Privacy vs. Security: Navigating the Challenges of Cyber Risk with Ben Goodman

Summary

In this episode of Chattinn Cyber, Marc Schein is chattin’ with Ben Goodman, the founder and CEO of CyRisk, about the evolution of cybersecurity and the growing concern of privacy in the industry. Ben shares his background in technology and his experience working with companies to improve their security and compliance.

They discuss the increasing importance of privacy in the cyber risk landscape, with privacy settlements surpassing security settlements in recent years. Ben emphasizes the need for organizations to focus on pre-incident planning, training, and preparation to mitigate privacy risks effectively.

When discussing how carriers are handling privacy risks, he notes that carriers are still figuring out how to underwrite the risk in a soft market. He highlights the challenge of carriers not having access to comprehensive data and organizations themselves often being unaware of their own exposures. He suggests that carriers should focus on differentiating themselves and finding ways to underwrite privacy risks effectively.

They also touch on the different industries and technologies that are more susceptible to privacy exposures. Regulated industries, such as healthcare, are under scrutiny and face regulatory actions and fines. Advertising and marketing technologies also pose significant risks, and organizations should take steps to mitigate these risks.

Ben explains how CyRisk helps policyholders with privacy issues through their platform. They offer real-time detection of exposures, analysis of policyholders’ active policies for compliance, and provide detailed reports with recommendations. CyRisk’s privacy attorneys contribute to building out the platform and offering solid advice to policyholders.

Looking ahead, Ben predicts that privacy risks will continue to be a significant issue. He mentions the increasing use of micro-targeting AI and the potential challenges it poses in terms of privacy and bias. Governments and regulators will need to keep up with these developments to protect individuals’ privacy.

Overall, the interview covers various aspects of privacy risks in the cyber risk landscape and provides insights into how organizations and carriers can address these challenges.

Key Takeaways

  1. Privacy is becoming a major concern in the cyber risk landscape, with privacy settlements surpassing security settlements. Organizations need to prioritize pre-incident planning, training, and preparation to effectively mitigate privacy risks.
  2. Carriers are still grappling with how to underwrite privacy risks in a soft market. Differentiation is challenging, and the lack of comprehensive data and organizations’ limited awareness of their own exposures pose difficulties.
  3. Certain industries, such as healthcare, are under scrutiny and face regulatory actions and fines due to privacy breaches. Advertising and marketing technologies also present significant risks that organizations should address.
  4. CyRisk offers a platform that helps policyholders with privacy issues. It provides real-time detection of exposures, compliance analysis of active policies, and detailed reports with recommendations. Privacy attorneys contribute to the platform, offering solid advice to policyholders.
  5. The use of micro-targeting AI poses challenges in terms of privacy and bias. Governments and regulators will need to keep up with these developments to protect individuals’ privacy. Privacy risks are expected to remain a significant issue in the future.

Key Quotes

“The confluence of privacy risk in cyber insurance and the associated cyber risk… there’s the data leakage part of it, there’s real data breach exposure with this privacy risk.”

“Last year, 2022 privacy settlements actually exceeded security settlements by about 180 million.”

“The more that organizations could do from a pre-incident perspective, from a planning and training and preparation, I think the better off they are.”

“A lot of carriers don’t really see the data. They don’t know how to get that data… relying on questionnaires only goes so far.”

“Regulated industries are clearly under a microscope… they’ve already shown that they’re taking action not just with investigations, but with fines and penalties, millions and millions of dollars.”

About Our Guest

Ben Goodman is the Founder and CEO of CyRisk Inc., a leading cybersecurity and risk management company. Prior to founding CyRisk Inc. in July 2018, Ben also founded and served as Chairman of 4A Security & Compliance, a company focused on helping organizations achieve security and compliance.

In addition to his entrepreneurial ventures, Ben is also a faculty member at Drexel University’s LeBow College of Business, where he shares his expertise and knowledge with aspiring professionals in the field of cybersecurity. With a passion for solving complex technology problems and managing security and compliance components, Ben has dedicated his career to helping organizations navigate the ever-changing landscape of cyber risk.

