David Moulton (11:16)

And now a message from Blackcloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is is by targeting your executives and their families at home. Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with Blackcloak. Learn more at Blackcloak IO Foreign Cyber Threats are more sophisticated than ever passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door. The login. Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today.

Maria Varmazes (12:56)

Our Threat Vector segment has host David Moulton sharing previews of two upcoming episodes. On this Thursday's episode, he speaks with Holly Hennessy, who is the principal analyst for IoT cybersecurity at Omdia, to discuss how attackers exploit vulnerabilities in connected environments and the best approaches for risk mitigation. The next week, on Thursday, March 13, David shares four conversations with some of the trailblazing women at Palo Alto Networks in honor of International Women's Day and Women's History month.

Holly Hennessy (13:30)

On Thursday, March 6th, I'm chatting with Holly Hennessey, principal analyst for IoT Cybersecurity at Omdia, to talk about OT security. We'll discuss how attackers exploit vulnerabilities in connected environments and and the best approaches for risk mitigation. Holly also shares her insights on the evolving risk posed by IoT devices, from industrial control systems to consumer technology. Plus, she has a great security joke.

Gail (13:57)

Where did the threat actor go?

Holly Hennessy (14:00)

I don't know. You're not going to want to miss this episode. Holly Hennessy, welcome to Threat Factor. I'm really excited to have you here today.

Gail (14:11)

Hi Gail, thank you so much for having me.

Holly Hennessy (14:13)

I was recently talking to a journalist about the underrated and the overrated, the underreported and the over reported in our industry. Do you look at OT as one of these areas that is underreported, underrepresented, overrepresented, over reported? How would you position it on that kind of quadrant?

Gail (14:37)

Yeah, I think that's an interesting question. I think if you're looking at cybersecurity, IT security obviously gets all the kind of glamour and the glory. I would say IoT security is way smaller a space, so it's a lot more niche. I don't think everyone is as interested in it. I don't think everyone understands it as much. So in that sense it's kind of under focused on, I would say. I obviously find it incredibly interesting. I think it is super interesting for people who are kind of perhaps wanting to learn more about the space. There's a lot that is different to it, but there's also a lot in the cybersecurity space on the IT side in general that can kind of transfer over. I mean, if you think of any of the large events, you're way more likely to see it security focused talks, technology. There's way less on ot. So yeah, I would say it's perhaps underrepresented, but I think those that are in the space do a good job at showing how interesting it is and showing why it's so important to kind of focus on.

Holly Hennessy (15:39)

Holly, your research highlights secure Remote Access, or sra, as this key feature in many OT security platforms. Why has SRA become such a critical capability and how does it impact risk management and operational resilience?

Gail (15:57)

Yeah, so secureama access has a lot of promise. I think it's one of the fastest growing areas of the market. So, you know, a lot of organizations are looking for this technology, but there's still relatively decent sizable gap in the market for vendors to be filling. And so in the most recent report, there's, you know, quite a few vendors that are offering this natively. It's much more so than a couple of years ago. It was kind of few and far between and now there's also a lot partnering with specialists in the space because there are also more point products that are kind of offering this to meet that demand from customers. And I think it really stands out in OT security given that these environments and how they're working, how users are kind of connecting. There's been a lot of discussion around zero trust in ot, what that means and how that kind of translates or looks different to an IT sense. I think crucially part of that is including users and everything else that you shouldn't trust. But securement access is really kind of standing out in terms of that access. Also the R in that the remote I think has kind of now kind of expanded to access in general. So it's not necessarily remote users, but could be users who are regularly accessing equipment as well. So being able to monitor that activity I think is really useful. Obviously it enhances visibility again within the organization, but it can be a really useful way to mitigate risk and kind of reduce that likelihood of a threat in the environment. So, yeah, kind of adding that technology into the platform can be useful because, you know, you've already got technology there, you've got. It's already going to kind of factor into your monitoring and your threat detection activities. But there's a there, as I said, there are a lot more integrations as well with more of the point products in the space for secure access.

Holly Hennessy (17:56)

So let's shift to look into the future a little bit. The report discusses ongoing convergence between IT and OT Security. Are we moving towards a fully unified Security Operations center or soc? And do you see IT and OT Security remaining separate, or do you see IT and OT Security remaining separate for the foreseeable future?

Gail (18:21)

Yeah, so based on my research, it's a bit of a mix at this point in time. So I would say there are more who have a converged SOC covering Both IT and OT rather than a separate IT and OT SoC, but it's not the majority. So there's around 40% that have it converged. I would say 20% have OT only. And then you've got the rest that are doing it managed and they have a third party provider or they just have an IT soccer. Um, so I think something we do know is that the vast amount of organizations, whether you have got a separate SOC or not, you're using OT or IIoT specific tooling rather than it. So, you know, they much prefer to purchase specialist technology rather than IT and kind of utilizing that in in the space. So I think integrations are really important whether or not you're doing it separate or converged. What really stands out to me is that OT and industrial Internet of things have to be included from an IT point of view. I don't think you can be an industrial organization or a critical infrastructure organization and be looking at IT from just it. If you're looking at kind of your risk management, you need to be factoring in these devices. So integrating with specialist tech, regardless of who the kind of provider is, is going to be really important for a soc. On the other hand, you know, we know that many incidents originate in IT and then they impact OT in some roundabout way. So you also can't really silo OT and industrial Internet of things. So converging this up can alleviate some of those issues and kind of some of the reasons why more organizations are kind of going down that route.

