Bölümler
-
In today's episode of State of (Cyber)War, Hugo Tarrida and John Salomon talk about the background and current state of cyber conflict in the Middle East.
We give an overview of some of the major state actors involved, and zero in on the structures, groups, and motivations of the two main regional adversaries - Iran and Israel.
Notes and links:
Due to the volume of supporting links and text, we've listed them on the CyAN blog, available here: https://cybersecurityadvisors.network/2024/04/10/state-of-cyberwar-episode-5-notes/
Original video episode avaialable at https://youtu.be/X3wkTszRlck
Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/
John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400
Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170
-
In today's episode of State of (Cyber)War, Hugo Tarrida and John Salomon talk about China's approach to cyberwar. What is the history behind Chinese cyber capabilities? What are Chinese geopolitical, economic, and social objectives that drive their international cyber activities? What are some of the biases that we should be aware of when evaluating the trajectory of China and its cyberwar abilities?
Also don't forget to check out our previous video about Chinese disinformation activities here: https://youtu.be/xBAJ2rBKrMc
Notes and links:
Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/
John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/Wikipedia article worth reading about Chinese cyber warfare: https://en.wikipedia.org/wiki/Cyberwarfare_by_China
05:42 Granted, Stuxnet was a joint US-Israeli venture - https://en.wikipedia.org/wiki/Stuxnet
07:06 https://www.reuters.com/world/russia-says-its-working-major-new-agreement-with-iran-2023-12-12/
14:05 Titan Rain - https://en.wikipedia.org/wiki/Titan_Rain
Related: Operation Aurora (2009) - https://en.wikipedia.org/wiki/Operation_Aurora
15:20 https://www.npr.org/2022/05/11/1098368201/a-spying-scandal-and-the-fate-of-western-sahara
17:07 The case of Wen Ho Lee, one of several perpetrators of military espionage: https://sgp.fas.org/crs/nuke/RL30143.pdf
20:30 https://nattothoughts.substack.com - Nellie Ohr and her team do excellent analysis work
20:50 "An Analysis of China's Great Cannon" - https://www.usenix.org/system/files/conference/foci15/foci15-paper-marczak.pdf
Shoutout to fellow UC Berkeley CSUA member Nick Weaver for co-authoring this paper)
27:48 E.g. "The 'Century of Humiliation' and China's National Narratives" - https://www.uscc.gov/sites/default/files/3.10.11Kaufman.pdf
29:42 Belt and Road Initiative - https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative
32:38 Referenced here: https://en.wikipedia.org/wiki/Chinese_information_operations_and_information_warfare ("Definitions" section)
32:45 The Three Warfares: https://apps.dtic.mil/sti/tr/pdf/ADB372300.pdf
34:04 The Nine-Dash Line: https://chinaus-icas.org/research/map-spotlight-nine-dash-line/
34:52 In fact, ruled to be explicitly illegal by the Permanent Court of Arbitration in 2016:
https://pca-cpa.org/en/news/pca-press-release-the-south-china-sea-arbitration-the-republic-of-the-philippines-v-the-peoples-republic-of-china/
36:19 US FBI director Christopher Wray recently warned about this: https://www.npr.org/2024/01/31/1228153857/wray-chinese-hackers-national-securityThe State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics. We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.
Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network
Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Original YouTube video at https://youtu.be/HLVPDojARh0
-
Eksik bölüm mü var?
-
Join James Briscoe and John Salomon in the latest episode of the State of (Cyber)War podcast as they discuss the People's Republic of China and some of its disinformation capabilities.
This informal conversation includes discussion about Chinese foreign election interference, domestic social media manipulation, Taiwan, China's foreign political and economic interests and more.