Ben’s extensive experience and deep understanding of the industry have made him a sought-after expert in the field. He has been featured in various podcasts, conferences, and industry events, where he shares his insights on topics such as privacy, data breaches, and the future of cybersecurity. Through his work at CyRisk Inc. and his contributions to academia, Ben continues to make significant contributions to the field of cyber risk management.

Follow Our Guest:

LinkedIn

About Our Host

National co-chair of the Cyber Center for Excellence, Marc Schein, CIC,CLCS is also a Risk Management Consultant at Marsh McLennan. He assists clients by customizing comprehensive commercial insurance programs that minimize the burden of financial loss through cost effective transfer of risk. By conducting a Total Cost of Risk (TCoR) assessment, he can determine any gaps in coverage. As part of an effective risk management insurance team, Marc collaborates with senior risk consultants, certified insurance counselors, and expert underwriters to examine the adequacy of existing client programs and develop customized solutions to transfer risk, improve coverage and minimize premiums.

Follow Our Host:

Website | LinkedIn

Underwriting and The Future Of Cybersecurity With Marcin Weryk

In this episode of CHATTINN CYBER, Marc Schein interviews Marcin Weryk, Head of Business Development at Coalition Inc. The duo get into underwriting, cyber risks, and the future of cybersecurity, among other discussions on business and the changing world.

Marcin began by providing background on his upbringing, sharing that he was born in Poland and raised in Brooklyn. He also mentioned his journey to becoming a renowned cyber underwriter after graduating from St. John’s University with a major in finance and later participating in a training program at CNA to gain knowledge in the insurance industry. The training program ultimately led to his placement on CNA’s cyber tech NPL team and his entry into the field of cyber insurance.

Marcin stresses the importance of having a strong underwriter in the team who’s knowledgeable in both analytics and marketing. The key for underwriters is to not only be creative and thorough but also reliable and trustworthy. It is also critical to learn to interpret and analyze data in cybersecurity.

Further in the conversation, Marcin mentions Coalition and introduces it as the most innovative insurance company for reasons including its careful and correct analyses of data and the risk selection and prevention mindset of its employees. At its core, Coalition is a technology company that uses data more effectively than other insurance companies.

Marcin also shares two concerns businesses will face in the coming years. One is the need to improve the quality of data collection and utilization to reduce cyber risks. The second was about the data currently being used to underwrite better from a loss perspective, which leads to many issues. Business controls are essential in underwriting and risk mitigation.

He wraps up the conversation by highlighting the future of cyber issues, focusing on two of the most pressing issues: the exposure of systemic failure and privacy concerns.

Listen to the conversation for more details!

Highlights:

“I think what’s different about Coalition is the ability to understand that learning from data is important. And learning from data is even more important in the ever-changing space of cybersecurity. I think we at Coalition differentiate in that we are continuously making sure we look at risk selection and risk prevention. From a forward-looking perspective, not a backward-looking perspective.”

“And I think that’s the big differentiation is, most people are stuck looking backward, Coalition is good at looking forward. And I think that is what drives our value. The other part that’s been imperative to the growth and success of Coalition and others in this space that is leaning on data better, is the concept of continuous monitoring.”

“One is the systemic failure exposure that we’re all dealing with. I personally think that the marketplace will evolve into a space where there will be standard coverage, and yet also separate catastrophe cyber coverage. I don’t think that that’s that far in the future. Just for clarity purposes, I think many people will be interested in that type of cover. The other one that some people have started to speak about, but I don’t think it’s getting as much attention as it should is privacy as a peril.”

Time-Stamps:

[01:08] – How did Marcin become a cyber underwriter and how did he get involved in cyber?

[02:53] – Important roles of an underwriter

[04:43] – What is so unique about Coalition and how they are the most creative insurance company?

[07:42] – What made Marcin go to the technology from phenomenal insurance carriers?

[10:33] – Challenges and cyber risks businesses are going to face in the next two years that concerns underwriters

[13:52] – How important are controls for a business?

