Security Intelligence Podcast

“Every cloud conversation should be also a security conversation,” says Anna Van Wassenaer, Cloud Business Development Leader, Europe, for IBM Security Services. Abhijit Chakravorty, Partner & Cloud Security Competency Leader for IBM Security, joins Van Wassenaer for a conversation about why cloud strategy should go hand-in-hand with a security strategy. The conversation covers the cloud threat landscape; balancing CISO, CIO and developer objectives for cloud migration; and advice on where to start when developing a cloud security strategy. For more on cloud security, visit the SecurityIntelligence blog: https://securityintelligence.com/category/cloud-protection/

"The idea of chaos engineering is essentially to help test resilience before an accident happens," says Itzik Kotler, co-founder and CTO of SafeBreach.  Kotler joins Matthew Dobbs, Chief Integration Architect for the IBM Security Command Center, for a conversation about the value of testing systems and people through "dynamic but controlled chaos." They discuss training for the shifting adversary landscape and TTPs, who benefits from chaos engineering training, and what makes for a good simulation experience. Read more about chaos engineering on the Security Intelligence blog: https://securityintelligence.com/posts/chaos-engineering-security-simulation-exercises-dynamic-threat-environments/

What are the top findings from the Cost of a Data Breach Report 2020? Charles DeBeck, a cyber threat intelligence expert with IBM X‑Force IRIS, talks about what drives costs higher for some organizations. "We observed a growing divide between organizations that were well prepared and organizations that weren't," DeBeck says. DeBeck covers more highlights from the report, including top root causes such as cloud misconfiguration and compromised credentials. He also shares what the study found were the most successful security measures for mitigating costs: security automation and incident response readiness. View highlights and download the report: https://www.ibm.com/security/digital-assets/cost-data-breach-report/

The threat landscape has changed as a result of the global pandemic. What does that mean for organizations and their employees? How can leaders "manage through chaos" successfully? Hosts Pam Cobb and David Moulton reflect on these questions by drawing on insights from speakers at IBM Think Digital 2020.  See the full sessions referenced in the episode: Address New Cybersecurity Risks - https://www.ibm.com/events/think/watch/replay/126550847/ Detect & Respond to Accelerating Threats - https://www.ibm.com/events/think/watch/replay/126499081/ Virtually Extend Your Security Team and Quickly Add Expertise -  https://www.ibm.com/events/think/watch/replay/126497278/

As digital transformation accelerates, so does the importance of verification. "I think it's become more important right now to ensure the right person has access to the right data and apps at the right time under the right circumstances," says Aarti Borkar, Vice President, OM, for IBM Security. "And to me that's Zero Trust." Borkar returns to the podcast to explore the connection between verification, context and successful applications of Zero Trust — or in other words, "Never trust, always verify." The conversation covers why the demands of remote work call for a Zero Trust philosophy; how Zero Trust goes hand in hand with innovation; and who on the leadership team can help apply context plus verification to an organization's security strategy. Read the full episode transcript on the SecurityIntelligence blog: https://securityintelligence.com/media/contextualizing-zero-trust/

"APT groups jump at the chance to take advantage of people's emotions," says Ryan Castillo, an analyst on the threat hunt and discovery team within IBM X‑Force IRIS. One such advanced persistent threat (APT) group has recently been detected mining the "treasure trove of COVID-19 lures" activated by overall uncertainty and misinformation in the face of the global pandemic. Castillo and Joshua Chung, a strategic cyber intel analyst for IBM X-Force IRIS, join the hosts to discuss recent activity from ITG16, a North Korean government state‑sponsored threat group. The conversation covers the threat group's targets and tactics and how they anticipate ITG16 to evolve their operations in the future. Read the full episode transcript on the SecurityIntelligence blog: https://securityintelligence.com/media/recent-activity-from-itg16-a-north-korean-threat-group/

If you introduced yourself at a dinner party and a short time later the host forgot your name, maybe you'd be confused and a little frustrated. The same goes for consumers when interacting with a brand, signing up or verifying their identity. "That kind of experience is something we see on a regular basis in many consumer applications where you're asking for information that isn't necessary or maybe you already have and should not be asking again," says Sean Brown, Program Director for IBM's identity and access management team. "And with that friction, consumers lose confidence."  For more stories on identity and access management, visit SecurityIntelligence.com. Brown and Martijn Loderus, Global CIAM Lead for IBM, join the podcast for a discussion of consumer identity and access management, or CIAM. The conversation covers the distinction between CIAM and traditional identity and access management; what happens when there's friction in the consumer authentication process; and how to create friction-less CI