by Daniela Parker
Unraveling the (con)fusion between Tech & Risk Management
Language
🇺🇲
Publishing Since
1/27/2024
Email Addresses
0 available
Phone Numbers
0 available
April 15, 2025
Daniela, Brian, and Glen delve into the difficulties of getting organizations to prioritize and support risk management, IT, and information security. They discuss how departmental silos, conflicting priorities, and a lack of understanding can lead to these areas being marginalized. The conversation explores the tension between documenting risks and the need for action, the importance of relationship-building to bridge communication gaps, and the challenge of shifting organizational mindsets. The hosts emphasize that securing buy-in is an ongoing process, requiring persistence, proactive engagement, and a recognition that organizational change takes time and may necessitate seeking alignment elsewhere.
April 1, 2025
Welcome back to ByteWise! Today, with the episode launching on April Fool's Day, we're diving into the world of phishing tests. It's a topic that often straddles the line between a security measure and, let's be honest, a workplace prank. We're here to discuss how these tests have evolved, moving from potentially punitive tools to a more nuanced approach. Glen kicks us off by defining phishing as a subset of social engineering, focusing on email-based manipulation. He outlines the common tactics cybercriminals use, like malicious links and fraudulent requests. We then delve into how the approach to phishing tests has changed. Initially, they were often predictable and monthly, but now, they're more random and ad-hoc. Glen explains how fear-based approaches have been counterproductive, damaging trust between employees and the IT/security team. We share personal anecdotes, like Daniela's memorable e-card phishing test experience, to illustrate this evolution. The conversation shifts to moving beyond punitive measures. We discuss why mandatory training videos and disciplinary actions are ineffective, and instead, we emphasize the importance of clear reporting processes and effective training. We also touch on the necessity of including everyone, even IT, in these tests. Glen suggests focusing on varied training methods, like webinars and bite-sized modules, and creating a supportive environment for reporting suspicious activities. We emphasize the importance of clear reporting and communication, ensuring employees know how and where to report suspicious activity. The gray area of dealing with repeat offenders is explored, discussing the balance between employee development and organizational risk. We discuss the importance of having a policy for repeat offenders. Finally, we discuss fostering a security-aware culture, moving away from fear-based approaches and building trust. We emphasize the role of the IT/security team as a resource and the importance of friendly, approachable security personnel. Daniela wraps up the episode with final thoughts and a reminder to stay vigilant, especially on April Fool's Day. Key Takeaways: Phishing tests should be educational tools, not punitive measures. Building a security-aware culture requires trust and open communication. Clear reporting processes are essential for effective security. Resources: https://tech.co/news/study-workplace-phishing-tests-success-rate https://www.usenix.org/system/files/usenixsecurity24-schops.pdf
March 14, 2025
Ever wonder if your disaster recovery (DR) plan would actually work when you need it? Daniela, Brian, and Glen cut through the jargon and get real about DR, focusing on the security gaps you might be missing. They unpack why backups aren't a silver bullet, how problems can lurk in your recovery plans, and why relying solely on cyber insurance can leave you exposed. What You'll Learn: Backups: Not Your Security Blanket: Glen explains why hackers target backups and how to fortify them. Think of it as securing the vault, not just the money. Cloud Caution: Brian warns against putting all your eggs in the cloud basket. Learn why you need your own data copies and how to make that happen. Ransomware's Hidden Threat: Glen reveals the scary truth: infected backups can re-infect your systems. Discover how to spot and eliminate this risk. Insurance Reality Check: Daniela and Brian break down what your cyber insurance really covers. Don't get caught off guard when you need it most. Recovery is a Team Sport: Daniela emphasizes that DR isn't just an IT problem. Learn how to involve everyone and why your team's input is crucial. Especially the people who work with the systems daily. Actionable DR Tips: Get practical advice on testing your DR plan, identifying critical systems (BIA), and building a resilient recovery strategy. Key Takeaways: Don't assume your backups are safe. Proactively secure them. Diversify your data storage. Don't rely solely on cloud providers. Scan backups for malware. Assume the worst. Understand your cyber insurance policy's limitations. Involve your entire team in DR planning. Test your plan regularly. Real-world events are unpredictable. A BIA, Business Impact Analysis, is your road map.
Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.
All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.
We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.
While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at [email protected] for prompt review and appropriate action, which may include content removal or proper attribution.
By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.