AI and ChatGPT - Security, Privacy and Ethical Ramifications - Ep 62

What is the impact of open-source software (OSS) on modern software development? 

This episode delves into the findings of a recent study commissioned by Open Text and conducted by Forrester called "Unlock Resources With Automated Open-Source Discovery And Intake". Stan and Rob unpack the evolving role of OSS, shedding light on both its opportunities and challenges.

With 70% of organizations reporting that over half of their coding efforts involve OSS, it's evident that OSS plays a pivotal role in accelerating innovation and reducing costs in software development. However, as the hosts discuss, this rapid adoption isn't without its hurdles.

From ensuring security and compliance to navigating through the complexities of OSS licensing, organizations face a myriad of challenges. Stan and Rob examine the ramifications of overlooking security vulnerabilities, compliance standards, and licensing terms, drawing from real-world examples to underscore the importance of diligent management practices.

But amidst the challenges lies a beacon of hope: automation. The hosts explore how automation is revolutionizing the discovery and integration of OSS components, paving the way for more secure and compliant software development processes. From streamlining discovery to prioritizing security early in the development cycle, automation holds the key to enhancing productivity and mitigating risks.

Looking ahead, Stan and Rob speculate on future directions in OSS management, emphasizing the need for collaboration, early detection of security issues, and continued innovation in the space. Whether you're a developer, a legal expert, or a cybersecurity enthusiast, this episode offers valuable insights into the ever-evolving landscape of open source software.

Tune in to gain a deeper understanding of the opportunities and challenges presented by open source software, and discover how organizations can navigate the open source seas with confidence and agility.

Report:
https://www.microfocus.com/en-us/assets/cyberres/automating-open-source-compliance

Debricked Open Source Select - a search engine where you can find, filter for and evaluate open source packages and repositories.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode of Reimagining Cyber, hosts Rob Aragao and Stan Wisseman are joined by Dorota Wrobel, Chief R&D Officer for G2A, the world's largest digital marketplace for video games and software. Dorata discusses G2A's evolution from a regular online store to a two-sided marketplace for digital products, emphasizing the need for robust cybersecurity measures in the digital environment.

Dorota highlights the vulnerability of digital products to outside attacks and explains G2A's partnerships with top security companies to enhance security. She discusses G2A's strict seller verification processes and proof of purchase requirements to ensure trustworthiness and prevent fraud.

The conversation delves into G2A's regulatory compliance efforts, including adherence to security standards required by Payment Service Providers and membership in organizations like the Merchant Risk Council. Dorata explains how AI technology is utilized for fraud detection and response, augmented by human interaction and step-up authentication processes.

Looking to the future, Dorota discusses G2A's plans for further investment in monitoring systems and tokenizing payment options

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

 In this conversation about threat hunting, Stan and Rob dive into why it's become such a crucial part of cybersecurity. They talk about how threat hunting isn't just about reacting to problems anymore, but it's become this proactive, creative way of spotting and tackling security issues before they become big headaches.

They reflect on how the role of a threat hunter has changed over the years. It used to be all about reacting to alerts, but now it's more about actively seeking out threats and analyzing them. And with the threat landscape changing so quickly, threat hunters have had to evolve their methods to keep up.

Stan and Rob also discuss the day-to-day workflow of a threat hunter. It's not just about sitting in front of a computer all day. It involves reviewing alerts, prioritizing threats, and collaborating with the team to share insights and strategies.

But it's not all smooth sailing. They talk about the challenges threat hunters face, like dealing with huge amounts of data and making sure their tools all work together seamlessly. Plus, there's the added pressure of compliance and legal considerations.

On the bright side, there's a whole arsenal of tools available to threat hunters, from fancy analysis platforms to simple note-taking apps. And with emerging tech like blockchain and quantum computing on the horizon, there's a lot of excitement about the future of threat hunting.

They also touch on the importance of team dynamics and management in threat hunting. It's not just about having the right tools—it's about having the right mindset and culture within the team. And diversity and inclusion play a big role in that, bringing different perspectives to the table and making the team stronger.

