The Cyber Insider

This month’s guest on the Cyber Insider is Daryna Antoniuk. Daryna is a reporter for Recorded Future News based in Ukraine. She writes about cyberattacks and cyber policy in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously worked as a tech reporter for Forbes Ukraine. Her work has also been published in The Kyiv Independent, The Kyiv Post, and Sifted. Daryna sheds light on the unique challenges faced by journalists reporting from a country at war. She emphasizes the mental toll it can have, particularly due to the prolonged nature of the conflict. Despite these difficulties, our guest highlights the resilience and determination of journalists in Ukraine. Ukraine has been a frequent target of cyber attacks, with varying intensity and complexity. The Ukrainian Emergency Response Team reported over 2,500 cyber incidents in 2023 alone, indicating the scale and frequency of attacks. Daryna emphasizes the need for caution when reporting on cyber events, as misinformation and disinformation are rampant in this domain. The importance of independent analysis and verification when reporting on cyber events, particularly in the context of the Ukraine-Russia conflict, cannot be overstated. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Guest: Daryna Antoniuk – Twitter @daryna_antoniuk Intro/outro music: “Intro funk” by Lowtone.

This month’s guest of the Cyber Insider is Ryan Chapman. Ryan is the author of SANS Forensics FOR528: Ransomware and Cyber Extortion along with a Certified Instructor for SANS. In his day job, he functions as a consultant for threat hunting and incident response. Ryan often presents at conferences, including running workshops the last 4 years running at DefCon. In his free time he spends time with his daughter watching anime, plays plenty of Street Fighter, and enjoys playing retro video games. Ryan highlights the significance of security fundamentals in preventing cyberattacks. He emphasizes that many organizations still struggle with basic security practices, such as implementing multi-factor authentication (MFA) and patching vulnerabilities. In this podcast episode, we also touch on the topic of understanding cybercriminal mindset and how it can help in the fight against ransomware: "Engaging with cybercriminals through interviews can help humanize them and provide valuable insights into their motivations and tactics." By conducting interviews and engaging with threat actors, researchers and law enforcement agencies can gain valuable insights into their mindset and strategies. Our guest cites the example of ransomware actor Wazawaka, who has been known to provide interviews and share insights into the ransomware landscape. These interviews not only shed light on the tactics employed by cybercriminals but also provide valuable information for prevention and mitigation strategies. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

This month’s guest of the Cyber Insider is Azim Khodjibayev. With over a decade of experience in intelligence analysis, Azim has focused on Russian APT and cybercrime activity, particularly in the realm of ransomware. He shares his insights on the current state of cyber threats, the impact of recent breaches, and the future of cybersecurity. One notable trend observed in 2023 was the splintering of cybercriminal groups. Azim highlights how these groups can quickly switch affiliations and work with multiple organizations simultaneously. This flexibility allows them to evade detection and maximize their impact. Azim suggests that this splintering may be a response to increased law enforcement activities and the need to adapt to changing circumstances. Law enforcement efforts have seen some success in recent years, with notable takedowns of cybercriminal groups like ALPHV/BlackCat and Hive. However, the impact of these actions on cybercriminal operations is a subject of debate. Azim acknowledges that short-term disruptions can occur, as cybercriminals assess the risks and adjust their strategies. However, he emphasizes that the allure of quick financial gains and the addictive nature of cybercrime make it unlikely for these individuals to abandon their activities permanently. Azim states, "As long as they have access to computers, as long as they have access to their communication channels, they're going to come back, and they'll do it a little bit better, a little bit more sophisticated." As cyber threats continue to evolve, it is essential to equip individuals with the knowledge and skills to protect themselves and their organizations. Azim emphasizes the importance of cybersecurity education, particularly for the younger generation who are increasingly reliant on technology. Azim explains, "It would be really nice to see middle school classes, for example, about online safety... treating it as bad as we treat all the other safety stuff." As we enter 2024, the cybersecurity landscape remains challenging. While progress has been made in disrupting cybercriminal operations, the battle is far from over. Azim believes that the rate of learning and collaboration among cybersecurity professionals is a positive sign. However, he cautions that the worst is yet to come, as cybercriminals become more sophisticated and globalized. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

