Episodes
-
Fraud networks are becoming more sophisticated, posing a significant threat to the financial, iGaming and crypto sectors. As fraudsters’ tactics evolve, these industries face growing challenges in identifying, disrupting, and preventing their activities.
According to Sumsub internal research, every 100th user was involved in fraudulent networks in 2023. The need for robust fraud detection and prevention, from financial institutions to crypto exchanges and online gaming platforms, has never been greater. Understanding the inner workings of fraud networks and how they evolve, is not just crucial but empowering for protecting assets and customers.
In this episode, Alvaro Garcia, Transaction Monitoring Technical Manager at Sumsub, speaks to Paulina Rios Maya, Head of Industry Relations at EM360, about how to Outsmart the Bad Guys.
Key Takeaways:
Fraud networks, or fraud rings, can vary in size and complexity.Money mules are often unaware they are part of fraudulent schemes.The iGaming industry is particularly vulnerable to bonus abuse.A multi-layered approach is essential for effective fraud prevention.Ongoing monitoring is crucial to catch fraud after onboarding.
Chapters00:00 - Understanding Fraud Networks
05:17 - Money Muling and Its Impact
09:58 - Proactive Measures in Financial Sector
13:43 - Navigating Risks in the Crypto Sector
17:00 - Creative Tactics of Fraudsters
19:50 - The Role of AI in Fraud Detection
23:38 - Implementing a Multi-Layered Approach
-
New cybersecurity risks threaten critical data and systems as organisations increasingly adopt AI-driven technologies, particularly neural networks and Gen-AI. These advanced AI models, while powerful, are vulnerable to a range of attacks, including adversarial manipulation, data poisoning, and model inversion, where attackers can reverse-engineer sensitive data from the AI’s output. The complexity of neural networks often makes detecting and mitigating these risks difficult, leaving organisations exposed to potential breaches.
In this episode, Paulina Rios Maya, Head of Industry Relations, speaks to Peter Garraghan, co-founder and CEO (and CTO) of Mindgard, about the importance of understanding these risks, the hidden vulnerabilities in AI systems, and the best practices organisations should implement to ensure security hygiene.
Key Takeaways:
AI and generative AI introduce new and evolving cyber threats.Understanding AI vulnerabilities is crucial for security teams.AI risks manifest in ways that are different but not new.Security teams must adapt their strategies to AI's opaqueness.AI can be used as a vector for launching attacks.Data leakage is a significant risk with AI systems.Chapters
00:00 Introduction to Cybersecurity and AI Risks
05:13 Understanding AI Vulnerabilities and Cyber Threats
10:55 Industry-Specific Risks and Threats from AI
15:54 Best Practices for AI Security Hygiene
-
Episodes manquant?
-
Traditional workforce access methods are increasingly vulnerable to account takeovers, highlighting the urgent need for zero-trust access.
Infinipoint addresses these vulnerabilities by offering one-click remediation for device security posture checks. This innovative solution ensures that only devices meeting strict security standards can access critical resources, thereby enhancing overall security.
In this episode, Paulina speaks with Ran Lampert, CEO and Co-founder of Infinipoint, about the weaknesses inherent in conventional access methods.
Key Takeaways:
Traditional workforce access is broken and vulnerable to account takeovers and phishing attacks.Zero trust access, which combines user and device authentication, is key to defending sensitive data and resources.InfiniPoint provides a solution that prevents MFA fatigue, phishing attacks, and vulnerable device access.The platform offers one-click remediation for device security posture checks and allows enterprises to customise checks.Chapters:
00:00 - Introduction and Background
03:22 - The Inception of InfiniPoint
04:46 - The Evolution of Access with COVID-19
08:07 - Vulnerable Devices and Exploitation
10:03 - The Importance of Device Authentication
11:02 - InfiniPoint's Approach to Secure Access
14:46 - Use Cases for InfiniPoint
18:36 - One-Click Remediation and Customization
20:00 - Frictionless Access and Future-Proofing
21:27 - Conclusion
-
As the number of connected devices grows, so does the vulnerability of our digital infrastructure. Traditional security measures need help to keep up with the increasingly sophisticated threats targeting critical networks in sectors like utilities and finance. To address these challenges, there is a pressing need for a new approach to Internet security that can create secure, isolated environments within the existing Internet infrastructure.