Overall, it's clear that threat hunting is more than just a job—it's a passion. And as long as there are cyber threats out there, there will always be a need for skilled threat hunters to track them down and neutralize them.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode, Stan and Rob sit down with Felix Asare, a seasoned cybersecurity leader with extensive experience in the financial sector, including roles at Allianz and Putnam Investments. They delve into the cybersecurity landscape within the financial industry, exploring why it's a prime target for cybercriminals.

Felix breaks down the appeal of targeting the financial sector,
emphasizing the shift from physical to digital methods of theft due to the
lucrative nature of financial data. He highlights the importance of regulations
in setting security standards and explains how compliance, while necessary,
isn't sufficient for robust cybersecurity.

The conversation extends to the risks posed by the software
supply chain, particularly third-party vendors, and the challenges of
maintaining oversight in a complex ecosystem. Felix shares insights into
mitigating risks associated with open-source software and the need for rigorous
approval processes.

They also discuss the emergence of smart contracts and the
security implications of blockchain technology. Felix underscores the
importance of auditing smart contracts and maintaining vigilance in the face of
evolving threats like deepfake technology.

Lastly, the discussion turns to the role of AI in cybersecurity
defense, with Felix emphasizing its potential to enhance response times and
analyze data. However, he also cautions against overreliance on AI and the need
for human validation to combat emerging threats effectively.

Overall, the episode provides valuable insights into the
evolving cybersecurity landscape within the financial sector and the strategies
employed to mitigate risks and enhance security posture.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Rob and Stan explore the EU's Digital Operational Resiliency Act (DORA) with Dominic Brown, a cybersecurity expert. DORA addresses cyber threats to EU financial systems, emphasizing risk management, incident response, and third-party oversight. Dominic compares DORA to US regulations and advises organizations to build risk management teams and enhance cyber resilience before the 2025 deadline.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode of "Reimagining Cyber," Rob Aragao and Stan Wisseman welcome Adeel Saeed, discussing the importance of data protection in the evolving cybersecurity landscape. Adeel emphasizes the need to understand data sovereignty, navigate regulatory challenges like DORA, and implement a comprehensive data lifecycle strategy. The conversation delves into the nuances of technical debt related to data, the significance of cyber resilience, and the imperative for organizations to embrace a proactive approach in safeguarding their data assets.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

Mother of All Breaches. The Midnight Blizzard attack. Nation state cyber conflicts. January 2024 has seen a blitz in cyber  attacks. In this week's episode, hosts Stan Wisseman and Rob Aragao delve into the alarming start to the new year.

1.    Mother of All Breaches (MOAB):

·       Unprecedented Scale: Over 26 billion records compromised, impacting major platforms like Twitter, LinkedIn, Adobe, and Dropbox, along with government agencies worldwide.

·       Data Complexity: The breach includes not only credentials but also sensitive data, creating substantial value for malicious actors.

·       Organization: The breach was meticulously organized, posing a significant threat to data security and privacy.

2.    Midnight Blizzard Attack:

·       Notorious Group: Midnight Blizzard, also known as Cozy Bear and APT29, resurfaces 

·       Targeted Organizations: Microsoft and HPE were among the targets, with a focus on compromising Office 365 exchange environments.

·       Attack Strategy: Utilizing password spraying and brute force, the attackers gained access to a legacy test nonproduction account, subsequently creating malicious OAuth applications.

·       Specific Targeting: The attackers selectively targeted executives, cybersecurity teams, and legal teams, aiming to gather intelligence on Microsoft's activities.

3.    State-Sponsored Cyber Warfare (Russia vs. Ukraine):

·       Escalating Tensions: Ongoing cyber warfare activities between Russia and Ukraine intensify, with a warning of disruptive and destructive attacks.

·       Advanced Tactics: Russian cyber forces, particularly Midnight Blizzard, demonstrate advanced capabilities, impacting Ukrainian e-services, utility companies, and online banking.

·       AI Integration: Ukraine effectively employs AI in its defense, utilizing facial recognition and cyber capabilities to counter cyber threats.

The hosts emphasize the importance of proactive measures, including password changes, multi-factor authentication adoption, and vigilant identity governance. The discussion underscores the evolving landscape of cyber warfare, encompassing both kinetic and cyber threats.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode, hosts Rob and Stan explore the World Economic Forum's Global Cybersecurity Outlook 2024, a favorite annual report providing valuable insights into the cybersecurity landscape. Released early in the new year, the episode looks at the key themes, findings, and implications outlined in the report.