This month’s guest of the Cyber Insider is Allan Liska, Senior Security Architect and Ransomware Specialist, Recorded Future. With more than 20 years of experience in ransomware and information security, Allan Liska has improved countless organizations’ security posture using more effective intelligence. Liska provides ransomware-related counsel and key recommendations to major global corporations and government agencies, sitting on national ransomware task forces and speaking at global conferences. Liska has worked as both a security practitioner and an ethical hacker at Symantec, iSIGHT Partners, FireEye, and Recorded Future. Regularly cited in The Washington Post, Bloomberg, The New York Times, and NBC News, he is a leading voice in ransomware and intelligence security. Liska has authored numerous books including “The Practice of Network Security”, “Building an Intelligence-Led Security Program”, “Securing NTP: A Quickstart Guide”, “Ransomware: Defending Against Digital Extortion”. “DNS Security: Defending the Domain Name System” and “Ransomware: Understand.Prevent.Recover.” He is also the creator of the first ransomware-themed comic book, Yours Truly, Johnny Dollar. In this thought-provoking discussion, Allan shares his thoughts on the current state of cyber insecurity, the role of the cybersecurity industry, and the challenges posed by ransomware. He also explores potential solutions and strategies to combat this growing threat. "I think the International Ransomware Task Force has been doing a lot of great work with information sharing. We need to bring more countries into that and improve that information sharing so that we can arrest these people wherever they are." Allan shares his insights on the rise of ransomware variants and the increase in ransomware extortion sites. This conversation also touches on the effectiveness of law enforcement efforts, the role of cyber insurance companies, and the presence of ransomware actors on social media platforms. Our guest concludes by suggesting diplomatic and law enforcement actions to disrupt the support structure for ransomware operators and the need for stricter reporting requirements for ransom payments. "If you pay a ransom, you have to report it before you pay the ransom again. If nothing else, maybe we can get some law enforcement tracing". All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

This month we welcome Ian L. Paterson on the Cyber Insider podcast. Ian is an entrepreneur with 10+ years of experience in leading and commercializing technology companies. Paterson has raised millions of dollars in private and public financing, completed international M&A transactions, and is co-inventor of 3 patents on digital identity and data analytics. As CEO of Plurilock, Paterson successfully built and grew Plurilock, leading to its successful public listing on the Toronto Stock Exchange Venture. Previously Paterson served as founder and CEO of data monetization platform Exapik (acquired), and as Director of Insights for Terapeak (acquired), a venture-backed analytics firm. Paterson is a regular speaker, media commentator, and active angel investor. Hosts Brett Callow and Luke Connolly discuss the role of artificial intelligence (AI) in cybersecurity with our expert guest. Ian explains that while AI has its strengths in processing large amounts of data and making determinations based on patterns, it also has its limitations in areas such as content sensitivity, context sensitivity, creativity, and innovation. However, he notes that AI is evolving rapidly and becoming more capable in areas like creativity, as seen with tools like ChatGPT and OpenAI's image creation tools. Ian emphasizes that AI is a valuable tool for processing large amounts of data in cybersecurity, particularly in areas like threat detection and response. Regarding the ethical implications of AI in cybersecurity, our guest discusses the importance of data ownership and rights. He highlights the need for organizations to be cautious about the data they feed into AI systems and ensure they are not accidentally leaking or granting permission to sensitive information. He also mentions the use of data loss prevention tools to mitigate these risks. "AI is an equal opportunity tool. It's not just going to be used by the good guys, it's going to be used by the bad guys as well." In terms of future trends, Ian predicts that there will be multiple AI systems in use, both public and private, within organizations. He believes that each team, individual, and domain will have their own AI system, and organizations will have more control over the models and data used. He also anticipates the emergence of new applications and use cases for AI in cybersecurity that we may not have thought of yet. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft

