In this illuminating episode of “Defense Against the Dark Web,” Cybersixgill’s Intelligence Research Lead, Dov Lerner, joins host Delilah Schwartz to take listeners deep inside the hidden world of insider threats. Lerner, who conducted extensive research tracking the activities of malicious insiders and their threat actor recruiters across the deep and dark web, shares surprising findings about the diverse array of threats that can originate from within an organization’s walls.From petty scams perpetrated with the help of employees in retail, telecommunications and shipping industries to audacious attempts by threat actors to recruit insiders in financial institutions or government entities with high-level access and security clearances, Lerner illustrates how these “wolves in sheep’s clothing” can quietly inflict harm from inside an organization’s networks without detection.Lerner also offers perspective on industries most impacted, common insider tactics, and the challenges of prevention against insiders who intimately understand their targets’ systems, processes and security protocols. These insider threats, according to Lerner, often go undetected, but collectively result in significant losses - likening these incidents to a ‘death by a thousand paper cuts’.For those tasked with cyber defense, Lerner offers a sobering perspective on the challenges of detecting these stealthy insider threats, and suggests several defensive strategies that can be implemented to protect against them. In this in-depth podcast discussion with host Delilah Schwartz, Lerner peels back the layers on one of the most pernicious yet underreported threats to the organizational attack surface - insider threats operating from within.

For International Women in Cyber Day, this special podcast episode features a discussion between cybersecurity professionals Naomi Yusupov, Daniella Reyhanian Ohana, and host Delilah Schwartz. The three women reflect on their career journeys, each having unexpectedly entered the male-dominated cyber industry without prior technical training, and how they each overcame imposter syndrome by proving their skills and excelling in their roles.The women also discuss the complex challenges women face as they attempt to balance work in a demanding field with equally demanding family responsibilities. They explore the common experience of facing underestimation when embracing their femininity through appearance and style.The episode highlights overcoming barriers through creativity, advocating respectfully for oneself, and cultivating an inclusive culture through mentorship, mutual support, and flexibility for working mothers in the workplace. By sharing experiences of proving competency despite obstacles and fostering camaraderie, Naomi, Daniella and Delilah hope to encourage more diversity and empowerment in their important work.

In this second part of our podcast episode, join us as we delve deep into the realm of Generative AI and its intricate relationship with cybersecurity and Governance Risk and Compliance (GRC). Our guest, Chris Strand, Chief Risk and Compliance Officer at Cybersixgill, brings his wealth of expertise to illuminate the promises and potential pitfalls of Generative AI in this domain.Exploring the convergence of cutting-edge technology and security protocols, Chris and Delilah engage in a candid discussion about the profound impact of Generative AI on the cyber landscape. Unveil how Generative AI holds the potential to revolutionize cybersecurity and compliance processes, offering enhanced streamlining and optimization capabilities that empower organizations to easily navigate the audit process and bolster overall cyber resilience.Yet, with innovation comes responsibility. Tune in as Chris and Delilah dissect the challenges and vulnerabilities associated with Generative AI. Understand the intricate dance between the advancements it offers and the potential threats it poses to cybersecurity, and delve deep into how Generative AI can potentially disrupt the availability, integrity, and privacy of critical data.As the conversation unfolds, Chris and Delilah shine a spotlight on the regulatory intricacies surrounding the use of Generative AI. The dialogue traverses the complexities organizations may encounter as they navigate compliance within this rapidly evolving landscape.Cybercriminals, ever vigilant, are not far behind. Chris and Delilah share critical insights into how threat actors can exploit and manipulate Generative AI solutions, not only as a tool to optimize and accelerate their malicious operations, but as a target for the attack itself.Lastly, gain insight into the global efforts to regulate the deployment and utilization of Generative AI, and an exploration of the strategic endeavors aimed at striking a balance between innovation and security.Don't miss out on this enlightening conversation as Chris Strand and Delilah Schwartz provide a comprehensive guide to navigating the intricate landscape of Generative AI within the realms of cybersecurity and GRC. Tune in for insights, revelations, and a deeper understanding of the dynamic forces at play.

In the dynamic realm of cybersecurity, safeguarding against threats and adhering to regulations pose paramount challenges for organizations. In this first segment of our two-part podcast episode, we're joined by Chris Strand, Chief Risk and Compliance Officer at Cybersixgill. Leveraging his extensive background as a former security auditor, Chris imparts invaluable insights into the intersection between Governance Risk and Compliance (GRC) and Cyber Threat Intelligence (CTI).Drawing a parallel to dental check-ups, Chris emphasizes GRC's significance in maintaining comprehensive cyber hygiene. No one jumps for joy at the prospect of an audit, much like visiting the dentist's office, but it's a crucial task that organizations must undertake. The key, according to Chris, is to make the audit process as smooth and painless as possible, akin to a quick dental check-up rather than a time-consuming root canal.Chris delves into practical best practices that organizations can implement to streamline the audit process. He emphasizes the pivotal role of attack surface management and threat intelligence, particularly vulnerability exploit intelligence. These practices not only ensure compliance with cybersecurity mandates but also help organizations identify areas that need protection and bridge security gaps. Furthermore, they enable effective vulnerability analyses and prioritization, justifying decision-making while providing an intelligence audit trail for stakeholders and auditors.Reflecting on the evolution of the cybersecurity landscape, Chris and Delilah discuss the shifting dynamic between risk management and threat intelligence functions within organizations. While they used to operate in separate silos, recent years have witnessed a significant increase in cooperation between these functions. This collaboration not only enhances an organization's overall security posture but also facilitates a more efficient audit process.Tune in to the first part of this engaging podcast interview as Chris Strand brings his wealth of knowledge to the forefront. Gain insights into the strategic integration of GRC and CTI, discover practical approaches to navigating audits, and learn how organizations can foster a proactive cybersecurity culture while meeting regulatory demands.Stay tuned for Part 2 of this illuminating conversation, where Chris dives deeper into the nexus of GRC, CTI, and the world of Generative AI.

In this episode of Defending Against the Dark, our host Delilah Schwartz sits down with Offir Levy, Vice President of Healthcare Sales EMEA for Medigate by Claroty. Join us as we delve into the crucial topic of cybersecurity within the Healthcare industry and explore the challenges that healthcare organizations face in safeguarding their digital assets, devices and patient data from malicious cyber criminals.Together, Delilah and Offir examine the evolving landscape of cyber threats and shed light on the unique vulnerabilities that healthcare institutions encounter in their pursuit of delivering quality patient care.Discover the far-reaching implications of cyberattacks in the healthcare space and gain valuable insights into the proactive measures that can be implemented to fortify defenses against malicious actors. From ransomware attacks to the rise of IoT devices in healthcare settings, this episode offers a comprehensive exploration of the multifaceted challenges and potential solutions.