Cyberside Chats: Cybersecurity Insights From The Experts podcast

20:41

Quantum computing is advancing rapidly—and with it, the potential to break today’s most widely used encryption standards. In this episode of Cyberside Chats , Sherri and Matt cut through the hype to explore the real-world cybersecurity implications of quantum technology. From the looming threat to encryption to the emerging field of post-quantum cryptography, our experts will explain what security pros and IT teams need to know now. You'll walk away with a clear understanding of the risks, timelines, and concrete steps your organization can take today to stay ahead of the curve. Takeaways & How to Prepare for Quantum Computing: Map Your Crypto Use Today Inventory where you use RSA, ECC, and digital signatures across your organization. This is the first step toward identifying high-risk systems and planning your migration strategy. Ask Vendors the Right Questions Engage vendors now about their crypto agility and post-quantum readiness. Don’t wait for them to tell you—ask what they're doing to prepare and when they'll support PQC standards. Protect Long-Term Confidential Data Identify and secure data that must stay private for 10+ years—think HR records, contracts, financials, and customer data. Make sure it’s encrypted using symmetric methods or stored on platforms that can adopt PQC. Track PQC Standards and Test Early Keep up with NIST's progress and consider pilot testing PQC tools in non-production environments. Testing now reduces surprises later when standards are finalized. Start Using Hybrid Crypto Approaches Hybrid protocols combine classical and quantum-safe algorithms. They provide an easy starting point to future-proof encryption while retaining backward compatibility. References: “NIST Releases First 3 Finalized Post-Quantum Encryption Standards” https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards “You need to prepare for post-quantum cryptography now. Here’s why” https://www.scworld.com/resource/you-need-to-prepare-for-post-quantum-cryptography-now-heres-why #cyptography #quantum #quantumcomputing #quantumcomputers #cybersecurity #ciso #securityawareness #cyberaware #cyberawareness…

1
Red Alert: CISA's Budget Cuts and the Fallout for Defenders 16:01

11 days ago16:01

16:01

CISA, the U.S. government’s lead cyber defense agency, just took a major financial hit—and the fallout could affect everyone. From layoffs and ISAC cuts to a near-shutdown of the CVE program, these changes weaken critical infrastructure for cyber defense. In this episode of Cyberside Chats , we unpack what’s been cut, how it impacts proactive services like free risk assessments and scanning, and what your organization should do to stay ahead. Takeaways: Don’t wait for Washington—assume support from CISA and ISACs may be slower or scaled back. Map your dependencies on CISA services and plan alternatives for scans, intel, and assessments. Budget for gaps—prepare to replace free services with commercial or internal resources. Subscribe to non-government threat intelligence feeds and monitor them regularly. Prioritize and prepare your response to zero-days and software exploits, knowing CVE and intel delays give attackers more time. Build local and sector connections to share threat info informally if national channels slow down. Resources: MITRE CVE Program - The central hub for CVE IDs, program background, and tracking published vulnerabilities. https://www.cve.org The CVE Foundation: https://www.thecvefoundation.org/home LMG Security Vulnerability Scanning: https://www.lmgsecurity.com/services/testing/vulnerability-scans #cybersecurity #cyber #CVE #riskmanagement #infosec #ciso #security…

1
23andMe: Breaches, Bankruptcy, and Security 13:42

18 days ago13:42

13:42

When a company built on sensitive data collapses, what happens to the information it collected? In this episode of Cyberside Chats , we examine 23andMe’s data breach, its March 2025 bankruptcy, and the uncomfortable parallels with the 2009 Flyclear shutdown. What happens to biometric or genetic data when a vendor goes under? What protections failed—and what should corporate security leaders do differently? Drawing from past and present breaches, we offer a roadmap for corporate resilience. Learn practical steps for protecting your data when your vendors can’t protect themselves. #Cybersecurity #Databreach #23andMe #CISO #IT #ITsecurity #infosec #DFIR #Privacy #RiskManagement…

1
"Unmasking Shadow IT: Navigating Unauthorized Communication Tools Like Signal" 17:34

