The Security Detail

Cloud security is essential to safeguarding sensitive data and ensuring the reliability of digital services in an increasingly interconnected and data-driven world. In this episode, Sean Heide shares some of the top threats to cloud computing that he's seeing as technical research director at the Cloud Security Alliance. 
 
Resources:
CSA's 2022 Top Threats to Cloud Computing report
CIS Critical Security Controls
Shared Responsibility Model in the Age of Cloud 

Cybersecurity in the financial sector is of paramount importance due to the highly sensitive and valuable nature of the data and transactions involved. In this episode, Paul Trueman, the executive vice president of segments in cyber and intelligence at Mastercard, shares insights from his extensive experience in the industry and provides advice on navigating challenges. 
Resources: 
FS-ISAC's Navigating Cyber 2023 report
Digital Intelligence Index
Digital Trust at the World Economic Forum
Oxford Cyber Security for Business Leaders Programme

The cyber threat landscape for the retail and hospitality sector is marked by persistent and sophisticated attacks, targeting both customer data and financial information. With the widespread adoption of e-commerce and digital payment systems, threat actors exploit vulnerabilities in online platforms and point-of-sale systems to steal sensitive data and execute financial fraud. Additionally, the interconnected nature of supply chains in these industries presents further risks, demanding heightened cybersecurity measures to safeguard customer trust and protect against potential disruptions to business operations.
In this episode, Suzie Squier, president of the Retail and Hospitality ISAC, shares the top concerns she's hearing from ISAC members and her recommendations to better defend against these threats. 
 
Resources: 
RH-ISAC website
MISP threat sharing platform
RH-ISAC Benchmark Survey
2022 Zscaler ThreatLabz - State of Phishing Report
Bluenomicon: The Network Defender's Compendium
 

Threat actors continue to exploit vulnerabilities in healthcare systems, leading to data breaches, ransomware incidents, and disruptions in critical medical services. The sector's increased reliance on interconnected devices and electronic health records has amplified the risks, necessitating robust cybersecurity measures and constant vigilance to safeguard patient information and maintain the integrity of healthcare operations.
In this episode, Zach Nelson, Assistant Vice President of Health-ISAC's Threat Operations Center, shares his insight on the top cyber threats to the healthcare sector.
 
Resources: 
H-ISAC website
FDA Guidance regarding cybersecurity in medical devices
MSFT Blog on court order regarding cracked copies of Cobalt Strike
 

In this episode of The Security Detail, Kirsty and Audra take a look at the cyber threat landscape for the public sector from an Australian perspective. The episode features an interview with Dan Tripovich, who is currently the Assistant Director-General Standards, Technical Advice and Research (STAR) within the Australian Signals Directorate’s Australian Cyber Security Centre Group. STAR Branch delivers ACSC’s flagship publications, including the Australian Government Information Security Manual, the Essential Eight and Protective Cyber Security guidance to the Australian public. Dan is also responsible for the delivery of the ACSC’s Research, International Standards and Technical Advice capabilities to support the secure operation of Critical, Emerging and Operational Technologies.
 
Resources:
- Australian Cyber Security Centre
- An Introduction to Securing Smart Places
- Essential Eight
- REDSPICE investment
 
 

The manufacturing sector faces targeted attacks on critical infrastructure, including supply chain attacks and industrial espionage, which can lead to production disruptions and intellectual property theft. In this episode, Tim Chase, Program Director at the Global Resilience Federation (GRF), shares threat trends he’s observed from his leadership of the manufacturing ISAC.
 
Resources: 
MFG-ISAC: https://www.mfgisac.org/
CPG Supply Chain Security Guides: https://www.mfgisac.org/cpg-supply-chain-security-guides
Global Resilience Federation: https://www.grf.org/
CyManII: https://cymanii.org/
Recorded Future 2022 Report: https://www.recordedfuture.com/2022-annual-report
KPMG industrial manufacturing technology insights report: https://advisory.kpmg.us/articles/2022/industrial-manufacturing-insights.html

The telecommunications industry is responsible for our modern communications, including internet service providers, cable companies, and mobile operators. In this episode, cybersecurity advisor and ex-CISO Ian Keller explains why this sector is such an attractive target for state-sponsored adversaries along with his advice for CISOs.
Ian Keller's website: https://iankeller.online/
The Troublemaker CISO blog: https://iankeller.online/blog/the-ciso-blog/

As Splunk’s Chief Cybersecurity Advisor, Paul Kurtz is well-versed in today’s cyber threat landscape. In this episode, Kurtz shares lessons learned from his cybersecurity career, which began in the early 1990s in the US government, where he served at the White House on the National Security Council and Homeland Security Council. 
Resources: 
Paul Kurtz bio: https://www.splunk.com/en_us/blog/author/pkurtz.html
Code Red virus: https://www.nsf.gov/discoveries/disc_videos.jsp?org=NSF&cntn_id=100075&media_id=51501
Nimda worm: https://www.sans.org/white-papers/95/
UK NCSC: https://www.ncsc.gov.uk/
CISA: https://www.cisa.gov/
Splunk SURGe: https://www.splunk.com/en_us/surge.html?301=/surge
US Infrastructure Investment and Jobs Act: https://www.congress.gov/bill/117th-congress/house-bill/3684
CIS Critical Security Controls: https://www.cisecurity.org/controls/v8_pre