John Salomon - https://www.linkedin.com/in/johnsalomon/
James Briscoe - https://www.linkedin.com/in/jimbriscoe/02:10 Xi Jinping's new year's address, via CCTV: https://youtu.be/TEd3CtcL1pU?si=MAiKGP-SPjm8cjCe
02:50 Xi Zhongxun, Chinese revolutionary leader: https://en.wikipedia.org/wiki/Xi_Zhongxun
04:00 Taiwanese elections 2024: https://en.wikipedia.org/wiki/2024_Taiwanese_general_election
04:08 Kuomintang: https://en.wikipedia.org/wiki/Kuomintang
04:27 Democratic Progressive Party: https://en.wikipedia.org/wiki/Democratic_Progressive_Party
05:45 1992 Consensus: https://thediplomat.com/2022/07/the-1992-consensus-why-it-worked-and-why-it-fell-apart/
07:15 These are the Valemax ore carriers: https://vale.com/w/fleet-of-ships-serving-vale-receives-first-ore-carrier-in-the-world-equipped-with-rotor-sails
09:12 50 Cent Party: https://en.wikipedia.org/wiki/50_Cent_Party
09:52 Nine-dotted line: https://en.wikipedia.org/wiki/Nine-dash_line
10:04 Belt and Road Initiative: https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative
13:00 https://www.reuters.com/article/idUSSIN277923/
13:43 NY Times article on the topic: https://www.nytimes.com/2023/09/11/us/politics/china-disinformation-ai.html
14:15 https://en.wikipedia.org/wiki/2023_Chinese_balloon_incident
14:42 A lot of this is obviously speculation. https://www.wired.com/story/east-palestine-ohio-train-derailment-tiktok/
16:42 Asia Infrastructure Investment Bank: https://www.aiib.org/en/index.html
19:35 An article about PRC influence on the Taiwanese elections: https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence
20:32 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections
21:05 A US State Department briefing on this topic: https://www.state.gov/briefings-foreign-press-centers/how-the-prc-amplifies-russian-disinformation
24:15 United Front Work Department: https://en.wikipedia.org/wiki/United_Front_Work_Department
26:25 Some points about interference in US elections: https://gdil.org/russian-and-chinese-influence-actors-and-operations-against-the-american-electorate/
29:34 Hundred Years of Humiliation: https://en.wikipedia.org/wiki/Century_of_humiliation
30:30 The Avoidable War, by Kevin Rudd: https://www.avoidablewar.com/
32:23 Natto Thoughts: https://nattothoughts.substack.com/
32:26 The disinformation handbook (part I): https://nattothoughts.substack.com/p/disinformation-handbook-a-conciseA few links on the topic worth reading:
Chinese information operations against Taiwan:
https://therecord.media/taiwan-elections-china-interference
https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence
https://thediplomat.com/2024/01/beijing-tries-to-capitalize-on-taiwans-controversial-rocket-alert/
https://thediplomat.com/2024/01/rip-off-the-blindfold-let-taiwanese-civil-society-learn-from-ukraine/
https://fpri.org/article/2023/12/whats-at-stake-in-upcoming-taiwan-election/General Chinese disinfo operations:
https://www.rand.org/pubs/commentary/2023/10/dismantling-the-disinformation-business-of-chinese.html
https://www.defenceconnect.com.au/joint-capabilities/13356-report-massive-chinese-disinformation-campaign-uncovered-on-youtubehttps://medium.com/doublethinklab/propaganda-analysis-how-different-actors-in-chinas-information-ecosystem-portray-the-ukraine-war-ac82713c2f68
https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-electionsThe State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics. We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.
Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network
Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/Original YouTube video at https://youtu.be/xBAJ2rBKrMc
-
Welcome to episode 2 of CyAN's State of (Cyber) War series.
Today, James Briscoe and John Salomon talk about Japan - its national cyberdefence capabilities, the regional and global threat landscape, regulations and laws, and how all of these are evolving in the face of changing geopolitical realities and technologies.