[16:10] – Some of the future issues we may be facing

Connect with Marcin:

LinkedIn: https://www.linkedin.com/in/marcin-weryk-828a1a6/

 

Economic Sanctions, Cyber Law Enforcement, And Private-Government Collaboration For Cyber Protection With Emil Bove

In this episode of CHATTIN CYBER, Marc Schein interviews Emil Bove, Trial and Investigations Lawyer at Chiesa Shahinian Giantomasi (CSG). Emil has extensive experience working in both the public and private sectors, starting his career as an assistant United States attorney specializing in cyber risk. Today, he speaks about the new sanctions announced against Russia following the invasion of the Ukraine, why Russia might push its financial transactions and assets into the crypto space, cyber enforcement trends pertaining to the same, and the recent collaboration of the private sector and the government sector for speedy cyber law enforcement and protection.

Recently, in the aftermath of the Russian invasion of Ukraine, the US Treasury department announced a lot of sanctions against Russia. One result of that is that banks are trying to comply with the sanctions on both US financial institutions and international institutions, identifying their exposure to the sanction parties, sanction relationships, and figuring out how to address that exposure – whether that’s blocking assets in some instances, or ending client relationships in others. Secondly, we’re anticipating mechanisms for any sanction party to engage in sanctions evasion and access the international financial system and even the US financial system directly through correspondent accounts. Sanction parties need to innovate. Russian parties are also expected to push financial transactions and assets into crypto.

Emil also discusses the trends in cyber enforcement. With Russia likely to venture into the crypto space, care needs to be taken while enforcing sanctions as not everybody is a Russian actor. Clients have to be sensitive to sanctions compliance. Recently, the OFAC has been sanctioning crypto service providers, some of which are based in Russia, who are non-compliant with US expectations for transparency and staying away from ransomware. Both on the regulatory and criminal sides, the government will be looking at public examples of non-compliant actors who are not seeking to implement the sanctions intended to choke back on Russia’s access to the financial system.

Another thing Emil talks about is the private sector’s collaboration with the government in connection with the above sanctions. He predicts that the partnership will be significant because the technological expertise of the private sector can help speed up the government’s work. The technologies used so far have repeatedly shown themselves reliable and trustworthy and have generated accurate results.

For more, tune in to today’s episode!

Highlights:

“There’s a cyber component to the banks trying to comply with the sanctions to both US financial institutions and really international institutions, taking a look at what OFAC is doing. And identifying their exposure to these now sanctioned parties and sanction relationships, and figuring out how to address that exposure, whether that’s blocking assets in some instances, or ending client relationships in others.”

“There are a few understood mechanisms for any sanction party to engage in sanctions evasion, to access the international financial system, and sometimes even the US financial system directly through correspondent accounts. Sanction parties are going to need to take some new steps to do some innovation. And I think that one way that we’re going to see that is Russia as a sovereign, and also just sanctioned Russian parties over there are going to push financial transactions and assets into the crypto space.”

“There’s then now a public opinion that sort of authorizes and endorses law enforcement collaboration with the private sector and use private sector tools in a sophisticated and developing space where government technology, especially in the law enforcement side, may not be quite as up to speed as where the more well resourced private sector parties are endorsing that and I think you’ll see that going forward.”

Time-Stamps:

[00:43] – The journey to becoming an assistant United States attorney
[19:45] – About the US Treasury Department announcing sanctions against Russia [21:49] – The biggest things around cybersecurity being ignored right now
[29:58] – Closing thoughts

Connect with Emil:

Website: https://www.linkedin.com/in/emil-bove-0113347/

The Russian-Ukrainian War Is A Lesson On Information Security and Leverage With Greg Radabaugh

In this episode of CHATTIN CYBER, Marc Schein interviews Gregory Radabaugh about his wide range of experience in the military and information security, what the Russian-Ukrainian war illuminates about information security, and the essential practices civilians and security forces must equally adopt to strengthen cybersecurity.

