https://www.varonis.com/cyber-workshop/ Want to...2019-11-0845 minState of CybercrimeState of CybercrimeBe the First to KnowWe wanted you to be the first to know that next week; we will be back in this same feed with a new security podcast from Varonis.The new Security Tools podcast will keep you up to date with the most exciting and useful tools the Infosec community has to offer.Join us on the new show to hear from the researchers and hackers behind tools like Grabify, a link-based Honeypot service that unmasks scammers leveraging the same web tracking tactics used by most modern websites. We’ll find out why it’s so hard to s...2019-11-0501 minState of CybercrimeState of CybercrimeChanging User BehaviorSummer is approaching, and of course, that’s when we feel the most heat. However, for cybersecurity managers, they feel the heat all the time. They must be right every time because cybercriminals only have to be right once. So summer can potentially feel like it’s year-round for cybersecurity pros and it can cause job burnout. Another problem that managers face is the potential ineffectualness of cybersecurity awareness training. Learning and sharing interesting security information in a class is really wonderful and expansive for a user’s mind. However, if it doesn’t change a user’s behavior...2019-05-2926 minState of CybercrimeState of CybercrimeSecurity and Technology UnleashedSearching a traveler’s phone or laptop is not an extension of a search made on a piece of luggage. As former commissioner of Ontario Ann Cavoukian said, “Your smartphone and other digital devices contain the most intimate details of your life: financial and health records.” In general, it’s also dangerous to connect laws made in accordance with the physical world to the digital space. But even with GDPR that’s aimed to protect consumer data, the law hasn’t taken action against any major technology firms such as Google or Facebook. It seems our relation...2019-05-1622 minState of CybercrimeState of CybercrimeWe’d Love to Upgrade, But…It’s great to be Amazon to only have one on-call security engineer and have security automated. However, for many organizations today, having security completely automated is still an aspirational goal. Those in healthcare might would love to upgrade, but what if you’re using a system that’s FDA approved, which makes upgrading a little more difficult. What if hackers were able to download personal data from a web server because many weren’t up-to-date and had outdated plugins. Meanwhile, here’s a lesson from veteran report, Brian Krebs on how not to acknowledge a data breach. By the w...2019-04-2224 minState of CybercrimeState of CybercrimeSecurity on Easy ModeRecently in the security space, there’s been a spate of contradicting priorities. For instance, a recent study showed that programmers will take the easy way out and not implement proper password security. Antidotally, a security pro in a networking and security course noticed another attendee who covered his webcam, but noticeably had his bitlocker recovery code is printed on a label attached to his screen. When protocols and skills compete for our attention, ironically, security gets placed on easy mode. In the real word, when attackers can potentially create malware that would automatically add “realistic, malignant-seeming growths to CT or...2019-04-1020 minState of CybercrimeState of CybercrimeThe Making of the Modern CISOShould CISOs use events or scenarios to drive security, not checklists? It also doesn’t matter how much you spend on cybersecurity if ends up becoming shelfware. Navigating one’s role as a CISO is no easy feat. Luckily, the path to becoming a seasoned CISO is now easier with practical classes and interviews. But when cybersecurity is assumed to not be not very important. Does that defeat the leadership role of a CISO? Panelists: Cindy Ng, Sean Campbell, Mike Buckbee, Kris Keyser Want to join us live? Save a seat here: https://www.varo...2019-03-2528 minState of CybercrimeState of CybercrimeThe Psyche of DataWith data as the new oil, we’ve seen how different companies responded. From meeting new data privacy compliance obligations to combining multiple data anonymized points to reveal an individual’s identity – it all speaks to how companies are leveraging data as a business strategy. Consumers and companies alike are awakening to data’s possibilities and we’re only beginning to understand the psyche and power of data. Tool of the Week: Zorp Panelists: Cindy Ng, Kilian Englert, Mike Buckbee Want to join us live? Save a seat here: https://www.varonis.com/state...2019-02-2521 minState of CybercrimeState of CybercrimeThe Dance Between Governance, Risk Management, and ComplianceThe combination of business and technology-related challenges and the requirement to meet regulatory compliance obligations as well as managing risk is no easy feat. European officials have been disseminating information on how to prevent online scams, general tips as well as warning signs. Other attorneys have been reflecting on legislative developments to prepare for the year ahead. Meanwhile, businesses like Facebook and Reddit are finding their rhythm as they dance between running their business, meeting compliance requirements and keeping their users’ data safe and secure. Want to join us live? Save a seat here: https://www.va...2019-02-0523 minState of CybercrimeState of CybercrimeReflecting on Breaches, Scams and Fake EverythingOn the last week of the year, the Inside Out Security panelists reflected on the year’s biggest breaches, scams and fake everything. And is computer security warfare? Well, it depends on who you ask. A 7th grader trying to change her grades isn’t an enemy combatant. But keep in mind as another argues, “There's an opponent who doesn't care about you, doesn't play by the rules, and wants to screw you as fully as possible.” Panelists: Cindy Ng, Mike Buckbee, Kilian Englert, Kris Keyser