This month we welcome David Shipley on the Cyber Insider podcast’s latest episode. David is a recognized global expert in cybersecurity, regularly speaking at public and private events around the world and frequently appears in national and regional media to address cybersecurity stories and topics. David co-founded Beauceron Security in 2016 with an innovative approach to cybersecurity awareness and risk management which empowers everyone within an organization to know more, and care more, about their key role in protecting against cyber-attacks. Beauceron Security now serves more than 700 clients across North America, Europe, and Africa with 650,000+ end-users. He continues to lead the company as CEO. Prior to co-founding Beauceron Security, David was the security lead for the University of New Brunswick and developed its incident response, threat intelligence and awareness practice. He is a Certified Information Security Manager (CISM) and holds a Bachelor of Arts in Information and Communications Studies, as well as a Master of Business Administration, from the University of New Brunswick. In 2023, David was awarded the Queen’s Jubilee Platinum Medal by the province of New Brunswick for his service in the Canadian Forces, work in cybersecurity, and for co-founding Beauceron Security. David is a former journalist and a Canadian Forces veteran. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

This month’s guest on the Cyber Insider is Ryan Weeks. As the former Chief Information Security Officer (CISO) for Datto, Ryan built and piloted Datto’s industry leading Information Security program prior to the 2023 acquisition of the company. Currently, Ryan is advising IT Channel cybersecurity startups and is the Partner and Director of Content for Right of Boom, a cybersecurity education company purpose built for MSPs. Ryan loves sharing his knowledge and experiences of all things cybersecurity almost as much as he loves his family, fishing and surfing. The risk landscape for Managed Service Providers (MSPs) has undergone a significant transformation in recent years. Ryan highlights the pivotal year of 2018 when MSPs became a prime target for cyberattacks. He explains, "There was a large spate of attacks against MSPs, and it completely turned the risk landscape on its head." This shift in focus by threat actors towards MSPs has created unique challenges for the industry. Ryan emphasizes the importance of understanding the threat landscape and the need for MSPs to adopt a threat-informed cyber defense approach. He states, "You can't have an effective cyber defense if you don't have some resemblance of an understanding of your adversary and how they might seek to compromise your business." MSPs must be aware of the industries they serve and the specific threats they face to build resilient cybersecurity programs. Rather than viewing a breach as a failure, Ryan encourages organizations to see it as an opportunity for improvement. He states, "The breach isn't the bad thing; it's the motivation for us to make ourselves better so that when it happens, we're more prepared to operate through it." Adopting this mindset allows organizations to focus on building robust capabilities and response plans to mitigate the impact of cyber incidents. Looking ahead, the future of cybersecurity relies on continuous education, collaboration, and the development of robust capabilities. As our guest aptly puts it, "The breach isn't the bad thing; it's what you do when you get breached that matters." With the right mindset, knowledge, and proactive measures, organizations can turn cyber incidents into opportunities for growth and improvement in the ever-changing world of cybersecurity. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