Retired Air Force veteran of 30 years, Greg comes with a repertoire of wealth that ranges beyond overseas reconnaissance missions. He has experience as a DOD civilian, a Defence Intelligence Agency analyst, senior Information Operations planner for the Air Force ISR agency (Intelligence Surveillance Reconnaissance), Director of the Joint Information Operations Warfare Centre, and many high-importance controlled defence and intelligence roles. But after finally retiring from the Department of Defense after 44 years, Greg has founded his own consulting company, Greg Bear Consulting.

With the ongoing Russian-Ukrainian war always keeping world tensions high, Greg suggests you give “Unrestricted Warfare by Colonel Qiao Liang and Colonel Wang Xiangsui” a read for learning in depth about permanent warfare and the absence of a difference between civilian and military targets in the Ukraine-Russia war. Noting from the war updates, Greg shares that although Russia seems to be focussing on justifying their actions to their internal audience, making them see that all is being done to protect them, Ukraine is focussing on the external audience, primarily the West, trying to gain support from the US, NATO, and others providing material, financial, and medical support. He also discusses how both the countries are gathering and making use of commercially available data for warfare – from tracking locations, to cellphone ranges, and a whole lot more. Everything happening in the war is striking from an information perspective.

The civilian sector, he adds, must prepare for war at this point as they could be used to incite or escalate conflict. There could be Denial Of Service attacks, deception, and other planned operations to impact the military by attacking people relevant to its personnel. Families of military personnel are especially targeted by these attacks. This is a side most people aren’t prepared for.

In conclusion, Greg shares that the civilian private sector needs to start thinking about security the same way the military does – for operational security. Using mobile phones and cameras in essential meeting places, not considering the secondary and tertiary access points in places, are a couple of the many things that go unnoticed. For more about it, tune in to this episode with Greg!

Highlights:

page1image12665408 page1image12665984

“The Western concepts of the law of armed conflict relying on Westphalian concepts of chivalry, interior, and territorial integrity, and what constitutes an armed attack don’t apply to our adversaries and potential adversaries in the information environment.”

“Think about how to provide operational security to your business. And then think about how do you shut down our second and tertiary information leakages and then decide, how do I mitigate this threat by doing things, for example, having an offline backup of my network, or having a secondary network that’s offline that can go online immediately, if your primary one goes down?”

“A greater awareness of these operations in the information environment is crucial to private sector success of industrial control systems, security is going to be absolutely critical to maintaining our first world environment that we live in and enjoy today.”

Time-Stamps:

[00:40] – Greg’s early life and founding Greg Bear Consulting [05:29] – Where to connect with Greg
[06:26] – What’s happening with the Russian-Ukrainian war?
[15:19] – Should the civilian sector prepare for a conflict at this point?         [20:42] – What can you do to protect yourself from cyber attacks?

Connect with Greg:

Website:

https://www.af.mil/About-Us/Biographies/Display/Article/108843/gregory-c-rada baugh/

Understanding Ransomware Double, Triple, and Quadruple Extortion With Brad LaPorte

In this episode of CHATTIN CYBER, Marc Schein interviews Brad LaPorte, former top-rated Gartner Analyst for cybersecurity, veteran US Cyber Intelligence, and product leader at Dell, IBM, and several startups. He is currently the Advisor at Lionfish Tech Advisors and Partner at High Tide Advisors, apart from being the Board Advisor at 4 early-stage startups – NetRise, rThreat, RunSafe Security, and TBD. He is also the author of the recently released cybersecurity book, The Rise Of Cybercrime. Today, he discusses the reasons for the increasing number of ransomware attacks worldwide and the measures to avoid or mitigate the risks from the same.

Explaining the increasing number of ransomware attacks, Brad shares that these days, all that is required to extort money from organizations is access to a keyboard on the internet. The barrier of entry to systems has been reduced. Additionally, over 98% of ransomware is paid out in Bitcoin, which is difficult to track. Starting November 2019, double, triple, and quadruple extortion tactics have started to be used, which has also added to this.