A few notes from our chat:
02:25 US-Japan 1960 joint security treaty: https://www.mofa.go.jp/region/n-america/us/q&a/ref/1.html
02:37 Article 9 Japanese constitution: https://en.wikipedia.org/wiki/Article_9_of_the_Japanese_Constitution
02:45 SCAP: Supreme commander allied powers
02:58 Japan Self Defense Forces: https://en.wikipedia.org/wiki/Japan_Self-Defense_Forces
05:01 2019 US-Japan security treaty update: https://www.mofa.go.jp/files/000470738.pdf
06:54 national security strategy end of 2022: https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf
08:14 Lazarus Group: https://www.aljazeera.com/news/2023/12/9/us-japan-south-korea-launch-new-efforts-to-counter-n-korea-cyber-threats
10:35 Lazarus Group's cryptocurrency thefts: https://www.coindesk.com/markets/2023/12/01/north-korean-hackers-lazarus-group-stolen-3b-in-cryptocurrency/
11:29 https://www.dragonflyintelligence.com/news/japan-shift-to-a-more-offensive-cyber-posture-in-2023/
11:35 https://asia.nikkei.com/Politics/Japan-to-quadruple-cyber-defense-forces-meeting-threats-head-on
12:47 The 2016 revision in question: https://www.mofa.go.jp/files/000143304.pdf
13:37 The spending increase to 2% request: https://www.reuters.com/business/aerospace-defense/japan-makes-record-defence-spending-request-amid-tension-with-china-2023-08-31/
13:59 It's actually 2% as well: https://www.nato.int/docu/review/articles/2023/07/03/defence-spending-sustaining-the-effort-in-the-long-term/index.html
14:39 CCDCOE: https://ccdcoe.org/
14:46 Locked Shields exercise: https://ccdcoe.org/exercises/locked-shields/
15:33 The official in question was former US Director of National Intelligence Dennis Blair: https://japannews.yomiuri.co.jp/politics/political-series/20221122-72394/
16:05 The Japanese National Security Strategy allows for development of a posture for information warfare and introduction of active cyber defence in cybersecurity. It will create a government information warfare department, allowing government to aggregate and analyze the situation on disinformation originated abroad. The National Center for Incident Readiness and Strategy for Cybersecurity is to be restructured to establish an new organisation to coordinate policies between the police and JSDF. This will allow for active cyber defence against attackers. Training for 4000 cyber ‘warriors’ and 16k cyber-capable JSDF members over 5 years is also foreseen. The Ministry of Foreign Affairs plans AI to enhance monitoring of information and intelligence analysis. Furthermore, defence industry profit margin will be permitted to increase to a max of 15%.
16:45 The Nagoya port ransomware attack of July 2023: https://www.bloomberg.com/news/articles/2023-07-06/nagoya-port-delays-restart-following-alleged-ransomware-attack
17:10 The Chinese cyberattack on the Japanese defence network:
https://www.japantimes.co.jp/news/2023/08/08/japan/japan-china-hack-defense-network/ - WaPo article: https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/
17:23 KillNet ceases attacks on Japan: https://english.kyodonews.net/news/2022/09/9846d4bf7aee-pro-russia-hacker-group-stops-cyberattacks-on-japan-due-to-money-woes.html
20:17 2023 Amendments to Telecommunications Business Act: https://www.dataguidance.com/news/japan-amendments-telecommunications-business-act-enter
20:20 Unauthorized Computer Access Law (UCAL): https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/japanJames Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/
John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Original YouTube video version: https://youtu.be/Fmuno8ohJPs
Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
-
Welcome to episode 1 of CyAN's new State of (Cyber) War series.
Join John Salomon and James Briscoe in a discussion of offensive cyberoperations involving Russian actors, parallels to historical attacks on civilians, expectations and limitations of information operations, and more.