This month we welcome Sherrod DeGrippo on the Cyber Insider podcast’s latest episode. Sherrod is Director of Threat Intelligence Strategy at Microsoft. She was selected as Cybersecurity woman of the year in 2022 and Cybersecurity PR Spokesperson of the year for 2021. Previously, she was VP of Threat Research and Detection at Proofpoint, where she led a global team of threat researchers, malware reverse engineers and threat intelligence analysts. Her career in cybersecurity spans 19 years with prior roles including leading Red Team Services at Nexum, senior solutions engineer for Symantec, senior security consultant for Secureworks, and senior network security analyst for the National Nuclear Security Administration (NNSA). She is a frequently cited threat intelligence expert in media including televised appearances on the BBC news, and commentary in the Wall Street Journal, CNN, New York Times, and more. Having presented at Black Hat, RSA conference, RMISC, BrunchCon, and others, Sherrod is a well-known public speaker. In her personal time, Sherrod spends time with her rescue dog Boris Karloff. Threat intelligence can provide insights into the tactics, techniques, and procedures used by threat actors, allowing organizations to better protect themselves. However, the use of threat intelligence varies depending on an organization's maturity level and ability to effectively utilize the information. Sherrod highlights the role of threat actor psychology in understanding their motives and objectives. She discusses the evolving nature of threat intelligence and the need for organizations to evaluate its value and determine how it can be used to enhance their security posture. Additionally, this episode explores emerging trends such as the potential use of AI by threat actors and the increasing involvement of CFOs in security decision-making. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

This month we welcome Jackie Burns Koven as a special guest on the Cyber Insider podcast. Jackie is the Head of Cyber Threat Intelligence at Chainalysis, leading the team tracking cybercriminals and nation state actors stealing, scamming, and extorting cryptocurrency. She is also a member of the Ransomware Task Force, which unites key stakeholders across industry, government, and civil society to innovate new solutions countering the ransomware threat. Prior to joining Chainalysis, she served in the U.S. Intelligence Community. One of the key aspects of blockchain technology is its transparency. Unlike traditional bank transfers, cryptocurrency transactions are visible to anyone on the network. Threat actors typically rely on cryptocurrency exchanges or services to convert their funds into currency or stablecoins. However, Jackie notes that the number of exchanges used by threat actors has consolidated rapidly due to increased scrutiny and the detection of illicit activity: “Because of this steady and unpredictable takedown and action against these exchanges that were providing laundering services for ransomware actors, ransomware actors have less and less options and places to put their funds. So in addition to exchanges, we're actually seeing more threat actors that are just holding on to the fund, just sitting on it in private wallets, whether that's because they're paranoid or unsure of trusting their funds into centralized services because of the risk of the funds getting frozen or the full service getting taken down.” When discussing potential solutions to the ransomware problem, our guest emphasizes the need for a concerted effort from governments, private sector entities, and the cybersecurity community. Jackie acknowledges the progress made in preventing bad actors from cashing out and the increased sharing of information through public advisories: "And I think there's been great gains made by global governments on making it harder for bad actors to cash out, on identifying centers of gravity, figuring out ways to notify victims in advance, helping private and public sector entities harden their defenses, get the training they need, getting back." All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

In this episode we’re excited to host Dmitry Smilyanets, the Director of Product Management at threat intel company Recorded Future. Prior to that Dmitry was a Russia-based hacker who was indicted and extradited to the United States for his role in a cybercrime scheme – he was the manager of the largest hacking group ever prosecuted in the United States. Having been both a black hat and a white hat, he has fascinating perspectives which we uncover during this month’s release of the Cyber Insider. When asked about his unique background, Dmitry had this to say: "I think that my background gives me a unique perspective on the world of cybercrime. I understand the motivations and tactics of hackers in a way that many cybersecurity experts do not. At the same time, I have seen the consequences of these actions firsthand and know how important it is to protect against them." One of the most surprising things about the world of cybercrime is how organized and business-like it can be. Dmitry described some of the groups he encountered as having entire offices, complete with marketing teams, HR departments, and money laundering operations. This level of organization makes it all the more difficult to track and prosecute cybercriminals. When it comes to cybercrime, the role of governments can be complex and varied. Some governments actively encourage hacking groups, while others turn a blind eye. Dmitry noted that in Russia, the government is unlikely to actively protect cybercriminals, but will prosecute them if they commit crimes within the country: "Russia will not prosecute you if you hit America, but if you accidentally use Russian infrastructure or stole some credit cards from Russians or even used stolen credit cards in Russia, they'll have enough to prosecute you, put you for two, three years in pretrial detention." All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