Double, triple, and quadruple extortion tactics can be explained hence:

  1. Double extortion is the exfiltration of sensitive data. So, companies are forced to pay the attackers despite having the encryption key or backup data.
  2. Triple extortion is when attackers disrupt the critical operations of organizations involved in, say, manufacturing, healthcare, or education. The criticality of the attack makes organizations highly likely to pay the attackers.
  3. Quadruple extortion is when attackers directly attack your customers or key stakeholders also. Also called supply chain attacks, they are like a force multiplier and cause an exponential increase in the damages.

Answering the question of whether or not to pay when ransomware attackers demand you to, Brad explains that one must try their best not to unless they’re left with no other choice. He also touches on the best cybersecurity practices to follow to mitigate the risks due to the attack, like the 12 key controls given by Marc around cyber resilience. He adds that even though the actual amount paid to ransomware attackers is coming down over time, the number of threat actors is increasing with the decrease in their barriers of entry.

One of the most overlooked reasons for cyberattacks is that over half of the organizations worldwide don’t know about the assets they have in their environment, the third-party vendors and other organizations associated with them, and over 75% manage everything through an Excel spreadsheet as their asset inventory database.

page1image62169536 page1image62163584

Care must be taken to ensure organizations are well aware of their assets, as these could be one of the easiest ways for attacks to happen.

For more, tune in to today’s episode!

Highlights:

“In trying to extort money from organizations, ultimately, all you need is access to a keyboard on the internet. So if you look at some of them (attackers), the people that can actually wreak havoc on organizations are quite vast.”

“Even though the actual numbers of payments are going down and declining… The amount of groups are increasing because of that low barrier of entry and actually increasing it over time. ”

“Over half of (the) organizations don’t know what assets they have in their environment, and over 75% actually manage everything out of an Excel spreadsheet as their asset inventory database.”

Time-Stamps:

[02:33] – Why are ransomware attacks increasing?
[07:15] – Should you or should you not pay when ransomware attacks require you to? [09:45] – The biggest things around cybersecurity being ignored right now
[12:49] – Get in touch with Cory

Connect with Brad:

Website: https://www.linkedin.com/in/brad-laporte/

Using Social Media To Educate The Public About Cybersecurity With Dana Mantilia

In this episode of CHATTIN CYBER, Marc Schein interviews Dana Mantilia, an online cybersecurity educator with an identity theft protection background. She discusses getting into the cybersecurity space, becoming a social media marketing and cybersecurity expert, and the challenges and opportunities in the industry.

Dana joined cybersecurity in the identity theft protection world in 2017, developing a product for the same (called Identron). Gradually, she realized the need and the lack of education in the industry. That was also when the idea of doing some LinkedIn videos about the same for educational purposes came to her. As she continued on the same, COVID happened; and with it, she introduced online training for non-technical employees and has since become one of the most marketed cybersecurity individuals in the US.

Dana moves on to discuss IT and cybersecurity. Addressing the gradual movement of IT professionals into cybersecurity, she explains that the two are still very different fields. She emphasizes that the two departments need to list their responsibilities and ensure they don’t get mixed up.

Discussing the importance of cybersecurity training for employees, Dana shares that it’s easy for cybercriminals to trick an employee into hacking a computer system; hence, training methods must be given importance. She adds that although some of the training can be handled with technology, a lot of it needs to be done in person to make employees remember it for longer.

Dana also discusses the most significant challenges faced when working with non-technical cybersecurity people. The most significant challenge is communication, i.e., speaking in layman’s terms. She explains the disconnect when a lot of jargon gets thrown around, and the person listening cannot understand it. Work needs to be done to better this situation.

Tune in to this episode for more learnings about cybersecurity and social media marketing from Dana!

Highlights:

“My thought process with cybersecurity is it’s still not being embraced by the private sector, just starting to be really held feet to the fire with the government side of things. So this is the time to really build their online presence over the next three to five years. And then when everybody is forced to embrace cybersecurity, they’re

page1image12702976 page1image12675200

going to be the first ones that are going to be seen as an authority and they’re going to be able to gain more clients.”

“My videos are very short, very focused. And if I can I add a little bit of humor into them. And just hoping that people are going to remember what the point is that I was talking about in there.”