25 days ago17:34

17:34

Unauthorized communication platforms—aka shadow channels—are increasingly used within enterprise and government environments, as demonstrated by the recent Signal scandal. In this week's episode of Cyberside Chats , special guest Karen Sprenger, COO at LMG Security, joins Matt Durrin to delve into the critical issue of shadow IT, focusing on recent controversies involving unauthorized communication tools like Signal and Gmail in sensitive governmental contexts. Matt and Karen discuss the risks associated with consumer-grade apps in enterprise environments, the need to balance usability and security, and how organizations can better manage their communication tools to mitigate these risks. This episode will cover: What platforms like Signal offer—and their limitations in enterprise settings. Why users bypass official channels and how it leads to compliance failures. Real-world implications from recent incidents, including U.S. officials using unsecured communication tools. The broader shadow IT landscape and why it’s a pressing issue for security leaders. Join us in exploring the headlines and takeaways that can help organizations avoid similar pitfalls! #Cybersecurity #ShadowChannels #CybersideChats #UnauthorizedPlatforms #Signal #DataLeaks #Compliance #Infosec #ShadowIT #IT #Cyber #Cyberaware ETech #CISO…

1
The Encryption Battle: Security Savior or Cyber Risk? 25:22

5 weeks ago25:22

25:22

Governments are pushing for encryption backdoors—but at what cost? In this episode of Cyberside Chats, we break down Apple’s fight against the UK’s demands, the global backlash, and what it means for cybersecurity professionals. Are backdoors a necessary tool for law enforcement, or do they open the floodgates for cybercriminals? Join us as we explore real-world risks, historical backdoor failures, and what IT leaders should watch for in evolving encryption policies. Stay informed about how these developments affect corporate data privacy and the evolving landscape of cybersecurity legislation. A must-watch for anyone interested in understanding the complex interplay between technology, privacy, and government control. #cyberthreats #encryptedcommunications #Apple #encryption #encryptionbackdoors #cybersecurity…

1
Deepfakes & Voice Phishing: The New Frontier of Cybercrime 13:46

6 weeks ago13:46

13:46

AI-generated deepfakes and voice phishing attacks are rapidly evolving, tricking even the most tech-savvy professionals. In this episode of Cyberside Chats, we break down real-world cases where cybercriminals used deepfake videos, voice clones, and trusted platforms like YouTube, Google, and Apple to bypass security defenses. Learn how these scams work and what IT and security leaders can do to protect their organizations. Takeaways: Educate Staff on Deep Fake & Voice Cloning Threats – Train employees to recognize red flags in AI-generated phishing attempts, including voice calls that sound slightly robotic, rushed password reset requests, and unexpected changes in vendor communications. Verify Before You Trust – Encourage employees to independently verify unexpected requests, even if they appear to come from trusted platforms (e.g., YouTube, Apple, Google). Use known contacts, not the contact information in the suspicious message. Strengthen MFA Policies – Require phishing-resistant MFA methods (e.g., FIDO2 security keys) and educate users on MFA fatigue attacks, where criminals bombard them with authentication requests to wear them down. Limit Publicly Available Information – Reduce exposure by minimizing executives' and employees' personal and professional information online, as attackers use this data to create convincing deepfakes and social engineering schemes. Monitor Trusted Platforms for Abuse – Attackers are exploiting YouTube, Google Forms, and other legitimate services to distribute phishing content. Set up alerts and regularly review security logs for unusual access attempts or fraudulent messages. Tune in to understand the impact of digital deception and discover practical steps to safeguard against these innovative yet insidious attacks affecting individuals and businesses alike. #Deepfakes #Phishing #SocialEngineering #CISO #Cyberattacks #VoicePhishing #Cybersecurity #VoiceCloning #CybersideChats…

1
Wiretapped: How Hackers Infiltrated Global Telecom Networks 14:54

7 weeks ago14:54

14:54

Recent telecom breaches have exposed a critical security risk for businesses everywhere. Nation-state hackers and cybercriminals are stealing metadata, tracking high-profile targets, and even intercepting calls—all without breaking into corporate networks. In this episode, we analyze major telecom hacks, including the Salt Typhoon breach, and share practical strategies for IT leaders to protect their organizations from targeted attacks using telecom data. Key Takeaways: Strengthen authentication for financial transactions. Don’t rely on the phone! Train staff to recognize spoofed calls and phishing texts that mimic trusted partners. Stay aware – assume telecom metadata can be weaponized Limit what employees share over calls and texts. Consider using encrypted communications, such as Signal, for any highly sensitive conversations. Require telecom service providers to disclose security practices and past breaches Have a contingency plan for telecom outages, including backup communication channels and alternative ways to verify urgent requests. Don't forget to follow our podcast for fresh, weekly cybersecurity news! #Cybersecurity #TelecomSecurity #SaltTyphoon #Spoofing #Metadata #Infosec #Phishing #CyberThreats #NationStateHackers #BusinessSecurity #CybersideChats #EncryptedCommunications #ITSecurity…