Holly Hennessy (20:03)

The next week, on Thursday, March 13, I'm sharing four conversations with some of the trailblazing women here at Palo Alto Networks. They'll share their journeys into cybersecurity. They will share their journey into cybersecurity. They'll share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation and mentorship. I cannot express how inspired I was by my peers and I am so eager to share those stories.

Christy Fredricks (20:35)

Christy Fredricks, Chief Partnerships Officer at Palo Alto Networks can we say I've pursued a career in cybersecurity? When it's been about 14 months out of my career, I was inspired by a couple things. I have always been drawn to mission driven organizations. When I was early in my career, I thought that meant nonprofits. And I spent a little bit of time both in public education as well as in nonprofits. And I realized that I believed that I could have a better impact in the for profit sector. I started my career in consulting, having an impact on my clients and making sure their businesses were operating effectively so that they could have strong careers and add value to their customers. I moved into technology. My first operating role was in the observability space. And the mission of that company was to help software run and perform well. And when you think about how much of our day to day life is dependent on software, that felt like an important mission. But there's nothing that really beats keeping the digital way of life safe. So as I was working in observability and making sure software runs properly, you could see how much of an opportunity there was for bad actors to attack software and really impact people's livelihoods, people's experiences. And it just felt like a really important industry. And what better company to pursue than Palo Alto Networks?

Tanya Shastri (22:09)

Tanya Shastri Senior Vice President of Product Management at Palo I lead our network security, platform and product operation. In my early part of my career I did a bunch of networking because I had studied telecommunications and networking and so on. I had also done some information theory in my master's and that course had always been something I wanted to go back to. So I was very intentional at one point in my career to move to more of a data analytics insights, you know, machine learning, AI, all those kinds of things. And through that process, securing data became very important to understand. And I started working on what we call malicious fault tolerant systems, Byzantine fault tolerance and so on. And that kind of segued my interest into security. And that's what actually brought me to Palo Alto through that interest in security. And it's been so interesting because when it all comes together, actually security, there's a lot of analytics and AI as part of security.

Salma Manchanda (23:19)

My name is Salma Manchanda, I'm a consultant at unit 42. I think my main inspiration when it came to cybersecurity was the very first professor I actually had in cyber. I took a two unit elective in cyber and I just kind of didn't really know what to expect. Lo and behold, a semester later, I was totally hooked. I credit it all to that professor of mine, Joe from usc. He changed my outlook on so many different in so many different ways. He challenged me to like think a different way and opened me up to a whole new world of possibilities. And when I decided that I wanted to pursue cybersecurity also again, he was my mentor also during college. He really just was very, very encouraging in terms of like helping guide me through what classes to take, what kind of, you know, career opportunities there were, and so that whole program just totally changed my life in many different ways.

Stephanie Regan (24:18)

My name is Stephanie Regan, Principal consultant on the IR team with unit 42. Generally, I have always had a mission driven desire to help others. So everything that we do day in, day out, whether it's working a ransomware recovery case, or building a better way to respond during crises, or improving protections to prevent crises from happening in the future, the work that we do day in and day out is impactful to the other people that are on the other side of our services. I was really attracted to cybersecurity and even just the tech field in general, based on the growth and opportunity that is presented in a rapidly evolving environment. So tech is changing every single day. We've seen the advent of AI, we've seen, gosh, so many different implementations of new technologies over the years that the hunger and desire to just keep learning and growing as the field evolves and change and pivot to the next technology or the next big thing is something that's really exciting. I just hate stagnation. So I'm a person that gets very bored or upset if I'm sitting still and not moving forward in my career, in my life. So I was really attracted to cyber and tech, which in its nature is constantly evolving. And I get to be a lifelong learner and continue to grow as the field develops.

Holly Hennessy (25:48)

Don't miss the Full Episodes every Threat Vector Thursday. Subscribe now to stay ahead. Oh, and by the way, if you're in Austin, Texas for South by Southwest and want to meet up, email me at threatvectoraloaltonetworks.com I'm always looking for industry leaders and fascinating guests for the show.

Maria Varmazes (26:10)

Don't miss the full episodes of Threat Vector every Thursday. You can find the link to subscribe in. Our show notes Deepfake technology is no longer a futuristic threat. It's very much here and it's already wreaking havoc. Last year, Deepfake attacks in video calls surged by a staggering 300%. Cybercriminals are using AI to impersonate people in real time, bypassing facial recognition systems and tricking even the savviest professionals. Even more troubling, these powerful tools are no longer just in the hands of elite hackers. They're now available in crime as a service markets, making it easier than ever for anyone to spoof an identity and launch a scam. The old tricks, like asking someone to look left to catch a distortion, just aren't cutting it anymore. This is a serious wake up call for businesses. Traditional identity verification methods are quickly becoming outdated. To keep up with these evolving threats, companies need to implement multi layered defenses, deploy advanced deepfake detection tools, and most importantly, train employees to spot these sophisticated scams. As deepfake technology continues to evolve at lightning speed, it is essential to rethink how we verify identities and stay one step ahead of cybercriminals. So stay vigilant because those video calls might not be as real as they seem. And that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@ntuk.com NTUK's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Piltzman. Our executive producer is Jennifer Ivan. Peter Kilby is our publisher and I'm Maria Varmazes in for Dave Bittner. Thanks for listening. We'll see you tomorrow.

David Moulton (29:25)

Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.