A few notes from our chat:
05:10 James' research paper on Russia/Ukraine: https://www.linkedin.com/feed/update/urn:li:activity:6899132398601162752/
05:30 Conti ransomware group: https://flashpoint.io/blog/history-of-conti-ransomware/
08:55 2016 Ukraine power grid attacks: https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/
11:15 Stuxnet: https://en.wikipedia.org/wiki/Stuxnet
12:47 James' follow-up work: https://www.linkedin.com/feed/update/urn:li:activity:6944843584533581824/
14:35 The Dukes: https://www.cfr.org/cyber-operations/dukes
Cozy Bear: https://www.crowdstrike.com/adversaries/cozy-bear/
NotPetya: https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks
18:32 Lazarus Group: https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations
20:11 2022 Yandex Moscow taxi hack: https://www.euronews.com/my-europe/2022/09/02/gridlock-as-hackers-order-hundreds-of-taxis-to-same-place-in-moscow
20:25 2023 GUR Russian state tax service hack: https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service
23:22 2022 Belarus railway hack: https://www.theguardian.com/world/2022/jan/25/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup
24:04 Alexander Lukashenko and the Ukraine invasion map: https://www.independent.co.uk/news/world/europe/lukashenko-ukraine-russia-belarus-invasion-map-b2026440.html
25:23 Syrian Electronic Army: https://en.wikipedia.org/wiki/Syrian_Electronic_Army
29:03 Momotarō no Umiwashi came out in 1942: https://en.wikipedia.org/wiki/Momotar%C5%8D_no_UmiwashiOriginal YouTube video is at https://youtu.be/VlP_L3xX2Lo
James Briscoe on LinkedIn: https://www.linkedin.com/in/jimbriscoe/
John Salomon on LinkedIn: https://www.linkedin.com/in/johnsalomon/Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
-
Juan Ignacio Nicolossi, PRODAFT Team Leader for threat intelligence, joins us today from Chile to discuss the Snatch ransomware group. Active since mid-2018, Snatch has caused havoc in a variety of companies and government agencies.
In this episode, we discuss Snatch's techniques, the significance of how they use stolen information, and how their approach to what's important to customers means for the future of extortion.
CISA #StopRansomware Snatch advisory: https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf
Ransomlook.io Snatch profile: https://www.ransomlook.io/group/snatch
ALPHV (BlackCat) regulatory extortion article: https://www.darkreading.com/risk/alphv-ransomware-group-files-sec-complaint-against-own-victim
PRODAFT is a Netherlands-based cyber-threat intelligence analysis firm - their website is at https://prodaft.com
Full disclosure: John Salomon is a paid, part-time advisor to PRODAFT.
Juan Nicolossi's LinkedIn profile is at https://www.linkedin.com/in/juan-ignacio-nicolossi-baeza-286b035a/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
Original video version at https://youtu.be/g5yiScRofxU
-
Dmytro Bilash joins us for a conversation about online disinformation - what it is, how it adversely affects democratic societies, who's behind it, and how we can combat this major and growing threat to social cohesion and political and economic stability.
A few contextual link from our discussion:
Dr. Egor Zakharov of the Swiss Federal Polytechnic Institute, Zurich (ETHZ) - AI expert, and participant in the ITBN AI&disinformation fireside chat: https://ait.ethz.ch/people/egorzakharov
John Oliver/Last Week Tonight segment on Myanmar-related hate speech on Facebook: https://youtu.be/OjPYmEZxACM
The Assault on Intelligence, by Michael V. Hayden: https://www.penguinrandomhouse.com/books/566537/the-assault-on-intelligence-by-michael-v-hayden/
Offline, by Crooked Media - episode on TikTokers "discovering" Osama Bin Laden's "Letter to America": https://youtu.be/kk84mCHWds8
Shaping Europe's Digital Future - Tackling online disinformation: https://digital-strategy.ec.europa.eu/en/policies/online-disinformation
Finland is winning the war on fake news - CNN, 2019: https://edition.cnn.com/interactive/2019/05/europe/finland-fake-news-intl/
Dmytro Bilash is a cybersecurity expert and investor, and co-founder and Chief Business Development Officer of Osavul, a Ukrainian AI cyberdefence firm. Visit them at https://www.osavul.cloud/
You can find Dmytro on LinkedIn at https://www.linkedin.com/in/dmytro-bil
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Original video at https://youtu.be/XQonzP3OVXU
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
Kojo Osei Amoyaw-Osei is a master's candidate at EM-Lyon Business School. He joins us today to discuss his thesis project for the MSc programme in Cybersecurity and Defence Management.
Businesses face a growing set of challenges when building their information security maturity - specifically, Kojo has identified three core paradoxes in his research:
1) Personalisation - delivering personalised experiences while respecting privacy preferences
2) Regulation - balancing regulatory compliance with data-driven strategies and innovation
3) Trust - earning and maintaining trust by adopting transparent data practices, implementing robust data security measures, and demonstrating responsible data useThis episode of the CyAN Secure-in-Mind video and podcast series turns our usual format around, as Kojo interviews John Salomon, the usual host of these sessions, based on his extensive experience in the industry, as part of his thesis research.