SCION offers a groundbreaking solution by upgrading the traditional border gateway protocol router, enabling the creation of isolation domains. These isolated networks enhance security by preventing unauthorised access and minimising potential points of failure. As more infrastructure providers adopt SCION, its possible applications in critical sectors promise everyone a safer, more resilient internet.
In this episode, Richard Stiennon, Senior Chief Research Analyst at IT-Harvest, speaks to Martin Bosshardt, CEO of Anapaya, about cyber breaches and solutions like SCION.
Key Takeaways:
The increasing number of connected devices and IoT is driving a rise in cyber breaches, making defence more challenging.SCION offers a new approach to internet security by creating isolation domains within the existing internet infrastructure.SCION allows for the secure and isolated operation of critical applications in sectors like utilities and finance.The adoption of SCION by infrastructure providers and organisations holds the potential to significantly enhance internet security. By creating secure, isolated environments within the existing Internet infrastructure, SCION can effectively protect against nation-state attackers and other threats, making the internet a safer place for all.Chapters:
00:00 - Introduction to IT Harvest and Anapaya
00:57 - Understanding Recent Cyber Breaches
02:23 - The Vulnerability of Connected Devices and IoT
03:45 - SCION: A New Approach to Internet Security
05:36 - Creating Isolation Domains with SCION
08:55 - Adoption of SCION and its Potential Applications
13:13 - Getting Started with SCION
15:09 - SCION vs. Other Solutions for Internet Security
17:05 - Conclusion and Call to Action
-
As cloud adoption accelerates, the demand for effective cloud threat detection solutions is snowballing. Organisations face increasing challenges in securing their cloud environments due to the complexity of modern infrastructures and cyber threats. Traditional security measures often fail to identify and respond to sophisticated cloud-based attacks, leaving businesses vulnerable to breaches, data loss, and service disruptions.
Skyhawk addresses these challenges with its cutting-edge autonomous purple team approach. By combining AI-based red teaming with continuous detection and response capabilities, Skyhawk’s solution proactively identifies and mitigates cloud threats before they cause harm. This advanced strategy ensures that organisations can maintain robust cloud security while keeping pace with the dynamic threat landscape, enabling faster, more effective threat responses with minimal manual intervention.
In this episode of the EM360 Podcast, Paulina Rios Maya, Head of Industry Relations at EM360Tech, speaks to Chen Burshan, CEO of Skyhawk Security, to discuss Cloud Threat Detection and Response and how proactivity is always better than reactivity.
Key Takeaways:
Cloud threat detection and response (CDR) solutions are in high demand due to the growing attack surface and non-patchable attacks in cloud environments.The challenges of current CDR technologies include the overwhelming volume of alerts, the difficulty in analysing and correlating different indications of compromise, and the lack of automated response capabilities.Skyhawk's CDR solution reduces noise and increases the accuracy of alerts by aggregating and correlating relevant indicators of compromise. It also enables proactive threat detection and response through simulated attacks and pre-verified automation.Skyhawk's solution's advantages include reducing alert fatigue, increasing alert accuracy, enabling effective automation, and providing a proactive defense against potential attacks.Chapters:
00:00 - Introduction and Overview of Skyhawk Security
01:51 - The Growing Demand for Cloud Threat Detection
04:10 - Challenges of Current CDR Technologies
06:01 - Skyhawk's Proactive Approach to Cloud Threat Detection
08:55 - Advantages of Skyhawk's CDR Solution
11:14 - The Time Machine Perspective and Pre-Verified Detection
13:03 - Utilizing Skyhawk's CDR Solution for Enhanced Cybersecurity
15:29 - Conclusion and Call to Action
-
Critical Start's Managed Detection and Response (MDR) service is designed to provide
24x7x365 monitoring, human-driven threat investigation, and flexible deployment across
IT and OT environments.