Want to join us live? Save a seat here: ht...2019-01-0426 minState of CybercrimeState of CybercrimeWhen IT, Data and Security CollideThe CIO is responsible for using IT to make the business more efficient. Meanwhile, the CISO is responsible for developing and executing a security program that’s aimed to protect enterprise systems and data from both internal and external threats. At the end of the day, the CISO makes security recommendations to the CIO has the final say. Perhaps it’s time that the CISO gets a seat at the table. Meanwhile, good Samaritans such as Chris Vickery and Troy Hunt help companies find leaked data and hopes the company seal the leak before cybercriminals find it. 2018-12-2427 minState of CybercrimeState of Cybercrime#2018inFiveWords [Regarding Our Security Landscape]We need to do better. Exhausting. Dramatic. That’s how the Inside Out Security panelists described our 2018 security landscape. We see the drama unfold weekly on our show and this week was no different. As facial recognition software becomes more prevalent, we’re seeing it used in security to protect even the biggest stars like Taylor Swift. Her security team set up a kiosk replaying rehearsal highlights. Meanwhile, onlookers who stopped were cross checked against their database of stalkers. What a stealthy way to protect one of our favorite singers in the world! And here’s a st...2018-12-2024 minState of CybercrimeState of CybercrimeA Spotlight on Technology's DilemmaThere’s a yin and yang to technology. For instance, the exchange for convenience and ease with our data. Unfortunately Facebook is getting most of the blame, when many companies have collect many points of data as the default setting. Meanwhile, as quickly as diligent security pros are eager to adopt and advance security solutions with biometrics, cybercriminals are equally determined to thwart these efforts. Other articles discussed: • Google’s plan to mitigate bias in their algorithm • Australia approves bill, requiring tech companies to provide data upon request Want to join us live? Sa...2018-12-1433 minState of CybercrimeState of CybercrimeSecurity and Privacy are Joined at the HipWe’ve completed almost 100 podcast panels and sometimes it feels like we’re talking in circles. Over the years, the security and privacy landscape have gotten more complex, making baseline knowledge amongst industry pros ever so more important. Old concepts are often refreshed into current foundational security concepts. Technological advancements as well as decline also bring forth new challenges. When there’s a decline, we need to reserve the right to change our strategy. For years, users were blamed and labeled as the enemy, but our infrastructure wasn’t built with security in mind. So, perhaps the weakest...2018-11-2031 minState of CybercrimeState of CybercrimeWhat New Tech Can Learn From Old TechPasswords are easy to use. Everyone knows how it works. However, many security pros point out the inherent design flaw in passwords as a safe form of authorization and authentication. The good news is that we can reflect upon what old technologies can teach new technologies as we’re creating new products and services. One vital concern to keep in mind are terms and conditions, particularly with DNA ownership rights. Other articles discussed: How did Iran find CIA spies? They Googled It Panelists: Cindy Ng, Kilian Englert, Forrest Temple, Matt Radolec Want to join us...2018-11-1422 minState of CybercrimeState of CybercrimeDisguises, Online and OfflineLearning about the CIA’s tips and tricks on disguising one’s identity reminded us that humans are creatures of habit and over a period of time, can illuminate predictable behavioral patterns, which are presented as biometric data. As a result, businesses can leverage and integrate these data points with their operations and sales process. For instance, businesses are buying data about one’s health and also creating patents to measure a user’s pulse and temperature. Others are learning about the psychology about a user and making it difficult for a user to cancel a service. Ot...2018-10-3027 minState of CybercrimeState of CybercrimeIf You Can’t Build In Security, Build In AccountabilityVulnerability after vulnerability, we’ve seen that there’s no perfect model for security. Hence, the catchphrase, “If you can’t build in security, then build in accountability.” But history has also shown that even if there was enough political will and funding, consumers aren’t interested in paying a huge premium for security when a comparable product with the features they want is available much more cheaply. Will that theory hold when it comes to self-driving cars? At the very least, safety should be a foundational tenet. What’s the likelihood that anyone would enter a self-d...2018-10-2537 minState of CybercrimeState of CybercrimeHow CISOs Explain Security to the C-SuiteAfter the latest Microsoft Ignite conference, the enduring dilemma of how CISOs explain security matters to the C-Suite bubbled to the surface again. How technical do you get? Also, when the latest and greatest demos are given at one of the world’s most premier technology show, it can be easy to get overwhelmed with fancy new tools. What’s more important is to remember the basics: patching, least privilege, incident response, etc. Other articles discussed: Engineer fined for not disclosing a vulnerability responsibly Young Mirai botnet authors avoid jail time Is public shaming bad...2018-10-0330 minState of CybercrimeState of CybercrimeThe False Binary of CyberWe’re in an impermanent phase with technology where circumstances and cyberattacks are not always black or white. Here’s what we’re contending with: would you prefer a medical diagnosis from a human or machine? In another scenario, would a cyberattack on a state’s power grid be an act of war? Officially, it’s not considered so, yet. Or, perhaps a scenario less extreme where you buy a video