1
When Microsoft Goes Down: Cyber Risk & Resilience 14:57

8 weeks ago14:57

14:57

The March 2025 Microsoft Outlook outage left thousands of organizations scrambling. But this wasn’t just an isolated event—recent outages from CrowdStrike, AT&T, and UK banks highlight the systemic risks businesses face. In this episode, we break down the latest Microsoft outage, discuss its impact on cyber insurance, and provide actionable steps to help organizations reduce the risk of business disruption. Join Sherri Davidoff and Matt Durrin as they discuss the broader implications of such outages, emphasizing the importance of effective risk management, especially for organizations heavily reliant on cloud services. Actionable Takeaways: Develop a Communications Plan – Ensure employees have backup communication methods for cloud service outages. Strengthen Vendor Risk Management – Assess dependencies on critical providers and establish alternative solutions. Test Business Continuity Plans (BCP) – Run outage simulations to improve response time and decision-making. Evaluate Cyber Insurance Coverage – Confirm policies include business interruption coverage, not just cyberattacks. Monitor for Early Warnings – Set up alerts for vendor status updates and cybersecurity advisories. Reduce Single Points of Failure – Implement multi-cloud or hybrid infrastructure to avoid total reliance on a single provider. Links & References: Microsoft’s Global Outage Coverage (CNBC) Cyber Insurance Report – Business Interruption Trends (AM Best) CrowdStrike Q4 2025 Earnings Report UK Banking System Outage (The Times) World Economic Forum Cybersecurity Outlook 2025 #microsoft #microsoftoutage #cybersecurity #cyberaware #businesscontinuityplanning #businesscontinuity #cyberinsurance #LMGsecurity #CybersideChats…

1
Abandoned S3 Buckets – A Goldmine for Hackers 25:21

9 weeks ago25:21

25:21

Do you think your old cloud storage is harmless? Think again. This week on Cyberside Chats, Sherri and Matt dive into shocking new research from Watchtowr that reveals how hackers can take over abandoned Amazon S3 buckets—and use them to infiltrate government agencies, Fortune 500 companies, and critical infrastructure. We’ll break down real-world examples of how this risk can be exploited, including malware-laced software updates, hijacked VPN configurations, and compromised open-source dependencies. Plus, we’ll share practical strategies to protect your organization from this growing cybersecurity threat! Links & Resources: Watchtowr’s Research on Abandoned S3 Buckets: https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/ How Encryption Works by Sherri: https://www.youtube.com/watch?v=ALsXbShTWJk LMG Security’s Cloud Security Audits: https://www.LMGsecurity.com/services/advisory-compliance/cloud-security-assessment/ Like what you heard? Subscribe to Cyberside Chats for more expert cybersecurity insights every week. #cybersecurity #databreach #AWS #S3 #CISO #Cloud #AWSsecurity #Hackers #Infosec #IncidentResponse…

1
Ransomware Watch: Ghost, RansomHub, and the Latest Trends 14:12

10 weeks ago14:12

14:12

In this episode of Cyberside Chats, we dive into the world of ransomware, focusing on the notorious Ghost Ransomware Gang. Recently flagged by the FBI and CISA, Ghost has targeted organizations in over 70 countries. We explore their methods of infiltration, with a spotlight on outdated software vulnerabilities, and discuss how organizations can fortify their defenses. We'll also provide insights into the broader ransomware landscape, including trends and statistics for 2024, and offer practical advice on protecting against these cyber threats. Lastly, we delve into the operations of the RansomHub group, revealing their so-called 'ethical' hacking practices. Join Sherri Davidoff and Matt Durrin as they unravel these cyber threats and equip you with strategies to safeguard your organization. #ransomware #ransomwareattacks #cybersecurity #cyberaware #GhostRansomware #CISA…