By leveraging deep technical expertise, robust API integrations, and contractual SLAs,
they offer comprehensive protection against evolving cyber threats.
Critical Start tackles attack vectors such as phishing, brute force attacks, and
vulnerability exploitation by combining advanced threat detection & response, incident
response, and proactive risk management.
These capabilities empower organizations to continuously map, monitor, and mitigate
threats, vulnerabilities, and risks—enhancing security posture.
In this episode, Paulina Rios Maya of EM360Tech interviews Tim Bandos, Field CISO
at Critical Start, about the skills needed for a SOC team and how an MDR provider
helps organizations reduce risks and improve cybersecurity resilience.
Key Takeaways:
Implement comprehensive monitoring and deep visibility into endpoints to enhance SOC capabilities.Critical Start’s MDR service offers 24x7x365 monitoring, threat intelligence, and endpoint protection.Ensure SOCs receive expected signals by monitoring endpoint security gaps and log ingestion failuresLeverage lessons from ongoing MDR operations by mapping telemetry to the MITRE ATT& CK® framework and deploying proactive mitigations to reduce long- term risk.Chapters:
00:00 - Skills Needed for a SOC Team
05:05 - Deliverables of a Managed Detection and Response Service
07:21 - Common Entrance Vectors of Attack
10:37 - Proactive Defense Strategies
11:06 - Ensuring Expected Signals
12:31 - Endpoint Protection and Security Software
15:37 - Using Data and Lessons from MDR Operation
-
When looking for the right cybersecurity to keep your organization safe, it’s easy to get overwhelmed by the acronyms and solutions on the market today. EDR. MDR. XDR. NDR. How can organizations really identify not only what they need, but what solutions can evolve with their strategies?
In this episode of the EM360 Podcast, Chris Steffen, EMA's Vice President of Research, speaks to Kyle Falkenhagen, Secureworks’ Chief Product Officer, to discuss how organizations are investing in extended detection and response solutions as a comprehensive approach to cybersecurity.
Key Takeaways:
XDR (Extended Detection and Response) is a comprehensive approach that combines proactive risk reduction with reactive response. But not all solutions are equal, and it’s important to understand the distinction between basic and robust response.Identity plays a critical role in cybersecurity, with many breaches having an identity component. Organizations should focus on securing their identity environment and detecting and responding to identity-based threats.Balancing proactive security measures with traditional detection and response is vital for improving security posture. Organizations should look for security partners that can provide reactive and proactive capabilities.Chapters:
00:00 - Introduction and Background
02:48 - The Role of Response in XDR
08:50 - Balancing Proactive Security and Detection & Response
11:03 - The Significance of Identity in Cybersecurity
18:51 - Integrating Threat and Exposure Data for Better Security Posture
23:23 - Conclusion
-
Understanding the key differences between approaches in the EU and the US can help unlock maximum value with the right security strategies. Traditional methods often fall short, but integrating Machine Learning (ML) into your security framework can transform your defence against modern threats.
Embrace a dynamic approach to security that adapts to evolving risk profiles. ML optimises your security investments and ensures that measures are tailored to specific threats, enhancing protection and efficiency.
In this episode of the Security Strategist, Chris Steffen, EMA's VP of research, speaks to Brady Harrison, Kount's Director of Customer Analytics Solution Delivery, to discuss maximising value through optimal security strategies.