“One of the biggest problems is that the technical people that handle the cybersecurity aspect of things, they’re extremely intelligent people. But their communication skills, when it comes to speaking to somebody in layman’s terms, is not always there’s a disconnect there.”

Time-Stamps:

[01:02] – From Connecticut to the most marketed cybersecurity individual in the US: Dana’s journey
[03:14] – What can cybersecurity folks do to help grow their network?
[05:32] – Why businesses must invest in cybersecurity training

[10:47] – The biggest challenges in dealing with non-technical cybersecurity people

Connect with Dana:

Website: https://www.cyberdana.com

The Role of Managed Service Providers for Cybersecurity with Thomas DeMayo

In this episode of CHATTINN CYBER, Marc Schein interviews Thomas DeMayo, Principal in the Cyber Risk Management group with PKF O’Connor Davies, LLP. Thomas is the lead Cyber Risk Adviser and Auditor for the firm. He is responsible for implementing and designing the Firm’s Cyber Security service offerings, audit programs, and testing procedures. Thomas consults in IT governance, information security, threat and vulnerability management, privacy, and IT compliance. Today, he shares his backstory of getting into cybersecurity and what he’s learned from his journey so far.

Even as a kid, Thomas had a fascination for computers. After graduation, he ended up taking a job in network engineering at PKF O’Connor. Later on, he was asked to check on the firm’s systems, IPS, and calculations. That led him to shift to cybersecurity. And around 2006-2007, he already had clarity on what he was supposed to do going forward.

Thomas talks about the client benefits of partnering up with someone who has both cybersecurity resources and tax intellect. They can advise clients on a more cyber-specific path and help control their program. That’s invaluable to a lot of clients.

Towards the close of the conversation, Thomas talks about the future of a hybrid work environment. Hybrid working may or may not persist for a long time. But it is something that is not going to go away any time in the near future.

Quotes:

“Even as a kid, I was kind of always fascinated with getting the computer to do what I wanted.”

“We are those trusted advisors who are able to come in and say, yes, we can help you, we could advise you on a more cyber-specific path and help you control your program. That’s invaluable to a lot of clients.”

“When we’re helping them, we’re advising them on what they need, and that’s what matters; that’s the key thing.”

“You have to challenge them to make you understand what their cybersecurity program is, or at least ask them, show us what your basic cybersecurity policy looks like. I think that’s going to start to help you understand you even have a level of formality.”

“As the world wakes up and really starts to focus on this, they’ll start to look at that supply chain risk.”

“Some businesses based on their business model will realize that this really does work. Our employees are happier and are still productive; we don’t need to be in the office to do certain things.”

Time-Stamps:

[01:43] – Thomas explains how he got into the field of cybersecurity.

[03:58] – The benefits of partnering up with someone who has both cybersecurity resources and tax intellect.

[08:33] – Reasons why more clients are engaging in services related to cybersecurity.

[10:10] – Questions clients should be asking their Managed Service Provider.

[13:25] – Where do you see this hybrid work environment going in the next 18 months?

Connect with Thomas: 

LinkedIn: https://www.linkedin.com/in/thomas-demayo-002bbb71

Website: https://www.pkfod.com/people/thomas-demayo/

Email: tdemayo@pkfod.com

 

 

 

 

 

Top Three Cybersecurity Threats And The Industries Most Affected With Jennifer Coughlin, part 1

In this episode of CHATTINN CYBER, Marc Schein interviews Jennifer Coughlin, Founding Partner at Mullen Coughlin, a law firm exclusively dedicated to representing organizations facing data privacy events and information security incidents and the need to address these risks before a crisis hits. Jennifer focuses her practice solely on providing organizations of all sizes and from every industry sector with first-party breach response and third-party privacy defense legal services. In the first part of the conversation with Jennifer, we explore her journey to Mullen Coughlin, the top three cybersecurity threats organizations have faced in the past couple of years, and a detailed analysis of the industries most prone to the attacks.

Jennifer got into cybersecurity after John Mullen suggested the same to her decades ago, even before he got his first cyber case. They started their own cybersecurity firm Mullen Coughlin, which recently celebrated its fifth anniversary. Beginning with 13 attorneys, Mullen Coughlin expanded itself over the years and now has a team of 95 attorneys involved in data privacy and cybersecurity counseling. It is the largest privacy law firm in the US.

