Enterprise Security Weekly (Video) – Details, episodes & analysis

OT/ICS/SCADA systems are often off limits to cybersecurity folks, and exempt from many controls. Attackers don't care how fragile these systems are, however. For attackers aiming to disrupt operations, fragile but critical systems fit criminals' plans nicely.

In this interview, we discuss the challenge of securing OT systems with Todd Peterson and Joshua Hay from Junto Security.

This segment is sponsored by Junto Security. Visit https://securityweekly.com/junto to learn more!

This week's topic segment is all about tuning your 'spidey sense' to spot myths and misconceptions online so we can avoid amplifying AI slop, scams, and other forms of Internet bunk. It was inspired by this LinkedIn post, but we've got a cybersecurity story in the news that we could have easily used for this as well (the report from MIT).

Finally, in the enterprise security news,

1. Some interesting fundings
2. Some more interesting acquisitions
3. a new AI-related term has been coined: cyberslop
4. the latest insights from cyber insurance claims
5. The AI security market isn't nearly as big as it might seem
6. cybercriminals are targeting trucking and logistics to steal goods
7. Sorry dads, science says the smarts come from mom

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-432

Frontline workers can't afford to be slowed down by manual, repetitive logins, especially in mission-critical industries where both security and productivity are crucial. This segment will explore how inefficient login methods erode productivity, while workarounds like shared credentials increase risk, highlighting why passwordless authentication is emerging as a game-changer for frontline access to shared devices. Joel Burleson-Davis, Chief Technology Officer of Imprivata, will share how organizations can adopt frictionless and secure access management to improve both security and frontline efficiency at scale.

Segment Resources:

• Putting Complex Passwords to Work For You

This segment is sponsored by Imprivata. Visit https://securityweekly.com/imprivata to learn more about them!

Vendors are finding, after integrating agents into their processes, that agentic AI can get expensive very quickly. Of course, this isn't surprising when your goal is "review all my third party contracts and fill out questionnaires for me" and the pricing is X DOLLARS for 1M TOKENS blah blah context window, max model thinking model blah blah. No one knows what the conversion is from "review my contracts" to millions of tokens, so everyone is left to just test it out and see what the bill is at the end of the month.

As we saw with Cloud when adoption started increasing in the early 2010s, we are naturally entering the era of AI cost optimization. In this segment, we'll discuss what that means, how it affects the market, and how it affects the use of AI in cybersecurity.

Jackie mentions this story from Wired in the segment: https://www.wired.com/story/ai-bubble-will-burst/

Finally, in the enterprise security news,

1. we've got funding and acquisitions
2. 7 red flags you're doing cloud wrong
3. security standards for open source projects
4. post mortems of attacks on open source supply chain
5. some analysis on current and historic AWS outages
6. a deep dive
7. some dumpster fires
8. and how much would you pay for a robot that puts away the dishes?

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-431

In this episode, Dave Lewis from 1Password discusses the critical importance of security in mergers and acquisitions, from due diligence through integration. He explores common pitfalls, essential security assessments, and practical strategies for security leaders to protect organizational value throughout the M&A process.

Every industry concerned with safety has a process for publishing the details of accidents, incidents, and failures. Cybersecurity has yet to reach this milestone, and hiding the details of failures is holding us back. This talk will argue for the need for breach details to go public, and share strategies for finding and using some little-known sources of detailed breach data.

Finally, in the enterprise security news,

1. A funding, a few acquisitions, and an IPO for the first time in forever!
2. Attackers are really actually starting to use AI now
3. Some researcher spent all of August poking holes in all the AI tools
4. Someone got Microsoft Copilot to be an accomplice in a coverup
5. Microsoft is making a big change in Azure that will probably break some stuff
6. No, Flipper Zero can't help you steal your car (just the stuff in it)
7. Domain names are free to register now, maybe?
8. Disgruntled former employee goes to jail
9. AI tricked into doing more bad things

All that and more, on this episode of Enterprise Security Weekly.

This segment is sponsored by 1Password. Visit https://securityweekly.com/1password to learn more about them!

Show Notes: https://securityweekly.com/esw-422

Finally, in the enterprise security news,

1. HUMAN, Relyance AI, and watchTowr raise funding this week
2. Alternative paths to becoming a CISO
3. Vendor booths don't have to suck (for vendors or conference attendees!)
4. Budget planning guidance for 2025
5. CISOs might not be that great at predicting their own future needs
6. Use this one easy trick to bypass EDR!
7. Analyzing the latest breaches and malware
8. You probably shouldn't buy a Fisker Ocean, no matter how cheap they get

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-380

Paul and Matt discuss Bay Dynamics and VMware joining forces, the confessions of an insecure coder, Flexera acquiring BDNA, and more enterprise security news!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode61

Visit http://securityweekly.com/esw for all the latest episodes!

Tom Parker is the Group Technology Officer of Accenture Security and a recognized thought leader in the security industry. He's known for his research in adversary and threat profiling and software vulnerability.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode61

Visit http://securityweekly.com/esw for all the latest episodes!

Don Pezet of ITProTV joins us to discuss network security architecture. How does it affect your enterprise? Secure networks closely depend on its performance, reliability, and security.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode60

Visit http://securityweekly.com/esw for all the latest episodes!

Threat Intelligence, starting the Avalanche, Sealpath and Boldon James partner on document security classification and protection, and Oracle injects AI into its IoT cloud portfolio.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode60

Visit http://securityweekly.com/esw for all the latest episodes!

Matt and Michael discuss JASK, Automox, and more vendors that have stood out to them in the realms of security operations and endpoint protection!

Full Show Notes: https://wiki.securityweekly.com/ES_Episode59

Visit http://securityweekly.com/esw for all the latest episodes!

Paul asked our Twitter followers about their favorite open-source alternatives to Nagios for monitoring system and service availability, and we listened, of course! Hear Paul's essential enterprise network monitoring tools in this segment.

Full Show Notes: https://wiki.securityweekly.com/ES_Episode59

Visit http://securityweekly.com/esw for all the latest episodes!