Key Takeaways:
Finding a balance between fraud prevention and sales generation is crucial for optimising security strategies.Machine learning can help businesses make informed, risk-based decisions by analysing large volumes of data in real-time.Optimising security investments involves evaluating the cost-benefit trade-offs and setting appropriate risk thresholds.Chapters:
00:00 - Introduction to the Security Strategist podcast
00:25 - Introduction to Kount and its focus on customer analytics and fraud prevention
01:49 - Differences between EU and US security strategies
05:12 - Balancing fraud prevention and sales conversion
08:59 - Optimizing security investments with machine learning
14:43 - Advantages of machine learning in security
18:31 - Setting security strategy based on machine learning
23:47 - Treating customers as good until proven otherwise
25:11 - Conclusion and call to action
-
In the post-pandemic world, relying solely on perimeter-based identity security is no longer sufficient. Increased cloud adoption, expanded access permissions, and the complexities of modern cloud environments have exposed vulnerabilities that traditional methods can't address. Issues like VPN weaknesses and inadequate security controls highlight the need for a new approach.
Explore the critical components of Zero Trust, including explicit verification, least privilege access, continuous monitoring, and adaptive policies. Discover how shifting to a Zero Trust framework can better protect your organisation in today’s complex and evolving landscape.
In this episode of The Security Strategist, Vivin Sathyan, Senior Technology Evangelist at ManageEngine, speaks to Alejandro Leal, Analyst at KuppingerCole, about why evolving your security strategy is essential for staying secure and resilient.
Key Takeaways:
A layered approach to user, application, device, and network security is crucial for comprehensive protection, reducing the overall attack surface and focusing on newer threats.Common user vulnerabilities include weak authentication, insider threats, privilege escalation, misconfigured access controls, and unpatched vulnerabilities.Organisations can better protect against these risks at the identity level by implementing risk assessment procedures, enforcing strong password policies, monitoring user behaviour for anomalies, and providing context-based employee training.Chapters
00:00 Introduction and Challenges of Perimeter-Based Approach
05:09 Zero Trust: Critical Components and Differences
09:55 The Importance of a Layered Approach to Security
13:15 Common Vulnerabilities Associated with Users
18:04 Protecting Against Risks at the Identity Level
21:26 Translating the Zero Trust Philosophy into Actionable Steps with Managed Engine
-
Zero Trust architecture is a modern security approach that enhances protection by focusing on network segmentation and granular access control, moving away from traditional perimeter defences. This model helps prevent breaches and limits the spread of threats within a network.
While transitioning to Zero Trust can be challenging, it can be implemented gradually without disrupting existing systems. Future advancements may include a software bill of materials to verify the integrity of the code used within the network.
In this episode, William Malik, advisor at Lionfish Tech, speaks to Paulina Rios Maya, Head of Industry Relations at EM360, about Zero Trust architecture, security breaches and network segmentation.
Key Takeaways:
Zero Trust architecture eliminates the concept of a perimeter and focuses on network segmentation and granular access control.Transitioning to the Zero Trust model can be done incrementally without disrupting the entire environment.The future of Zero Trust security may involve implementing a software bill of materials to ensure the veracity of the code being used.Chapters:
00:00 - Introduction to Zero Trust Architecture
02:23 - The Importance of Network Segmentation
04:45 - Transitioning to Zero Trust
13:25 - The Future of Zero Trust
-
Traditional manual testing done once a year to meet your compliance requirements is no longer sufficient. The threat landscape is changing at lightning speed, and your defenses need to keep up. That’s where automated network testing comes in! It’s like having a tactical SWAT team on standby, ready to spot exploitable vulnerabilities and provide you with remediation tactics whenever you need them.
You will be able to quickly uncover weaknesses before the bad guys can exploit them. These real-world attack simulations can be run on a weekly, monthly, or quarterly basis, giving you the upper hand in bolstering your security posture.
In our latest podcast, join Richard Stiennon, Chief Research Analyst at IT-Harvest, and Alton Johnson, Founder of Vonahi Security, as they dive into why automated network pen testing is the answer to securing your network against cyber threats year-round.
Key Takeaways:
Pen testing is an essential part of cybersecurity, helping organisations identify vulnerabilities and improve their security posture.Automated network pen testing simplifies the process and makes it more affordable and accessible for MSPs and organisations.The future of pen testing involves more automation and integration with AI, with pen testers focusing on coding and web app testing.