1
Software Exploits – The Fast-Paced Threat Landscape of 2025 12:20

11 weeks ago12:20

12:20

Zero-day exploits are hitting faster than ever—are you ready? This week, we dive into the U.S. Treasury breach, which we now know involved multiple zero-days, including a newly discovered flaw in BeyondTrust’s security software. Attackers aren’t just targeting IT systems anymore—they’re coming for security tools themselves to gain privileged access. We also cover new zero-days in Microsoft, Apple, and Android, and why time-to-exploit has dropped from 32 days to just 5. Plus, we’ll share key defensive strategies to help you stay ahead. The race between attackers and defenders is accelerating—don’t get left behind. Takeaways: How You Can Defend Against These Threats Patch Faster—Automate Where Possible With zero-days being exploited in days, manual patching isn’t fast enough. Automate patching for high-risk, internet-exposed systems. Monitor Known Exploits & Zero-Days Stay ahead of threats with the CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog . Strengthen Privileged Access & Network Segmentation Security tools like BeyondTrust are high-value targets—lock them down. Limit exposure: if attackers breach one system, they shouldn’t be able to pivot everywhere. Threat Hunt for Exploitation Attempts Don’t wait for alerts—assume exploitation is happening. Look for privilege escalations, odd script executions, and unexpected admin account changes. Assess & Limit Third-Party Risks Security vendors are part of your attack surface—evaluate them like you would any other software provider. Make sure they follow secure development practices, have clear incident response plans, and communicate openly about vulnerabilities and patches. Helpful Links & Resources CISA Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog LMG’s Software Supply Chain Webinar: https://www.youtube.com/watch?v=cB8iriZJ57k Google’s Cybersecurity Forecast 2025 report: https://cloud.google.com/security/resources/cybersecurity-forecast…

1
The OPM Security Debacle: Rogue Servers, Data Risks & What’s Next 13:29

12 weeks ago13:29

13:29

In this episode of Cyberside Chats, Sherri and Matt dive into a shocking new cybersecurity controversy at the Office of Personnel Management (OPM). A rogue email server, installed outside normal security controls, has raised alarms about data security risks to millions of federal employees. We compare this developing situation to the infamous 2015 OPM hack, in which state-sponsored attackers stole the personal records of over 22 million individuals. Are we witnessing history repeat itself—this time with even more catastrophic consequences? Topics Covered: Flashback to 2015: How weak security and stolen credentials led to one of the worst data breaches in U.S. history. The New OPM Scandal: How an unauthorized email server could open the door to ransomware, espionage, and phishing attacks. Cybersecurity Risks: Data exfiltration, credential theft, security bypassing, and compliance failures. Lessons for IT Leaders: How to detect rogue devices, enforce Zero Trust policies, and prevent a breach before it happens. If the rogue OPM server isn’t secured, millions of federal employees could face serious risks. Listen to learn more. Do you think history is repeating itself with cybersecurity lapses going unchecked? What do you think? Drop your thoughts in the comments. Tune in again next Tuesday for another episode of Cyberside Chats!…

1
DeepSeek or Deep Risk? The AI Power Play With China 13:55

13 weeks ago13:55

13:55

DeepSeek or DeepRisk? A new AI powerhouse is making waves—DeepSeek has skyrocketed in popularity, rivaling top AI models at a fraction of the cost. But with data stored in China and unknown security safeguards, is your organization at risk? In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down the cybersecurity implications of AI tools like DeepSeek. You'll learn about: ▪ DeepSeek's unique IP exposure risks and cybersecurity challenges. ▪ The growing threat of "Shadow AI" in your organization and supply chain. ▪ How to update your policies, vet vendors, and protect sensitive data in an era of rapidly evolving AI risks. Join Sherri and Matt as they provide an in-depth look at DeepSeek's cybersecurity risks and explain why your organization must communicate clear acceptable use policies with employees and partners. Don’t forget to follow us for weekly Cyberside Chats security updates! 🔗 Here’s the LMG Security AI Readiness Checklist we reference in the video: https://www.LMGsecurity.com/resources/adapting-to-ai-risks-essential-cybersecurity-program-updates #DeepSeek #cybersecurity #cyberaware #cybersecurityawareness #ciso #cybersecure #aithreats #ai #DeepSeekSecurity…