and then 5 years later, it disappears from your library bc the company where you bought your video from loses the distribution rights. Data ownership is an important part of data se...2018-09-1929 minState of CybercrimeState of CybercrimeI’m Mike McCabe, Systems Engineering Manager of SLED West at Varonis, and This is How I WorkSystems engineering manager Mike McCabe understands that State, Local and Education (SLED) government agencies want to be responsible stewards of taxpayer’s funds. So it makes sense they want to use security solutions that have proven themselves effective. For the past six years, he’s brought awareness on the tried and true efficacy of how Varonis solutions can secure SLED’s sensitive unstructured data. In our podcast interview, he explains why data breaches are taking place, why scripts aren’t the answer, and how we’re able to provide critical information about access to SLED’s sensitive data. We als...2018-09-0417 minState of CybercrimeState of CybercrimeComputer Scientists Aren’t PhilosophersOur community is finally discussing whether computer science researchers should be required to disclose negative societal consequences of their work to the public. Computer scientists argue that they aren’t social scientists or philosophers, but caring about the world isn’t about roles, it’s the responsibility of being a citizen of the world. At the very least, researchers ought to be effective communicators. We’ve seen them work with law enforcement and vulnerability announcements. There must be more they can do! Tool of the week: Wget, Proof of Concept Panelists: Cindy Ng, Mike Thompson, Kilian E...2018-08-2923 minState of CybercrimeState of CybercrimeLiving Vicariously through Blackhat Attendees and SpeakersWhile some of our colleagues geeked out at Blackhat, some of us vicariously experienced it online by following #BHUSA. The keynote was electric. They’re great ideas and we’ve seen them implemented in certain spaces. However, the reality is, we have a lot more work to do. There was also a serious talk about burn out, stress, and coping with alcohol as a form of escape. We learned that mental health is growing concern in the security space. As more organizations rely on technology, security pros are called on at all hours of the day...2018-08-1520 minState of CybercrimeState of CybercrimeI’m Colleen Rafter, Professional Services Education Manager at Varonis, and This is How I WorkOver the past six years, Colleen Rafter has been educating Varonis customers on the latest and greatest data security best practices. Share or NTFS permissions? She has an answer for that. Aware that security pros need to meet the latest GDPR requirements, she has been responsibly reading up on the latest requirements and developing course material for a future class. In our podcast, Colleen advises new Varonis customers what to do once they have our solutions and which classes to take and in what order. Want to join us live? Save a...2018-08-1011 minState of CybercrimeState of CybercrimeSecurity Poverty LineThis week’s podcast was inspired by chief information security officer Wendy Nather’s article, The Security Povery Line and Junk Food. It’s 2018 and we’re still struggling to get a proper security budget. Is it a mindset? Is that why when we hire pen testers to identify vulnerabilities, they’re usually able to gain admin access? On the bright side, a company with a bigger budget, Google recently declared victory with a USB key that prevented phishing for an entire year. Other articles discussed: Dangers of biometric data ACLU falsely matched 28 members of congress with mugsh...2018-08-0229 minState of CybercrimeState of CybercrimeMoral OverloadWhen we create new technologies, we want security and privacy, economic prosperity and sustainability, accountability but insist on confidentiality. The reality is that it is difficult to embed all of these values in one pass. As technologies get built, it also elucidates some values we hold to a higher regard than others. To cope with moral overload, some have suggested that we start designing security and privacy controls as a gradient. Or perhaps certain controls get a toggle on/off switch. We’re also seeing this moral dilemma in AI – is the technology too volatile or p...2018-07-1921 minState of CybercrimeState of CybercrimeWhen Your Security Brain Never Runs Out Of Problems To FindFor years, technologists wondered why the law can’t keep pace with technology. Instead of waiting for the government to pass a regulation, should we enlist private companies to regulate? However, in a recent interview with privacy and cybersecurity attorney Camille Stewart, she said that laws are built in the same way a lot of technologies are built: in the form of a framework. That way, it leaves room and flexibility so that technology can continue to evolve. While technologists and attorneys continue that debate, the US Federal Trade Commission is hard at work. They re...2018-07-1222 minState of CybercrimeState of CybercrimeWinner Takes AllThere are many advantages to being first, especially in the business world. Securing a first place finish usually rewards the winner with monopoly-like status and securing the largest and most dominant market share. A byproduct, however, of the winner takes all mentality is sacrificing security. That’s what Thomas Dullien, Google Project Zero presenter suggested in his latest presentation on the relationship between complexity and failure of security. He is onto something because we’re seeing strange incidents occur that we would have never imagined. A Melbourne man got shot because his image in Google’s database is associated with c...2018-06-2829 minState of CybercrimeState of CybercrimeCore Security Principles Drive Us into The FutureWhile reading about our latest technological advances, such as digital license plates and self-driving cars, I wondered about our industry’s core security principles that set the