Chapters:00:00 - Introduction and Background
02:19 - Frustrations with Pen Testing Companies
07:04 - Simplifying Pen Testing for MSPs
13:39 - Acceptance of Automated Pen Testing
15:04 - The Future of Pen Testing
19:20 - Conclusion
-
In cybersecurity, manual processes such as using spreadsheets for application security are becoming increasingly inadequate. These traditional methods are time-consuming and error-prone and struggle to scale with the growing volume of threat sophistication.
Automation, particularly in Software Composition Analysis (SCA), is a beacon of hope in the face of these challenges. It brings relief by streamlining the identification and response to security threats, providing a more efficient and effective solution.
In this podcast, Chris Lindsey, application security evangelist for Mend.io., and Richard Stiennon, Chief Research Analyst at IT-Harvest, discuss how SCA tools can help identify vulnerabilities and the benefits of dependency automation.
Key Takeaways:
Manual processes in application security are inefficient and cannot keep up with the speed of innovation.Upgrading dependencies is crucial to address security vulnerabilities and reduce security debt.Chapters:
00:00 - Introduction and Background
02:23 - The Limitations of Manual Processes in Application Security
06:40 - The Role of Software Composition Analysis in Identifying Security Threats
10:02 - The Importance of Upgrading Dependencies in Application Security
13:44 - Integrating Automation into the CI/CD Pipeline for Application Security
21:05 - MEND.IO: Scalable and Comprehensive Security Solutions
-
Understanding Cybersecurity Compliance: PCI DSS 4.0, NIS2, and DORA Directives Explained
Compliance with cybersecurity standards is essential for any organisation to protect sensitive information, maintain customer trust, and mitigate the risks associated with data breaches and cyber threats. Adhering to recognized frameworks and regulations, not only safeguards the integrity, confidentiality, and availability of data but also demonstrates a proactive commitment to security best practices.
Join Chris Steffen and Uri Dorot, Senior Product Marketing Manager at Radware, as they delve into the critical aspects of compliance with cybersecurity standards.
Themes
CompliancePCI DSS 4.0 NIS2 DoraChapters
00:00 - Introduction and Overview
02:20 - Complying with the Latest Cybersecurity Standards: PCI DSS 4.0
09:37 - Understanding and Implementing NIST 2: Enhancing Cybersecurity in the EU
19:28 - Preparing for DORA: Operational Resilience for Financial Organisations
23:08 - Conclusion and Key Takeaways
-
Who knew that improv could revolutionise your cybersecurity strategies? Imagine your team, prepared and ready, responding to threats with the quick wit and adaptability of seasoned improvisers!
Communication and collaboration are the secret sauce of robust cybersecurity. Improv supercharges team communication and cranks up problem-solving skills to eleven.
In this podcast, Jeremy Strozer, Artistic Director at Wild Atlantic Theatre, and Paulina Rios Maya, Head of Industry Relations, discuss how improv can become your secret weapon against cyber criminals.
Key Takeaways:
Improv techniques can enhance the adaptability of cybersecurity teams during incidents.Communication and collaboration are critical in cybersecurity, and improv can improve team communication.Chapters:
00:00 - Introduction
01:33 - Becoming Interested in Improv
03:00 - Using Improv in Strategic Planning
04:49 - Playing Out Scenarios
06:39 - Improving Communication in Teams
08:06 - Identifying and Mitigating Security Threats
09:02 - Conclusion
-
Podcasts are revolutionising how we raise awareness about cybersecurity.
They offer an interactive and engaging way to bring essential topics like AI, zero trust, and the human element into everyday conversations. By breaking down these complex issues into relatable and exciting discussions, podcasts make cybersecurity accessible and understandable to a broader audience.
In this podcast, Chris Steffen, VP of Research at EMA and Paulina Rios Maya, Head of Industry Relations at EM360Tech, discuss the transformative power of podcasts in the cybersecurity world.