1
The Silk Road, a Pardon, and the Future of Cybercrime 12:39

14 weeks ago12:39

12:39

In this episode of Cyberside Chats , we dive into the surprising pardon of Ross Ulbricht, creator of the infamous Silk Road dark web marketplace. What does this decision mean for the future of cybercrime enforcement and your organization’s security? We’ll explore the potential policy shift, how it could embolden criminals, and actionable steps you can take to stay ahead of evolving threats. Don't miss these critical insights! Takeaways: Anticipate Increased Cybercrime Activity. The pardon of Ross Ulbricht could embolden cybercriminals. Proactively strengthen your organization’s defenses by updating incident response plans and running tabletop exercises to prepare for more brazen attacks. Monitor Policy Changes Closely. Stay informed about shifts in U.S. government enforcement against cybercrime. If the crackdown slows, adapt your risk assessments and adjust your security posture to counter an evolving threat landscape. Collaborate and Share Intelligence. Join industry groups and forums to exchange insights on how others are preparing for and responding to cyber threats in the wake of policy and enforcement changes. Reinforce Employee Training. With the possibility of emboldened cybercriminals, ensure staff are well-trained to recognize phishing and social engineering tactics, which are often the first step in an attack. Enhance Threat Detection Capabilities. Invest in tools and services that monitor dark web activity and ransomware trends to stay ahead of potential threats, especially as new actors and groups emerge.…

1
When the FBI Becomes Your IT Department 13:00

15 weeks ago13:00

13:00

In this episode of Cyberside Chats , we explore the FBI’s daring takedown of PlugX malware. By commandeering the malware’s command-and-control infrastructure, the FBI forced PlugX to uninstall itself from over 4,200 devices globally. This bold move echoes similar actions from 2021, such as the removal of malicious web shells from Exchange servers. We unpack the legal, ethical, and operational implications of these law enforcement actions and provide actionable advice for IT and security leadership to prepare for similar events. Key topics include: How the FBI executed the PlugX takedown and what it means for organizations. The risks and benefits of law enforcement hacking into private systems to mitigate threats. Preparing for potential third-party access to your network by “authorized” actors like law enforcement or tech vendors. Takeaways: Be aware that “authorized” third parties, such as law enforcement or Microsoft, may access your computers if they’re part of a botnet. Monitor threat intelligence feeds so you’re informed when events like these occur. Proactively communicate with your ISP about their processes for responding to law enforcement notifications. Ensure your contact information is current with your ISP and DNS registrars to avoid communication gaps. Review and update your incident response (IR) and forensics plans to account for potential third-party access. Include scenarios involving third-party access in your tabletop exercises to improve preparedness. Resources: “FBI Hacked Thousands of Computers to Make Malware Uninstall Itself” “The Microsoft Exchange Server Hack: A Timeline” “Taking Down the Waledac Botnet (The Story of Operation b49)” Have thoughts or questions about this episode? Contact us to discuss this and more with other cybersecurity professionals. #cybersecurity #PlugX #PlugXhack #hack #hacker…

Cyberside Chats: Cybersecurity Insights from the Experts

1
Cyber Trust or Bust? The New FTC Cyber Trust Mark 12:20

16 weeks ago12:20

12:20

In Episode 2 of CyberSide Chats , Sherri Davidoff and Matt Durrin dive into the launch of the U.S. Cyber Trust Mark, a new security initiative aimed at making Internet of Things (IoT) devices more secure for consumers. As the number of connected devices continues to rise, the U.S. Cyber Trust Mark promises to help users make informed decisions about the security of products like cameras, smart locks, and voice assistants. Sherri and Matt will discuss the potential impacts of the Cyber Trust Mark and discuss the ongoing challenges of securing IoT devices. They also tackle the rising threat of QR code phishing, as more devices will carry QR codes for secure setup—raising new concerns for consumers. Tune in to learn how this new mark can help protect your privacy and security in an increasingly connected world! Don’t forget to like, subscribe, and share this episode to stay informed on the latest cybersecurity trends! #USCyberTrustMark #cybersecurity #cyberaware…

Cyberside Chats: Cybersecurity Insights from the Experts

1
2025 Cybersecurity Priorities: The Top 3 Moves to Make 23:27

20 weeks ago23:27