SSH Communications Founder Tatu Ylönen Speaks on IoT Security (Podcast)

SSH CommunicationsPreston and I had the rare honor of speaking with SSH Communications founder, Tatu Ylönen about IoT device security. For those of you who don’t know, Tatu Ylönen is the inventor and original programmer of the SSH protocol. There’s absolutely no one in the world more qualified to speak on security than Tatu.

Tatu YlönenHe single-handedly protected us all from plain text transmissions and essentially destroyed the old Telnet protocol for good. In this podcast, we discuss the importance of IoT security. IoT security has traditionally been ignored because the few devices that existed weren’t particularly vulnerable to hacking either because no one cared or no one had access to the hardware and software to do so. That’s no longer true. Everyone has access to exploitation tools and the time for focusing on a more secure IoT has arrived.

For IoT manufacturers, you should listen carefully to Tatu’s advice and insights. Some of these devices and networks carry high-value data, including possibly personal data and that needs to be protected.

Podcast details:

Length: 14:43 minutes. Format: MP3. Rating: G for all audiences.

A special thanks to Tatu Ylönen and to the Nadel Phelan agency for connecting us.

What To Do in the First 48 Hours After a Breach with Absolute’s Richard Henderson (Podcast)

AbsoluteYou might remember Richard Henderson, Absolute’s Global Security Strategist from our March 21, 2017, podcast covering Enterprise Security Trends. Richard joins us again to discuss what to do after you discover a breach and why the first 48 hours are so important. You’ll also hear Preston and me disagree about first steps to take after you discover a breach.

In this podcast, Richard gives us an overview of how companies should handle breach announcements, responsibility for breaches, and his best advice for companies that have experienced a breach.

Podcast details:

Length: 20:31 minutes. Format: MP3. Rating: G for all audiences.

We’re hoping that Richard will continue to join us on a regular basis to discuss timely security topics that affect you and your business operations. If you have questions that you’d like to have us ask Richard or any of our guests, please use the Contact Form and let us know. We’re also open to new show topics and guests.

IoT and Mobile Security with Zimperium CPO John Michelsen (Podcast)

ZimperiumIn this podcast, Preston, our guest John Michelsen, CPO of Zimperium, and I discuss mobile security and extrapolate what’s happening in that space to what’s happening, and about to happen, with IoT security. We touch on monitoring, general security, costs, and the bigger problem of security implementation on devices that until recently were used based on an “air of trust.”

April is our “Month of Preventing Surprises” and this podcast kicks off that topic for The SecurityNOW Show. How awkward would it be to move headlong into a large IoT implementation only to realize that someone has easily hacked your devices and siphoned off your data? Surprise!

Mobile security has come a long way in the past two years with the adoption of higher security measures from vendors and third parties, such as per-app VPN, two-factor authentication, and containerization. IoT vendors will have to step up and enable encryption, use multi-factor authentication, and wipe or brick devices that have been compromised or moved. The Internet of Things may very well be security’s biggest challenge yet, not only because of the sheer numbers of devices but also because of device diversity.

Preston, John, and I just touch the surface of these topics in this podcast but stay tuned for more from all three of us on IoT security.

Podcast details:

Length: 20:45 minutes. Format: MP3. Rating: G for all audiences.

Licensed CC BY (2017)

March 2017 Week 1 in Review (Podcast)

CybersecurityPreston and I got together to talk about March 1-5 2017. It wasn’t a full week but it was the first week of March, so we’re calling it good on that front. We discussed our podcast with Morey Haber of BeyondTrust and the worst breaches of 2016; current scams including the malware package that you can purchase for $400, well, the equivalent of $400 in Bitcoin that is; the current lack of fidelity in our awesome Oklahoma state’s cybersecurity website; the cybersecurity crisis as described by Symantec CEO Greg Clark; the fact that 39 percent of North Americans have been affected by cybersecurity breaches, and a few other topics of interest.

We also included some practical takeaways for you to use in meeting your own cybersecurity needs. Keeping yourself safe is more than just having a fancy password; it also means that you need to be vigilant in checking your surroundings when typing PINs, entering passwords into your phone or personal computer, and protecting your credit card information.