EM Lyon MsC in Cybersecurity and Defence Management: https://em-lyon.com/en/news/who-will-you-learn-msc-cybersecurity-defense-management-program
Kojo on LinkedIn: https://www.linkedin.com/in/kojooseiamoyawosei/
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Original video version of this conversation is at https://youtu.be/vG1zvwDpjpo
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
Thanks Jillian Kwong, Research Scientist at Cybersecurity at MIT Sloan (CAMS), for joining us today as we discuss Jillian's work in cybersecurity third party risk management and more.
Jillian has a PhD in Communication from the Annenberg School for Communication at the University of Southern California, where her dissertation looked at the human and managerial side of data privacy (e.g. GDPR, CCPA) implementation within mostly small and medium sized enterprises (SMEs). She's also a participant in the Cybersecurity Advisors Network (CyAN) mentorship pilot programme.
Cybersecurity is a metrics-driven field; "soft" factors like management style, or how humans process information, are a major challenges for less mature, smaller enterprises. This is more and more the case as regulatory and good practices requirements drive firms to understand their supply chain risk. How can smaller organisations live up to these expectations?
Even when a tremendous wealth of information and resources are available to help such firms, doing the right thing can be a daunting, difficult process.
Jillian has significant experience in understanding the day-to-day challenges of small business and their management through interviews and case studies as a complementary approach to more objective, quantifiable cybersecurity.
This has allowed her to document the interconnected, complex nature of cybersecurity activities in SMEs.
Visit Jillian on LinkedIn at https://www.linkedin.com/in/jilliankwong
Cybersecurity at MIT Sloan: https://cams.mit.edu
The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find our channels via https://cybersecurityadvisors.network/media
Original source video at https://youtu.be/KcSZ1l_Eoik
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
In today's Secure-in-Mind episode, we talk about cyberwarfare with Hugo Tarrida.
Hugo recently finished his master’s with a focus on cyber and hybrid warfare and the impact it has on security, at King's College London.
Cyber and hybrid warfare are rapidly evolving domains of conflict that encompass a wide array of threats and tactics. These strategies involve cyberattacks aimed at disrupting critical infrastructure, which includes power grids, financial systems, and communication networks, posing significant risks to national security. To counter these threats, effective strategies have to be developed and improved to counter an ever-growing digitalised and interconnected word.
We delve into the impact of public-private collaboration aimed at fortifying defences, sharing threat intelligence, and developing resilience to mitigate the impacts of cyber warfare. In this ever-changing landscape, understanding these concepts and fostering cooperation is paramount for safeguarding our digital future.'
Visit Hugo on LinkedIn at https://www.linkedin.com/in/hugo-tarrida-ortega-32915a204
King's College London: https://www.kcl.ac.uk/
The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find our channels at https://cybersecurityadvisors.network/media
Original video version available at https://youtu.be/oRHIzDjdfjM
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
Remy Bertot joins us for the latest Secure-in-Mind episode. Based on his work with Passbolt, makers of a popular open source password manager, Remy shares his observations on current trends and future expecations of passwords, authentication tokens, and similar mechanisms.
We talk about security in open source software, certifications and audits, telemetry and usage statistics, and how such OSS projects can optimize the community's knowledge.
Maybe most importantly, Remy discusses privacy-restricting legislation such as the current UK Online Safety Bill - and how these are bad things for society. Remy is a contributor to Encryption Europe, an initiative designed to help support privacy, not least in the face of such governmental overreach.
Check out Remy's LinkedIn profile at https://www.linkedin.com/in/remy-bertot-7913a0254/
Passbolt is at https://www.passbolt.com/
Visit Encryption Europe at https://encryptioneurope.eu/
The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find us at https://cybersecurityadvisors.network/media
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
Today's Secure-in-Mind episode features a discussion with (soon to be Dr.) Florian Hantke, a candidate in the pilot intake of the CyAN mentorship pilot programmed.