foundation for all our innovation. However, what about user agreements? We’re able to create incredible new advances, however we can’t get our user agreements right. Even though the agreements are for the users, it’s rare that they want to read the legalese. It’s just easier to click ‘accept’. As the author suggests, there must be a better way for end users to interact with tech companies. Want...2018-06-1330 minState of CybercrimeState of CybercrimeI’m Sean Campbell, Systems Engineer at Varonis, and This is How I WorkIn April of 2013, after a short stint as a professional baseball player, Sean Campbell started working at Varonis as a Corporate Systems Engineer. Currently a Systems Engineer for New York and New Jersey, he is responsible for uncovering and understanding the business requirements of both prospective and existing customers across a wide range of verticals. This involves many introductory presentations, proof of concept installations, integration expansion discussions, and even the technical development of Varonis channel partners. Sean also leads a team of subject matter experts(SME) for our innovative DatAlert platform. According to his manager...2018-06-0417 minState of CybercrimeState of CybercrimeData Protectionism: Friend or Foe?Data protectionism - restricting the movement of data between countries - will be an option that governments will elect to implement in the upcoming months and years. As the world economy become more data-driven, impacting global GDPs, they will soon find their way into trade deals, requiring data to be held in servers inside certain countries. It’s not just a business decision. Exporting data on individuals is also heavily restricted because of privacy concerns. And we saw a Belgian legislator voice this concern during a discussion with Facebook’s CEO on his value as a user. 2018-05-3123 minState of CybercrimeState of CybercrimeTurning People into DevicesOutsourcing tedious tasks is a dream of many and at the latest Google Developer’s conference,  the audience beamed when Google Assistant booked an appointment. However, attendees were quick to worry about potential exploits those devices might face. Medical devices are a good example of what computerized assistants might face in the future. Yes, medical devices can save lives and certainly serve a more noble cause than outsourcing tedious tasks, but the security aspect of these life-saving pacemakers and defibrillators still require firmware updates. Seems that we still haven’t learned our lesson: embed security at th...2018-05-1728 minState of CybercrimeState of CybercrimeI’m Brian Vecci, Technical Evangelist at Varonis, and This is How I WorkIf you’ve ever seen Technical Evangelist Brian Vecci present, his passion for Varonis is palpable. He makes presenting look effortless and easy, but as we all know excellence requires a complete devotion to the craft. I recently spoke to him to gain insight into his work and to shed light on his process as a presenter. “When I first started presenting for Varonis, I’d have the presentation open on one half of the screen and Evernote open on the other half and actually write out every word I was going to say for each slide,” said Bri...2018-05-1419 minState of CybercrimeState of CybercrimeVaronis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part TwoIn part two of my interview with Varonis CFO & COO Guy Melamed, we get into the specifics with data breaches, breach notification and the stock price. What’s clear from our conversation is that you can no longer ignore the risks of a potential breach. There are many ways you can reduce risk. However, if you choose not to take action, minimally, at least have a conversation about it. Also, around 5:11, I asked a question about IT pros who might need some help getting budget. There’s a story that might help. Do Data...2018-05-0708 minState of CybercrimeState of CybercrimeNot Everything is a No BrainerWhen I asked our podcast panelists about the difficulty in discerning real businesses from fake or answering innocuous questions about your first pet, it can be time consuming, mentally exhausting and not naturally intuitive. As technology gets even more difficult to navigate, think about how important it is when presenting time-to-value security solutions to C-Suite executives. A popular catchphrase amongst IT pros is: “It’s a no brainer.” When an idea presented is expressed as a no brainer, it’s assumed that the idea has obvious value, when processes and strategic decisions are more complicated than it...2018-05-0418 minState of CybercrimeState of CybercrimeVaronis CFO & COO Guy Melamed: Preventing Data Breaches and Reducing Risk, Part OneRecently, the SEC issued guidance on cybersecurity disclosures, requesting public companies to report data security risk and incidents that have a “material impact” for which reasonable investors would want to know about. How does the latest guidance impact a CFO’s responsibility in preventing data breaches?  Luckily, I was able to speak with Varonis’ CFO and COO Guy Melamed on his perspective. In part one of my interview with Guy, we discuss the role a CFO has in preventing insider threats and cyberattacks and why companies might not take action until they see how vulnerable they are with...2018-04-3012 minState of CybercrimeState of Cybercrime41% of organizations have at least 1,000 sensitive files open to all employeesThis week, we talk about our annual data risk assessment report and sensitive files open to every employee! 