Key Takeaways
Podcasts are a valuable tool for educating and engaging the cybersecurity industry.Cybersecurity professionals should advocate for themselves and discuss cybersecurity in accessible and engaging formats.Chapters
00:00 - Introduction and Launching the Podcast
03:17 - Advocating for Cybersecurity and Thought Leadership
07:03 - Exploring AI and Zero Trust in Cybersecurity
09:31 - The Human Factor in Cybersecurity
13:36 - Continuous Improvement in the Cybersecurity Industry
17:40 - Conclusion and Where to Find More
-
Integration and communication between Cloud Security and the Security Operations Center (SOC) is now a top priority for effective security. Cloud Security teams focus on securing cloud infrastructure, managing identity and access, and ensuring data protection, while SOC teams monitor, detect, and respond to threats in real time. Effective collaboration between these teams is crucial to addressing the unique challenges and dynamic threats seen increasingly today targeting cloud platforms.
Despite their shared goal of safeguarding organisational assets, Cloud Security and SOC teams often operate in silos, leading to communication gaps and inefficiencies. Bridging this gap requires unified strategies, shared tools, and streamlined processes that enable real-time information sharing and coordinated responses. By integrating Cloud Security with the SOC, organisations can enhance threat visibility, improve incident response times, and fortify their security posture.
In this episode of the EM360 Podcast, Brad LaPorte, Advisor at Lionfish Tech Advisors, speaks to Dan Flaherty, Senior Product Marketing Manager at Palo Alto Networks, to discuss:
The gap between cloud security and the SOCThe importance of prioritizing cloud visibility for the SOCA platform approach for stronger cloud security
Chapters00:00 - Introduction and Background
01:10 - Organizational Disconnect: DevSecOps vs. SOC
23:59 - The Need for a Unified, Centralized Platform
27:45 - The Future of Cloud Security: Unified, Ubiquitous, and Uninterrupted
30:33 - Conclusion
-
Recent research shows that 86% of security leaders today do not have the tools they need to effectively prevent account takeovers. Organizations today are using more cloud applications than ever, and with the interconnected nature of the cloud, entry into one application can result in lateral movement to others—making the time to a breach faster than ever before. So how do we detect compromised accounts before it's too late?
Abnormal Security is expanding beyond email to provide full account takeover protection for some of today's most used applications: Salesforce, Dropbox, Workday, AWS, Azure and more. By understanding cross-platform human behavior, Abnormal AI can detect anomalous activity—remediating compromised accounts no matter where or how they originate.
In this episode of the EM360 Podcast, Mick Leach, Field CISO at Abnormal Security, speaks to Jeremy Strozer, Director, Agile U Strategies and Communications, to discuss:
Organizational application usageAccount takeover concernsSecurity team limitationsVisibility and controlsAccount takeover remediation
Chapters00:00 - Introduction
00:59 - Definition and Occurrence of Account Takeovers
05:33 - Exploiting Trusted Relationships
09:43 - Leveraging AI and Behavioral-Based Detection
12:29 - API Integration and Visibility
14:53 - Customized Models for Each Organization
20:25 - Future of Account Security
22:43 - Conclusion
-
Today, small businesses face significant challenges. Limited resources, tight budgets, time constraints, and inadequate training often leave them vulnerable. Hackers quickly exploit these weaknesses, targeting small and medium-sized businesses (SMBs) with sophisticated threats.
Managed Service Providers (MSPs) are tasked with the daunting responsibility of safeguarding diverse client environments, each with its own unique set of platforms and security needs. Traditional security measures often fall short against the ever-evolving tactics of cyber adversaries, putting both MSPs and their clients at risk. The next generation of cybersecurity detection and response solutions offers a path forward. Leveraging artificial intelligence and machine learning, these advanced tools can predict, identify, and mitigate threats in real time. This provides robust protection against the most sophisticated cyber threats.
By adopting cutting-edge technologies like Guardz, MSPs can enhance their security posture, ensuring comprehensive protection for their clients and staying ahead of cyber adversaries. Guardz's advanced capabilities simplify the complexities of cybersecurity, making it accessible and effective even for SMBs with limited resources.