Florian is conducting advanced research on vulnerability management and information security trends as part of the secure web applications group at CISPA Helmholtz, a major German academic research network. He is an accomplished penetration tester, capture-the-flag contestant, and ethical hacker.
Among the topics we visit today are an overview of his current project on using "web archeology" - using web archives to evaluate past cybersecurity trends, Florian's views on the effectiveness of information security topics in German academia and how what it entails, and his recent experience in finding and reporting a number of embarrassing web vulnerabilities.
We talk about generational differences in spotting fraud and security issues, getting into cybersecurity as an area of interest and career choice, and more.
Florian's LinkedIn: https://www.linkedin.com/in/florian-hantke-59ba0522b/
Website: https://fhantke.de/
Twitter: https://twitter.com/fh4ntkeCISPA Helmholtz Center for Information Security - https://cispa.de/
"You Call This Archaeology? Evaluating Web Archives for
Reproducible Web Security Measurements" - https://swag.cispa.saarland/papers/hantke2023archaeology.pdfFlorian's blog post describing his experiences reporting web vulnerabilities in wedding photo sharing sites: https://fh4ntke.medium.com/till-breach-do-us-part-the-uninvited-guest-at-your-wedding-2aed35755456
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Original YouTube video: https://youtu.be/zwMSUbDeYfU
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
The cybersecurity employment market is in a unique situation - teams are often underfunded and overtaxed, while layoffs at big tech and other security-reliant critical firms have left insecurity in the industry - as regulatory requirements and evolving threats require ever more attention to the topic.
Meanwhile, academic institutions are continuously challenged to improve their approaches to developing the next generation of talent. Cyber- and information security are broad topics, and benefit from a wide range of knowledge, experiences, and areas of study - not just hard core hands-on tech skills.
This raises questions about how aspiring cybersecurity experts should direct their studies, and how academic leaders and institutions can support them in this journey.
Today we welcome Dr. Gergely "Greg" Dzsinich, CyAN board member and professor at Emlyon business school in Lyon, France, and Florian Muntner, a masters degree candidate embarking on a cybersecurity career later this year who is supporting a privacy project led by Prof. Dzsinich.
Join us as we talk about a wide range of considerations when aiming for a cybersecurity career via various academic disciplines, as well as the unique project approach of the Emlyon team to create continuity among successive "generations" of students aiming for careers in the cybersecurity field.
You can find Dr. Dzsinich on LinkedIn here - https://www.linkedin.com/in/gdzsinich/
...and Florian Muntner here: https://www.linkedin.com/in/florian-muntner/This episode of Secure-in-Mind is also available in video form at https://youtu.be/yQWF1DNubbU
Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
Many of us have fallen victims to scams. Most of us know someone else who has. Fraud did not start with the Internet, but it has unfortunately become an integral part of the online experience.
Jorij Abraham is Managing Director of the Global Anti-Scam Alliance (GASA), a non-profit organization based in Amsterdam and a partner to CyAN.
In today's Secure-in-Mind episode, we talk about GASA's mission fighting scams of all sorts. What is a scam? What types of scams are most common around the world, who are the victims, and who are the major perpetrators?
Jorij shares his experience in helping to fight abuse, whether it involves fake work visa promises, business email compromise, as well as subscription, romance, crypto, and many other scams that defraud innocent victims of their money. How are we working with law enforcement? What are tech companies doing to fight scams? And, as always, we ask Jorij his views on what the future will bring.
CyAN strongly endorses GASA's mission; visit them at https://gasa.org, as well as their https://scamadviser.com service where you can check whether something is a known scam.
Consider also register for GASA's annual summit in Lisbon, Portugal, on Oct 18-19 2023 - https://www.gasa.org/event-details/4th-global-anti-scam-summit-2023
You can find Jorij on LinkedIn at https://www.linkedin.com/in/jorijabraham/
The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network -
This episode is available as a video at https://youtu.be/XidPnG6SmaY
All our various media channels are here: https://cybersecurityadvisors.network/media
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
Let's face it: your company will be breached. This is just a reality in today's business world. The first step is to accept this, and to understand why it happens. The next step is to take steps to minimize the damage from a security incident when it inevitably occurs.