41% of companies are vulnerable. The latest finding put organizations at risk as unsecure folders give attackers easy access to business roadmaps, intellectual property, financial and health data, and more. We even discussed how data open to everyone in an organization relates to user-generated data shared with 3rd party apps. Is it a data security or privacy problem? At the very least, panelists think it’s a breach of confidence. Other articles discussed: Dead people’s privacy rights Bill Gate...2018-04-1627 minState of CybercrimeState of CybercrimeVaronis Track at RSA 2018We’re all counting down to the RSA Conference  in San Francisco April 16 – 20, where you can connect with the best technology, trends and people that will protect our digital world. Attendees will receive a Varonis branded baseball hat and will be entered into a $50 gift card raffle drawing for listening to our presentation in our North Hall booth (#3210). Attendees that visit us in the South Hall (#417) will receive a car vent cell phone holder. In addition to stopping by our booth, below are sessions you should consider attending. You’ll gain important insights into bes...2018-04-0928 minState of CybercrimeState of CybercrimeI’m Elena Khasanova, Professional Services Manager at Varonis, and This is How I WorkPrior to Varonis, Elena Khasanova worked in backend IT for large organizations. She did a bit of coding, database administration, project management, but was ready for more responsibility and challenges. So seven years ago, she made the move to New York City from Madison, Wisconsin and joined the professional services department at Varonis. With limited experience speaking with external customers and basic training, Varonis entrusted her to deploy products as well as present to customers. Elena recalls, “Not every company will give you a chance to talk to external customers without prior experience….But it was...2018-03-2822 minState of CybercrimeState of CybercrimeAre Users and Third-Party Vendors Frenemies?In the midst of our nationwide debate on social media companies limiting third party apps’ access to user data, let’s not forget that companies have been publicly declaring who collects our data and what they do with it. Why? These companies have been preparing for GDPR, the new EU General Data Protection Regulation as it will go into effect on May 25th. This new EU law is a way to give consumers certain rights over their data while also placing security obligations on companies holding their data. In this episode of our podcast, we’ve fou...2018-03-2222 minState of CybercrimeState of CybercrimeDetails Matter in Breaches and in BusinessWith one sensational data breach headline after another, we decided to take on the details behind the story because a concentrated focus on the headline tends to reveal only a partial dimension of the truth. For instance, when a bank’s sensitive data is compromised, it depends on how as well as the what. Security practitioner Mike Buckbee said, “It’s very different if your central data storage was taken versus a Dropbox where you let 3rd party vendors upload spreadsheets.” We’re also living in a very different time when everything we do in our person...2018-03-0822 minState of CybercrimeState of CybercrimeInnovate First, Deliver PSAs LaterToday even if we create a very useful language, IoT device, or software, at some point, we have to go back to fix the security or send out PSAs. Troy Hunt, known for his consumer advocacy work on breaches, understands this very well. He recently delivered a very practical PSA: Don’t tell people to turn off Windows update, just don’t. We also delivered a few PSAs of our own: cybercriminals viewour linkedin profiles to deliver more targeted phish emails, whether we’d prefer to deal with ransomware or cryptomalware, and the six laws of tec...2018-02-2821 minState of CybercrimeState of CybercrimeSecurity Alert WoesIT pros could use a little break from security alerts. They get a lot of alerts. All. The. Time. While alerts are important, a barrage of them can potentially be a liability. It can cause miscommunication, creating over reactivity. Conversely, alerts can turn into white noise, resulting in apathy. Hence the adage: if everything is important, nothing is. Instead, should we be proactive about our security risks rather than reactive? Articles discussed: Heatmap reveals secret military bases ICE gets access to license plate numbers Does it matter if you put your password on a...2018-02-0818 minState of CybercrimeState of CybercrimeManifesting Chaos or a Security Risk?Regular listeners of the Inside Out Security podcast know that our panelists can’t agree on much. Well, when bold allegations that IT is the most problematic department in an organization can be, ahem, controversial. But whether you love or hate IT, we can’t deny that technology has made significant contributions to our lives. For instance, grocery stores are now using a system, order-to-shelf, to reduce food waste. There are apps to help drivers find alternate routes if they’re faced with a crowded freeway. Both examples are wonderful use cases, but also have had unforeseen side e...2018-01-2426 minState of CybercrimeState of CybercrimeThe Security of Legacy SystemsIt’s our first show of 2018 and we kicked off the show with predictions that could potentially drive headline news. By doing so, we’re figuring out different ways to prepare and prevent future cybersecurity attacks. What’s notable is that IBM set up a cybersecurity lab, where organizations can experience what it’s like go through a cyberattack without any risk to their existing production system. This is extremely helpful for companies with legacy systems that might find it difficult to upgrade for one reason or another. But we can all agree what’s truly difficult are the te...2018-01-1922 minState of CybercrimeState of CybercrimeWho is in Control? The Data or Humans?Self-quantified trackers made possible what was once nearly unthinkable: for individuals to gather data on one’s activity level in order to manage and improve one’s performance. Some have remarked that self-quantified devices can hinge on the edge of over management. As we wait for more research reports on the right dose of self-management, we’ll have to define for ourselves what the right amount of self-quantifying is. Meanwhile, it seems that businesses