Cybersecurity breaches and vulnerabilities have increased in the recent decade. Jennifer lists the increase in incident response matters hence: In 2019, they had 2350 incident response matters, it grew to 3551 in 2020, and 3954 the following year. These numbers are not including the regulatory defense, litigation defense, and compliance.

The top three kinds of threats Mullen Coughlin handled in a recent couple of years have been ransomware attacks, business email compromises, and third-party events.

As Jennifer draws in from her organization’s reports, victim companies paid the attackers due to either of the following reasons:

  • The threat actor deleted the data, and the victim organization didn’t have backups because they were encrypted.
  • Or the victim organization had backups, but obtaining the key was quicker for restoration purposes.
  • 26% of the time, payments were made only for key and delete purposes.

As statistics from 2020 show, only 25% of organizations paid the attackers ransom. 75% of the organizations agreed to take the risk as they didn’t find it worth paying for a promise from a threat actor. The percentage of organizations making payments for ransomware attacks came further down to 18% in 2021, indicating considerable progress in cybersecurity.

After assessing the likelihood of different industries being hit with cybersecurity threats, Jennifer breaks them down into 10 categories. As per her reports, in 2021, the top 10 industries affected by cybercrime (from the highest percentage of cases to the lowest) were as follows:

  1. Financial and Professional services
  2. Manufacturing and Distribution
  3. Healthcare and Life Sciences
  4. Technology
  5. Hospitality and Entertainment
  6. Education
  7. Government
  8. Non-Profits
  9. Energy
  10. Others

Compared with the reports from 2020, the Manufacturing and Distribution industry remained at the second position. Evaluating the possible reasons for the consistently high levels of cyber threats in the industry, Jennifer says it could be because of inconsistent deployment of cybersecurity practices in organizations and a lack of thoroughness about cybersecurity safeguards, laws, and regulatory compliance procedures.

Now, what do the threat actors do with the acquired data? They put it out on the dark web or get it sold.

Listen to the episode to get detailed insight into the explained cybersecurity threats and figures!

Highlights:

“We are as successful as we are because of every single person on our team. And we recognize that everybody, recognizes that they are valued, and they are part of helping organizations through these really scary events, defending them in regulatory investigations and litigation and also helping them be better before they experience (cybersecurity threats).”

“Just because data is taken and you pay for a promise of deletion from the threat actor doesn’t mean if there’s protected data in that exfiltrated data, you get to absolve yourself, of having to notify under the laws that apply to you. You still have to notify, even though you’re getting a promise from a threat actor, it’s never going to be enough for a regulator when you find out you didn’t notice. ”

“We’ve seen ransomware really evolve over the past few years. And it’s evolved to a point where threat actors realize if they exfiltrate data, they will be able to put more pressure on the organization to pay, because, one, the organization needs access to their data, and two, they don’t want to experience potential reputational harm or damage if their data is leaked out on the dark web.”

Time-Stamps:

[00:53] – Jennifer’s way into cybersecurity

[03:43] – Why is the percentage of organizations paying ransom to threat actors low?

[10:36] – The organizations most prone to cyber attacks

[17:05] – Why the Manufacturing and Distribution industry continues to remain at the second position for the percentage of cyber threats faced

 

Connect with Jennifer:

 

Website: https://www.mullen.law/people/jennifer-a-coughlin/

Cyber Security Threats and Strategies – with Hon. Michael A.L. Balboni

In this episode of CHATTINN CYBER, Marc Schein interviews Michael A.L. Balboni, CEO of Redland Strategies Inc. Prior to Redland Strategies, Mike worked as a New York State Senator and chairman of Homeland Security and Law Enforcement committee.

Born in Burns Town New York, Mike studied law and had a unique experience of serving in the New York State Senate for 10 years. Afterward, he went to Albany where he was appointed the first chairman of the Senate homeland security committee. As a chairman of the 9/11 homeland security committee, he learned all aspects of homeland security including cybersecurity. By acknowledging the risks of chemical plants he created regulations for the infrastructure protection – by passing legislation and supervising the implementation process – by the department of homeland security and emergency services within New York City.