Complacency and negligence are the two biggest vulnerabilities in security. There’s this “air of trust” and there really shouldn’t be. You don’t have to be fully paranoid but a little paranoia and a lot of vigilance will help keep you safe–not only in the online world but also in the real world. For physical security, you should always be aware of your surroundings. Lock your doors, lock your windows, and have your key ready when you get to your door.

Podcast details:

Length: 17:36 minutes. Format: MP3. Rating: G for all audiences.

Thanks for reading and for listening. Please give us feedback and any topics of interest or companies you’d like to hear about.

The Worst Cybersecurity Breaches of 2016 (Podcast)

BeyondTrustPreston and I interviewed Morey Haber, BeyondTrust’s VP of Technology, and discussed 2016’s top five cybersecurity breaches. If you’d like to read more about Morey’s information on these breaches, check out his blog post, “The 5 Worst Breaches of 2016 – and What to Expect in 2017.

In our podcast, we cover the worst breaches plus additional content related to how to protect yourself from such breaches. Morey also mentions how BeyondTrust’s products can help protect you and your data.

Podcast details:

Length: 21:30 minutes. Format: MP3. Rating: G for all audiences.

Be sure to check out BeyondTrust’s security products.

Week of February 20 – Current CyberSecurity Events Discussion

SHA1Preston and I cover the current cybersecurity threats, news, and issues from the week of February 20. We’re at the very cool and accommodating RoseRock Cafe here in Tulsa, where we enjoy a delicious lunch in a relaxed atmosphere surrounded by good books and lively background conversation.

Today’s show was fueled by chicken nuggets, fried pickles, and Diet Dr. Pepper. The lunch of champion podcasters everywhere.

We cover Google’s recent unraveling of the SHA1 hash, the CloudFlare compromise, Facebook impersonation, Skype hacks, Steam hacks, two-factor authentication, and the Google Chrome font malware attack.

Podcast Details:

Length: 18:02 minutes. Format: MP3. Rating: G for all audiences.

We produce all of our podcasts in a format and style that’s very safe for work, safe for school, and safe for younger listeners. You’ll never have to fear that something inappropriate is going to pop out of us or our guests. Have confidence that our podcasts are 100 percent safe, foul language free, innuendo free, and are perfect for the classroom or for other public consumption. All of our content is CC BY licensed.

Check Point releases 2017 Cyber Security Survey results

Check PointI’m a big fan of surveys. I’m a fan because numbers are easy to digest. I like to see, at a glance, the results of opinion surveys to see how well they correspond with my own opinions. Rarely do I differ from the norm in security surveys. This one is no exception. I think we all feel overwhelmed and surprised that everyone else feels overwhelmed and surprised by malware, mobile threats, APTs, data loss, insider threats, and other security breaches and thefts.

Check Point surveyed more than 1,900 IT Security personnel. Check Point, for those of you who don’t know, is one of the first security companies to offer an intelligent firewall solution. In fact, for the past 25 years, Check Point has been the “Go To” firewall solution for companies across the world.

Check Point released its 2017 Cyber Security Survey. Here are a few data points highlighted in the survey:

A poll of 1900+ IT Security experts reveals…

  • Slightly more than one-third (35%) either feel Extremely Confident or Very Confident with their organization’s security posture. More interestingly that means nearly 65% are not confident; these organizations continue to remain vulnerable to security breaches.
  • 81% feel their organization currently has security concerns as it relates to adopting public cloud computing.
  • 64% said Data Leakage and Data Loss were their primary mobile security concern related to BYOD (Bring Your Own Device).
  • 68% said Malware Protection is their key capability required for an effective Mobile Threat Management solution.

Of all the recent security surprises, I’m not surprised that almost two-thirds of the survey’s respondents are not confident with their organization’s security posture. I think that mobile threats are actually less of a problem than people think. The problem with mobile devices is not necessarily malware or hacking, but the problem of data exfiltration. Mobile Content Management prevents data exfiltration and file-level auditing is a good deterrent as well.

The full survey can be accessed through Check Point’s blog: Check Point’s 2017 Cyber Security Survey Shows Key Concerns and Opportunities among IT Professionals.