are also struggling with a similar dilemma: measuring the right amount of risk and harm as it relates to security and privacy. Acti...2017-12-1922 minState of CybercrimeState of CybercrimeSecurity and Privacy Concerns with Chatbots, Trackers, and moreThe end of the year is approaching and security pros are making their predictions for 2018 and beyond. So are we! This week, our security practitioners predicted items that will become obsolete because of IoT devices. Some of their guesses - remote controls, service workers, and personal cars. Meanwhile, as the business world phase out old technologies, some are embracing the use of new ones. For instance, many organizations today use chatbots. Yes, they’ll help improve customer service. But some are worried that when financial institutions embrace chatbots to facilitate payments, cyber criminals will see it as an...2017-12-0721 minState of CybercrimeState of CybercrimeThe Challenges and Promise of Digital DrugsRecently the Food and Drug Administration approved the first digital pill. This means that medicine embedded with a sensor can tell health care providers – doctors and individuals the patient approves – if the patient takes his medication. The promise is huge. It will ensure a better health outcome for the patient, giving caretakers more time with the ones they love. What’s more, by learning more about how a drug interacts with a human system, researchers might find a way to prevent illnesses that was once believed impossible to cure. However, as security pros there are some in the industry that b...2017-11-2228 minState of CybercrimeState of CybercrimeBring Back Dedicated and Local Security TeamsLast week, I came across a tweet that asked how a normal user is supposed to make an informed decision when a security alert shows up on his screen. Great question! I found a possible answer to that question at New York Times director of infosecurity, Runa Sandvik’s recent keynote at the O’Reilly Security Conference. She told the attendees that many moons ago, Yahoo had three types of infosecurity departments: core, dedicated and local. Core was the primary infosec department. The dedicated group were subject matter experts on security, still on the...2017-11-0822 minState of CybercrimeState of CybercrimeThe Moral Obligation of Machines and HumansCritical systems once operated by humans are now becoming more dependent on code and developers. There are many benefits to machines and automation such as increased productivity, quality and predictability. But when websites crash, 911 systems go down or when radiation-therapy machines kill patients because of a software error, it’s vital that we rethink our relationship with code and as well as the moral obligations of machines and humans. Should developers who create software that impact humans be required to take a ‘do no harm’ ethics training? Should we begin measuring developers by the functionality they c...2017-10-2428 minState of CybercrimeState of CybercrimeThe Anatomy of a Cybercriminal StartupOutlined in the National Cyber Security Centre’s “Cyber crime: understanding the online business model,” the structure of a cybercrime organization is in many ways a lot like a regular tech startup. There’s a CEO, developer, and if there are enough funds, an IT department. However, one role outlined on an infographic on page nine of the report that was a surprise and does not exist in legitimate businesses. This role is known as a “money mule.” Vulnerable individuals are often lured into these roles with titles such as “payment processing agents” or “money transfer agents.” But when “mone...2017-10-1224 minState of CybercrimeState of CybercrimeHow Weightless Data Impacts Data SecurityBy now, we’re all aware that many of the platforms and services we use collect and store information about our data usage. Afterall, they want to provide us with the most personalized experience. So when I read that an EU Tinder user requested information about her data and was sent 800 pages, I was very intrigued with the comment from Luke Stark, a digital technology sociologist at Dartmouth University, “Apps such as Tinder are taking advantage of a simple emotional phenomenon; we can’t feel data. This is why seeing everything printed strikes you. We are physical creatu...2017-10-0523 minState of CybercrimeState of CybercrimePenetration Testers Sanjiv Kawa and Tom PorterWhile some regard Infosec as compliance rather than security, veteran pentesters Sanjiv Kawa and Tom Porter believe otherwise. They have deep expertise working with large enterprise networks, exploit development, defensive analytics and I was lucky enough to speak with them about the fascinating world of pentesting. In our podcast interview, we learned what a pentesting engagement entails, assigning budget to risk, the importance of asset identification, and so much more. Regular speakers at Security Bsides, they have a presentation on October 7th in DC, The World is Y0ur$: Geolocation-based Wordlist Generation with Wordsmith. 2017-09-2938 minState of CybercrimeState of CybercrimeOfer Shezaf, Varonis Director of Cyber Security, Part IIOfer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University. In this second part of the interview, we explore ways to improve data security through security by design techniques at the development stage, pen testing, deploying Windows 10s, and even labeling security products! Want...2017-09-2613 minState of CybercrimeState of CybercrimeOfer Shezaf, Varonis Director of Cyber Security, Part IOfer Shezaf is Director of Cyber Security at Varonis. A self-described all-around security guy, Ofer is in charge of security standards for Varonis products. He has had a long career that includes most recently a stint at Hewlett-Packard, where he was a product manager for their SIEM software, known as ArcSight. Ofer is a graduate of Israel's elite Technion University. In this first part of the interview, Ofer shares his thoughts on the changing threat landscape. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeMore from Varonis ⬇️ Vis...2017-09-2009 minState of CybercrimeState of CybercrimeWhen Hackers Behave Like GhostsWe’re a month away from Halloween, but when a police detective aptly described a hotel hacker as a ghost, I thought it was a really clever analogy! It’s hard to recreate and retrace an attacker’s steps when there are no fingerprints or evidence of forced entry. Let’s start with your boarding pass. Before you toss it, make sure you shred it, especially the barcode. It can reveal your frequent flyer number, your name, and other PII. You can even submit the passenger’s information on the airline’s website and learn about any future fligh...2017-09-0724 minState of CybercrimeState of CybercrimeSecurity Doesn’t Take a VacationDo you keep holiday photos away from social media when you’re on vacation? Security pros advise that it's one way to reduce your security risk. Yes, the idea of an attacker mapping out a route to steal items from your home sound ambitious. However, we’ve seen actual examples of a phishing attack as well as theft occur. Alternatively, the panelists point out that this perspective depends on how vulnerable you might be. If attackers need an entry and believe that you’re a worthy target is vastly different from the general noise of regular social media...2017-08-3025 minState of CybercrimeState of CybercrimeThe Security of Visually Impaired Self-Driving CarsHow long does it take you to tell the difference between fried chicken or poodle? What about a blueberry muffin or Chihuahua? When presented with these photos, it requires a closer look to differentiate the differences. It turns out that self-driving car cameras have the same problem. Recently security researchers were able to confuse self-driving car cameras by adhering small stickers to a standard stop sign. What did the cameras see instead? A 45 mph speed limit sign. The dangers are self-evident. However, the good news is that there are enough built-in sensors and cameras to...2017-08-2428 minState of CybercrimeState of CybercrimeDeleting a File Is More than Placing It into the TrashWhen we delete a file, our computer’s user interface makes the file disappear as if it is just a simple drag and drop. The reality is that the file is still in your hard drive. In this episode of the Inside Out Security Show, our panelists elaborate on the complexities of deleting a file, the lengths IT pros go through to obliterate a file, and surprising places your files might reside. Kris Keyser explains, “When you’re deleting a file, you’re not necessarily deleting a file. You’re deleting the reference to that file.”...2017-08-1723 minState of CybercrimeState of CybercrimeAre Cyber War Rooms Necessary?While some management teams are afraid of a pentest or risk assessment, other organizations - particularly financial institutions - are well aware of their security risks. They are addressing these risks by simulating fake cyberattacks. By putting IT, managers, board members and executives who would be responsible for responding to a real breach or attack, they are learning how to respond to press, regulators, law enforcement, as well as other scenarios they might not otherwise expect. However, other security experts would argue that cyber war rooms are financially prohibitive for most organizations with a limited budget. What’s...2017-08-1128 minState of CybercrimeState of CybercrimeBlackhat Briefings That Will Add to Your Tool BeltWe’re counting down to Blackhat USA to attend one of the world’s leading information security conference to learn about the latest research, development and trends. We’ll also be at booth #965 handing out fabulous fidget spinners and showcasing all of our solutions that will help you protect your data from insider threats and cyberattacks. In this podcast episode, we discuss sessions you should attend as well as questions to ask that will help you reduce risk. We even cover why it isn't wise to only rely on important research methods like honeypots save you fro...2017-07-2526 minState of CybercrimeState of CybercrimeCyber Threats Are Evolving and So Must Two-FactorFinally, after years of advocacy many popular web services have adopted two-factor authentication (2FA) as a default security measure. Unfortunately, as you might suspect attackers have figured out workarounds. For instance, attackers that intercept your PIN in a password reset man-in-the-middle attack. So what should we do now? As the industry moves beyond 2FA, the good news is that three-factor authentication is not on the shortlist as a replacement. Google’s identity systems manager, Mark Risher said, “One of the truths we’ve found is that people won’t accept more security than they think they need.” Ther...2017-07-2120 minState of CybercrimeState of CybercrimeBudgets and EthicsRight now, many companies are planning 2018’s budget. As always, it is a challenge to secure enough funds to help with IT’s growing responsibilities. Whether you’re a nonprofit, small startup or a large enterprise, you’ll be asked to stretch every dollar. In this week’s podcast, we discussed the challenges a young sysadmin volunteer might face when tasked with setting up the IT infrastructure for a nonprofit. And for a budget interlude, I asked the panelists about the growing suggestion for engineers to take philosophy classes to help with ethics related questions. Other Arti...2017-07-1225 minState of CybercrimeState of CybercrimeIs Data Worth More Than Money?When it comes to infosecurity, we often equate treating data like money. And rightfully so. After all, data is valuable. Not to mention the human hours devoted to safeguarding an organization’s data. However, when a well-orchestrated attack happens to destroy an organization’s data, rather than for financial gain, we wondered if data is really worth more than money. Sure you can