His firm, Redland Strategies, assists companies and government agencies to develop and implement security strategies to improve business performance and maximize growth. For example, in the cybersecurity space, he helps companies to develop strategies for data management, data processing, storage, cyber breach issues, threats from an energy perspective (mainly due to sensors that are used for energy digitization which are itself Internet Of Things (IoT) components), etc.

Additionally he talks about the threats of malicious-payloads taking over a physical operating system (cross over from IT to OT) – for example manipulation of a nuclear power plant via cyber-attack. This type of threat was faced by the Ukraine in 2017 when their 2 nuclear power plants were disrupted as a result of internet manipulation.

Mike also talks about the importance of home network security. He says that it is now more important than ever to secure home networks because our society is moving toward a home-based virtual-workforce and cyber threats are growing continuously. According to the FBI home routers are vulnerable, so it should be everyone’s focus to invest in a cyber-infrastructure and cybersecurity. Having said that, everyone should understand that cybersecurity is not a destination, it is a journey; you must continue to evolve because threats are evolving.

Lastly, he shares his thoughts about the impact of Covid-19 on large organizations and the accessibility of the Covid-19 vaccine. He talks about sports organizations, they are employing the best strategies to keep their players, coaches, and staff safe. However, sports organizations right now are facing a huge challenge in bringing indoors. Everyone is waiting for the Covid-19 vaccine, but the distribution of a safe vaccine to enough people to bring us back to some sense of normalcy is not going to happen overnight.

Topics Discussed in the Podcast

  1. The journey of Michael A.L. Balboni’s professional life.
  2. Balboni’s experience of serving at New York State Senate and Senate Homeland Security Committee.
  3. Cyber threats from energy perspective and the role of digitization in that.
  4. Cyber attacks to take over a physical operating system (cross over from IT to OT).
  5. Recent presidential elections’ security.
  6. Importance of securing home-networks and investing in cyber-infrastructure and cybersecurity.
  7. Some fundamental cybersecurity strategies.
  8. Perks of working with the best and brightest people.
  9. Thoughts about the accessibility of the Covid-19 vaccine.

 

An interview with Darren Blatt CEO of Affiliate Ball

In this episode of Chattinn Cyber, Marc Schein interviews Darren Blatt, a pioneer of Professional Internet marketing and the CEO of Affiliate Ball.

Darren begins the conversation with a reference to how it all started for him and how he transitioned seamlessly into the industry that had the Internet at its center. He then reflects upon the definition of an Affiliate, pertaining to the Affiliate industry before getting into the technicalities of the contemporary world’s most prominent field — Digital Marketing.

Darren shares his comprehensive insight into how the huge trade shows across major cities such as New York, Vegas, San Francisco, etc., allows him to justify the marketing and branding efforts. To that end, he points out that throwing affiliate balls require utmost interaction, especially when the marketing methods have taken a massive and unprecedented turn during the pandemic. He goes on to describe how the pandemic has pushed him to tweak his approach to trade shows and how he has leveraged virtual connectivity to keep the flow intact.

Subsequently, Darren addresses working with celebrities and their impact on the marketing endeavors. Finally revisiting some of the best practices for effective marketing.

Key Takeaways:

  1. Heading to trade shows regardless of the industry or the industry segment is essential for learning.
  2. Targeting trade shows concentrated around the niche is even better and further attracts a great learning experience.
  3. Success in the digital world is guided by various underlying facets, with “asking questions” being integral.

Key Quotes:

  • “An affiliate is someone who gets paid on production” – Darren (3:43)
  • “Throwing Big Events are really some of the best branding and marketing you can do.” – Darren (5:40)
  • “But by the time we all get back in person, I think you’re going to see these events explode because people are dying to go back to listen to them” – Darren (13:30)
  • “There is 80 20 rule in marketing where 20 percent is what you know, and 80 percent is who you know.” – Darren (18:00)