In today's episode of the Secure-in-Mind series of conversations about security topics, CyAN explores the topic of surviving a cyber incident - from both a human and an organizational level.
How do you prepare for something you've never experienced before? What can you do to mitigate the damage when it happens? Will your business survive? And who do you turn to when things go wrong?
Geoff Leeming is founder and consultant with Pragma, a Singapore-based cybersecurity firm providing preventative and response services to businesses around the world. You can find him on LinkedIn here: https://www.linkedin.com/in/geoffleeming
Visit Pragma at https://pragma.ltd/
Check out the video version of this chat at https://youtu.be/9tCLFkuqJ1E - and don't forget to watch the rest of CyAN's great videos at https://youtube.com/@cybersecadvisors
CyAN is at https://cybersecurityadvisors.network
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
In today's episode of the Secure-in-Mind series, I'm joined by Anthony Hess, CEO of co-founder of cyber crisis management and response firm Asceris.
Anthony has a wealth of experience working with insurance firms, especially in the field of cybersecurity and cyber risk insurance, and combines a strong technologist's background with a wealth of knowledge around insurance logic, policy types, underwriting methodologies, and more.
Cyber risk insurance has been a growing topic over the past decade, and in our conversation today, we seek to address several misconceptions about this type of service, while giving you a basic understanding of what you need to know when considering such a service.
For example, we talk about
- what types of policies are there?
- what's all the hubbub around Lloyds of London's much-discussed "cyber acts of war" exception?
- what's the relationship between insurance and regulatory risk management requirements?
- what types of services to insurance firms offer to their customers?...and many more.
Visit him on LinkedIn at https://www.linkedin.com/in/anthonyhess/
You can find Asceris at https://www.asceris.com/
Don't forget to check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network and on LinkedIn at https://www.linkedin.com/company/cybersecurityadvisors/
Our YouTube channel is at https://youtube.com/@cybersecadvisors
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
In the latest episode of the Good Faith Cybersecurity Researches' Coalition dialogues, we speak with Mischa Hansel, head of the research focus on international cybersecurity at the IFSH - the University of Hamburg institute for peace research and security.
In our conversation, we cover topics such as
- stockpiling and weaponizing of cyber vulnerabilities by state actors
- vulnerability reporting requirements to national authorities
- handling of cyber vulnerabilities by authoritarian governments
- the impact of free discourse around vulnerabilities on liberal democracy
- vulnerability-as-a-service providers
- the role of academia and free research in the uncovering of cyber vulnerabilitiesA few links Mischa provided that are relevant to this conversation, and to IFSH's work:
- International Cybersecurity Made in Hamburg: https://international-cybersecurity.com/
- A paper published in Just Security around strengthening cybersecurity researchers https://www.justsecurity.org/81293/empowering-security-researchers-will-improve-global-cybersecurity/
- the IFSH newsletter (Jan's Cyber Hotchpotch) " offering an entertaining weekly summary of what is going on in cybersecurity" - subscribe via https://ifsh.us6.list-manage.com/subscribe?u=2fda1cac544809b12bab70663&id=d8ad8ab2a0
- A paper on the peace and security implications of cybercrime: https://ifsh.de/file/publication/Research_Report/012/Research_Report_012_EN_web.pdfIFSH is at https://ifsh.de/
You can find Mischa Hansel on LinkedIn at https://www.linkedin.com/in/mischa-hansel-7207ba1a2
Visit us at https://gfcrc.org - and check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network
Also check out the GFCRC video series at https://youtube.com/@gfcyber
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
In today's episode of the Secure-in-Mind series, Joe Cozzupoli and I confront some burning topics around how to deal with artificial intelligence (AI) when confidential or critical data is involved.