Main Themes:

1.    Geopolitical and Technological Environment:

·       Report highlights dynamic changes and advancements in geopolitics and technology.

·       Emphasis on impacts of geopolitical tensions, economic uncertainties, and technological advancements, especially in AI.

2.    Cyber Skill Shortage:

·       Discussion on persistent challenges related to the shortage of cybersecurity skills.

·       Acknowledgment of the critical role of cybersecurity in business, operations, and executive decision-making.

3.    Cyber Resilience:

·       Exploration of the growing importance of cyber resilience.

·       Positive indicators of increased confidence among leaders in the resilience of cybersecurity programs.

4.    Cyber Inequity:

·       Examination of the disparity in cyber capabilities between larger and smaller organizations.

·       Insights into challenges faced by smaller organizations, including resource constraints, skill shortages, and technology requirements.

5.    Cyber Ecosystem:

·       Discussion on the interconnected nature of cyber ecosystems.

·       Emphasis on collaboration, threat intelligence sharing, and third-party assessments.

·       Highlighting the significant impact of cyber attacks originating from third-party relationships.

Key Findings and Insights:

1.    Generative AI Concerns:

·       Grave concerns among executives about advances in adversarial capabilities due to generative AI.

·       Less than 10% believe generative AI will give an advantage to defenders over attackers.

2.    Cyber Insurance and Risk Mitigation:

·       Observations on the changing landscape of cyber insurance, with a 24% drop in organizations obtaining cyber insurance.

·       Recognition of cyber and privacy regulations as effective for risk reduction, though harmonization is needed.

3.    CEO Involvement and Alignment:

·       Increased involvement of CEOs and business leaders in prioritizing cybersecurity.

·       93% trust CEOs to speak externally about cyber risk, indicating growing alignment between cybersecurity and business strategy.

4.    Impact on the Business:

·       Insights into executive concerns about operational disruption, financial impact, and brand reputation from cyber attacks.

·       Balanced consideration of regulatory scrutiny, focusing on operational aspects and financial loss.

Conclusion: Rob and Stan encourage listeners to explore the detailed report for a deeper understanding of the evolving cybersecurity landscape. They emphasize the need for collaboration, proactive cybersecurity measures, and efforts to bridge the gap between larger and smaller organizations in building cyber resilience.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

Welcome to another episode of "Reimagining Cyber." In this session, Rob and Stan dive into the critical role of IT auditors, a perspective rarely explored on the show. Their guest, Veronica Rose, brings extensive experience in shaping risk-based information security audit programs. She emphasizes the evolving nature of the IT audit environment and urges IT auditors to prioritize upskilling as technology and controls advance.

Veronica highlights the significance of professional communities, recommending affiliation with bodies like NACD and ISACA. Engaging in these communities not only provides access to valuable resources but also fosters global connections with like-minded professionals.

The discussion shifts to well-being, a crucial aspect often overlooked in the demanding field of IT audit. Veronica stresses the importance of mental health, exercise, and unplugging to maintain a clear mindset.

The conversation wraps up by addressing the career paths of IT auditors. Veronica encourages a mindset shift for those considering a transition, emphasizing the value of certifications and continuous upskilling.

Tune in to gain insights into the evolving world of IT audit, professional development, and holistic well-being.

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

In this episode, Rob Aragao and Stan Wisseman unravel the dynamic world of cybersecurity regulations, providing a sneak peek into the changes expected in 2024. From the upcoming PCI DSS 4.0 release strengthening cybersecurity postures to the FTC's push for timely breach notifications, and the SEC's implementation of breach disclosure rules, they navigate through the intricacies of compliance.

They shed light on the NIS2 directive, emphasizing the continuous evolution of cybersecurity practices, and delve into the EU Cyber Resiliency Act, encouraging security by design principles for products and services sold within the EU. The duo also examines the state-level privacy laws emerging across the United States, emphasizing the complexities organizations face in navigating this patchwork of regulations.

Tune in for insights on how these regulations impact businesses, the penalties associated with non-compliance, and the importance of a proactive, risk-based approach. Stay informed and ready for the evolving cybersecurity landscape in 2024!

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com