In this episode of the EM360 Podcast, Richard Stiennon, Chief Research Analyst at IT-Harvest, speaks to Dor Eisner, CEO and Co-founder of Guardz, to discuss:
MSPsSecurity Infrastructure AI in security infrastructureNext-generation cybersecurity
Chapters00:00 - Introduction and Background of Guardz
02:36 - Challenges for MSPs in Cybersecurity
05:25 - The Unified Approach and Automation in Guards
07:18 - Guardz' Focus on MSPs and Small Businesses
08:14 - The Power of AI in Enhancing Guards' Offering
11:30 - The Impact of Guards on the MSP Space
13:21 - Securing Small Businesses and Compliance
18:07 - Marketing Support and Bringing Business to MSPs
19:02 - Conclusion and Call to Action
-
The 2024 Attack Intelligence Report thoroughly analyses the latest trends, tactics, and techniques used by cyber adversaries. This year's report highlights a significant increase in sophisticated attacks, including advanced persistent threats (APTs) and highly targeted ransomware campaigns. By leveraging the MITRE ATT&CK framework, the report offers valuable insights into the evolving threat landscape, helping organisations understand the strategies and methods employed by malicious actors.
Understanding the findings of the 2024 Attack Intelligence Report is not just crucial; it's empowering for businesses aiming to bolster their cybersecurity defences. The detailed breakdown of adversary behaviours equips security teams to proactively identify vulnerabilities, implement effective countermeasures, and develop robust incident response strategies. By staying informed about the latest attack patterns and techniques, organizations can better protect their assets, data, and reputation in an increasingly complex cyber threat environment.
In this episode of the EM360 Podcast, Jeremy Strozer, Geopolitical Strategist and Cyber Intelligence Analyst, speaks to Caitlin Condon, Director of Vulnerability Intelligence at Rapid7, to discuss:
2024 Attack Intelligence Reportzero-day exploitsmass compromise eventsnetwork edge devicesmulti-factor authentication
Chapters00:00 - Introduction and Background of the Report
01:39 - Key Findings: Prevalence of Zero-Day Exploits
06:15 - The Evolving Nature of Ransomware
08:31 - Importance of Multi-Factor Authentication
09:01 - Addressing Common Vulnerabilities for Better Security Practices
11:21 - Tackling the Security and Human Root Causes of Cyber Threats
13:13 - Conclusion and Call to Action
-
As artificial intelligence (AI) becomes increasingly integral to business operations, enterprises face new risks from Shadow AI—unauthorised or unmanaged AI tools and projects that bypass standard security protocols. The potential consequences of Shadow AI are severe, introducing vulnerabilities, compromising data integrity, and leading to compliance breaches, posing significant threats to the organization's overall security framework.
For C-level executives, understanding the impact of Shadow AI is not just crucial, but it's your responsibility to safeguard your enterprise's AI investments. Unauthorized AI projects can undermine strategic initiatives and expose the company to significant risks. By implementing comprehensive governance policies, strict access controls, and continuous monitoring, you can mitigate these risks effectively. Foster a culture of security awareness and ensure regular audits to maintain compliance and protect data integrity. Proactively addressing Shadow AI not only secures your AI assets but also aligns them with your business objectives, enhancing your competitive edge and ensuring sustainable growth.
In this episode of the EM360 Podcast, Chris Steffen, VP of Research at EMA speaks to Shannon Murphy, Global Security & Risk Strategist at Trend Micro, to discuss:
Shadow AIC-level execsZero TrustAI riskSecurity strategies
Chapters00:00 - Introduction and Background
02:06 - Challenges of Shadow AI
03:00 - Visibility in Managing AI Risks
06:18 - Protecting Against AI-Driven Threats with Zero Trust
09:03 - Zero Trust as a Journey
13:17 - Talking to CISOs: Anecdotes Becoming Trends
19:14 - Emerging Use Cases for AI in SOC Teams
20:08 - Conclusion
- Montre plus