In this episode we’re excited to host Katie Moussouris, the founder and CEO of Luta Security, a company that helps organizations implement and manage bug bounty programs. Prior to starting Luta Security, Katie worked with companies including ATstake, Symantec, and HackerOne. She’s a hacker, an advocate for gender and economic equality, a cybersecurity fellow at New America and the National Security Institute, and an advisor to the US government. With extensive experience in bug bounty programs, our guest shares her perspective on common mistakes in bug bounty and vulnerability disclosure programs: “You want to be able to hire and recruit people who will be able to prevent and also spot and fix those bugs while the software is being developed. If you weigh too heavily on the reward side of things and reward only the bugs that remain, after all of those secure development processes, you've actually set yourself up for a perverse incentive and you're going to gut your own hiring practices”. The discussion goes to explore solutions to combat ransomware and what organizations should do in case of an attack: “I don't think putting that much of a burden on the victims is really going to result in what you want, which is to shine more of a light on who needs help and who needs to warn their users that there was a material breach like that. So I would say it's about requiring notification upon payment of ransomware that we should focus, at least on the victim’s side”. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

Our guest in this month’s episode of the Cyber Insider is Meredith Griffanti, the Global Head of Cybersecurity & Data Privacy Communications at FTI Consulting. Ms. Griffanti has worked on some of the most high-profile and highly sensitive data breaches around the world and has successfully navigated responses to incidents such as business email compromise, phishing and spear phishing, DDoS, credential stuffing, nation-state, critical infrastructure and major, double-extortion ransomware attacks. Ms. Griffanti shares her experience in navigating crisis communications, refining incident response plans and the lessons learned from some of the most high-profile breach incidents known. Our guest advises companies to think about what their worst enemy could do to them and to practice their plans more than once a year: "So when we were thinking about responding to hundreds of media inquiries, there was no ultimate decision maker on things and eventually we got there. But those types of roles, responsibilities, escalation protocols and processes, those are the things you want to have down in your playbooks now, before an incident happens". The conversation touches on the most common communications mistakes that companies make when facing a breach: "We see companies prolong the news cycle by saying it was an outage and then moving to security incident, then moving to cyber attack, then ultimately ripping the band aid off and saying it was ransomware". All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

This month’s special guest is Ciaran Martin, CB, the former CEO of the UK’s National Cyber Security Centre, a Professor of Practice at the Blavatnik School of Government at the University of Oxford, as well as managing director at Paladin Capital and the holder of several other advisory roles in private sector cyber security. In our conversation with Ciaran, we touched on the role of the government in cyber security: intervention in the market, managing incidents, and setting a good framework. The conversation discussed the risks associated with offensive responses in dealing with nation-state threats, cybercriminals, and ransomware operators. Our guest shares his insights and opinions on subject matters such as regulation in cybersecurity, ransom payments and cyber insurance: “We see that some companies are having their insurance companies say that you have to have this set of cyber defenses, you have to have EDR, you have to have this or that, so they can pressure industry to take on cyber defenses. But at the same time, some people really feel that cyber insurance has contributed to the ransomware problem”. All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.

The Cyber Insider welcomes John Hammond as a special guest to discuss the latest in the cybersecurity landscape. John is a cybersecurity researcher, educator, content creator, and part of the Threat Operations team at Huntress. John provides insightful commentary on topics such as cybersecurity hygiene and best practices, and the common mistakes MSPs make when it comes to cybersecurity. The discussion touches on hot topics such as the global cyber war, hacktivism: “We've all been thinking about and wondering, is it ever going to happen? What's the cyber war going to look like? Was this the cyber war?”. And yes, ChatGPT was also on the agenda. All this and much more is discussed in the first episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years. Subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity. Hosts: Luke Connolly – partner manager at Emsisoft Brett Callow – threat analyst at Emsisoft Intro/outro music: “Intro funk” by Lowtone.