quantify the cost of tools, equipment, hours spent protecting data, but what about intellectual and emotional labor? How do we assign proper value to the creative essence and spirit of what makes our...2017-07-0727 minState of CybercrimeState of CybercrimeSix Degrees of Kevin Bacon (Security Edition)Since security pertains to everyone, in this episode of the IOSS we challenged ourselves to tie security back to Kevin Bacon. You might have to give us a few passes, but the connection is still strong. Keira Knightley: Earlier this year, a man applied for credit account at Best Buy using Keira Knightley’s driver’s license information. If they didn’t catch him, it would have affected her FICO score. And speaking of FICO, they just created an Enterprise Security Score, which rates how secure an organization is. We debated whether or not a score w...2016-10-0719 minState of CybercrimeState of CybercrimeAttraction of Repulsion (to Ransomware)When it comes to ransomware, we can’t stop talking about it. There’s a wonderful phrase for our syndrome, “the attraction of repulsion,” meaning that something is so awful you can’t stop watching and/or talking about it. How awful has ransomware been?  According to the FBI, in the first three months of 2016, ransomware attacks cost their victims a total of $209 million. And it doesn’t stop there. It’s impacted many businesses including  financial firms, government organizations, healthcare providers, and more. In this episode of the Inside Out Security Show(IOSS), we cover three type...2016-09-2229 minState of CybercrimeState of CybercrimeBring Your Geek To CourtLast week, Alpesh Shah of Presidio joined us to discuss law firms and technology. With big data, ediscovery, the cloud and more, it’s of growing importance that law firms leverage technology so that they can better serve their clients. And in doing so, law firms can spend more time doing “lawyerly things” and, um, more billing. Hallmarks of this episode include: why it’s critical for law firms to leveraging technology why clients demand that law firms care about data security and extra steps law firms need to take if they want to work with h...2016-09-0928 minState of CybercrimeState of CybercrimeThe Vulnerability of ThingsWe were thrilled when Pen Testing veteran,  Ken Munro joined our show to discuss the vulnerabilities of things. In this episode, Ken reveals the potential security risks in a multitude of IoT devices – cars, thermostats, kettle and more. We also covered GDPR, Privacy by Design and asked if Ken thinks “The Year of Vulnerabilities” will be hitting headlines any time soon. Munro runs Pen Testing Partners, a firm that focuses on penetration testing on the Internet of Things. He’s a regular on BBC, and most recently, he was interviewed by one of our bloggers, Andy Green...2016-09-0637 minState of CybercrimeState of CybercrimeGo Open Source!Whether you’re a proponent of open-source or proprietary software, there’s no doubt that the promise of open-source is exciting for many. For one thing, it’s mostly free. It’s built and maintained by passionate developers who can easily “look under the hood”. The best part is that you’re not married to the vendor. Yes, there are many helpful open-source  security tools as well as awesome  projects based on Go. But lately, there has been a controversial case of  open-source ransomware. Originally created to educate others about ransomware, it’s turned into a mashup ransomware witho...2016-09-0131 minState of CybercrimeState of CybercrimeMoods and Motives of a Smooth CriminalAfter reading about an IT admin at large bank who went rogue, we put on our empathy hats to understand why. And in this episode, we came up with three reasons: Instead of being recognized as a revenue generator, IT is seen as a cost center Despite all the tests and certificates,  IT people aren’t as valued as, say, doctors or lawyers And lastly, IT people are often overworked and underappreciated Could changing the way you dress and improving your communication style be the answer? What do you think? Let us know! ...2016-08-2919 minState of CybercrimeState of CybercrimeExcellent Adventures at Black HatHackers, Executives, Military Folks, IT People who work in Insurance, even Cab Drivers all had something to teach us about security and privacy at the latest Black Hat event in Vegas. Subscribe Now Join us Thursdays at 1:30ET for the Live show on Youtube, or use one of the links below to add us to your favorite podcasting app. iTunes Android RSS The post Excellent Adventures at Black Hat – IOSS 18 appeared first on Varonis Blog. Want to join us live? Save a seat here: https://www.varonis.com/state-of-cybercrimeM...2016-08-2533 minState of CybercrimeState of CybercrimeMore Articles on Privacy by Design than ImplementationGoing from policy to implementation is no easy feat because some have said that Privacy by Design is an elusive concept. In this episode, we meditated on possible solutions such as incentivizing and making privacy as the default setting. We even talked about the extra expense of having a Privacy by Design mindset. What do you think about going from policy to implementation? Share with us your thoughts! Subscribe Now Join us Thursdays at 1:30ET for the Live show on Youtube, or use one of the links below to add us t...2016-08-2227 minState of CybercrimeState of CybercrimeThreatbustersIf there’s something strange on your network, who should we call? The security team! Well, I like to think of them as Threatbusters. Why? They’re insatiable learners and they work extremely hard to keep security threats at bay. In this episode, we talk about awesome new technologies(like computer chips that self-destruct and ghost towns that act like honeypots), how to get others within your organization to take security threats seriously, and  awesome threatbusters that are doing applause-worthy work. Subscribe Now Join us Thursdays at 1:30ET for the L...2016-08-1936 min