On the CyAN blog, Joe recently wrote about the need to balance privacy and security in AI systems - you can find that article here:
https://cybersecurityadvisors.network/2023/05/03/balancing-privacy-and-security-in-ai-systems-navigating-the-cybersecurity-conundrum/
As a follow-up to this piece, we address considerations in ensuring the security and confidentiality of critical data whenever AI is used...including the idea that fundamental concepts of responsible use of data don't go away just because it's a new technology. How should existing information security policies and good practice be updated to take these new capabilities into consideration? How are regulators around the world trying to ensure that AI doesn't introduce unacceptable risk?
Joe is a Senior Information Security Advisor at Microsoft in Australia, and CyAN member. All views expressed in this conversation are his personal opinions and not those of Microsoft.
Visit him on LinkedIn at https://www.linkedin.com/in/jcozzupolicissp
Don't forget to check out the Cybersecurity Advisors Network at https://cybersecurityadvisors.network and on LinkedIn at https://www.linkedin.com/company/cybersecurityadvisors/
Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/
-
Dr. Jacqui Taylor and John Salomon talk about the state of diversity in the cybersecurity industry.
What is the state of women in the sector, and how are neurodiverse professionals represented in information security positions? What are the current challenges facing underrepresented groups in industry, how do we see this developing in the coming years, and how can we help address current imbalances?
In this conversation, we explore why, aside from it being the right thing to do, companies actually benefit from a more representative workforce.
Employers with access to a broader range of skills, backgrounds, and attitudes are likely to be much more capable of managing and mastering cybersecurity risk.We also explore how younger generations are approaching this topic.
How has the digital native experience of Millenials, Gen Z, and beyond shaped their attitudes towards equity, diversity, and better representation of different population groups in the technology / cybersecurity arena? How can the current generations of professionals talk to these groups and encourage them to take an interest in cybersecurity?
Dr. Jacqui Taylor is CEO and founder of FlyingBinary, a UK-based deep tech innovation firm. Among numerous other activities, she is a frequent public speaker on a variety of topics around technology, geopolitics, and beyond.
Check out FlyingBinary - "The home of our Cyber Security Work across the world" at https://flyingbinary.com/contact/, and on LinkedIn at https://www.linkedin.com/company/1202052 -
You can find Jacqui on LinkedIn at https://www.linkedin.com/in/dr-jacqui-taylor/
For Jacqui's website "The home of the Empathy Economy and my equity mission", please have a look at https://jacqui.online
CyAN's mentorship programme is announced here: https://cybersecurityadvisors.network/2023/04/12/cyan-announces-mentorship-programme/
Visit us at https://cybersecurityadvisors.network
-
Welcome Wim Hafkamp, Managing Director of Z-CERT, the Dutch healthcare CERT, and Quartermaster / Chairman of the European Health ISAC. Wim brings many years of information security leadership experience in the financial sector to his current organisation's role of supporting the cybersecurity resilience of the Dutch medical and healthcare community.
In the latest in our Secure in Mind series, we discuss the issues currently facing health institutions and providers in defending against cyberattacks, complying with regulations, and working together across borders and with public sector partners.
A few of the concepts mentioned in the video:
EU Cybersecurity Act: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act
EU Cybersecurity Certification Framework: https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-certification-framework
NIS2 Directive: https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2021)689333Attacks on Irish Health Service Executive attacks: https://en.wikipedia.org/wiki/Health_Service_Executive_ransomware_attack
Ransomware attacks on hospitals in Victoria (Australia): https://www.abc.net.au/news/2019-10-01/victorian-health-services-targeted-by-ransomware-attack/11562988
(Actually I was referring to an earlier campaign but this one's more recent and equally relevant)André Mignot attack (2022): https://www.france24.com/en/france/20221205-french-hospital-suspends-operations-after-cyber-attacks
Brussels ransomware case: https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre
2023 Barcelona hospital ransomware case: https://www.bleepingcomputer.com/news/security/hospital-cl-nic-de-barcelona-severely-impacted-by-ransomware-attack/Z-CERT's homepage: https://www.z-cert.nl/
EU Health ISAC (via the Empowering EU ISACs initiative): https://www.isacs.eu/european-isacsFind Wim on LinkedIn at https://www.linkedin.com/in/wimhafkamp/
Visit us at https://cybersecurityadvisors.network
- Daha fazla göster
