This episode explores the costs associated with implementing essential cyber hygiene as outlined by the CIS Critical Security Controls Implementation Group 1 (IG1). We delve into the different approaches enterprises can take – utilizing on-premises tools, leveraging Cloud Service Providers (CSPs), or partnering with Managed Service Providers (MSPs). Drawing on the guide's research, we discuss the types of tools and policies needed for the 10 areas of cyber defense, explore budgeting considerations for different enterprise sizes, and highlight how IG1 Safeguards can provide significant protection against common threats for a relatively low cost. Learn how to make informed and prioritized decisions to secure your enterprise, whether through owned infrastructure, outsourced services, or a hybrid approach.
 
www.securitycareers.help/the-price-of-protection-making-cis-ig1-cyber-hygiene-achievable-and-affordable
https://baseline.compliancehub.wiki
 

Join us as we dive into Google Threat Intelligence Group's (GTIG) comprehensive analysis of zero-day exploitation in 2024. Drawing directly from the latest research, this episode explores the 75 zero-day vulnerabilities tracked in the wild. While the overall number saw a slight decrease from 2023, the analysis reveals a steady upward trend over the past four years. Discover the significant shift towards targeting enterprise-focused technologies, which jumped to 44% of tracked zero-days in 2024, up from 37% in 2023. We examine why security and networking products have become high-value targets, making up over 60% of enterprise exploitation, and the implications for defenders. Learn about the continued targeting of end-user platforms like desktop operating systems, especially Microsoft Windows, which saw an increase in exploitation, contrasting with decreased exploitation observed in browsers and mobile devices. We also break down who is driving this exploitation, with espionage actors (government-backed and commercial surveillance vendors) leading the charge, accounting for over 50% of attributed vulnerabilities. Hear about the persistent activity of PRC-backed groups targeting security technologies and the notable rise of North Korean actors mixing espionage and financial motives. Finally, we touch on the most frequently exploited vulnerability types and what vendors and defenders can do to counter these evolving threats. This episode provides a detailed look into the complex and changing world of zero-day exploitation in 2024, offering insights beyond just the numbers.
 
breached.company/technical-brief-a-deep-dive-into-2024-zero-day-exploitation-trends

Join us as we unpack the critical insights from the Verizon 2025 Data Breach Investigations Report. This episode dives deep into the report's most prominent themes, highlighting the ever-increasing involvement of third parties in data breaches and the persistent influence of the human element, which was involved in 60% of breaches this year. We explore the prevalent incident patterns including System Intrusion, often involving ransomware, Basic Web Application Attacks, largely driven by stolen credentials, and Social Engineering, where phishing and pretexting remain key techniques, now joined by emerging threats like prompt bombing. Drawing on data collected from November 1, 2023, to October 31, 2024, we discuss how attackers exploit vulnerabilities, how different industries and organizations of all sizes are targeted, and the importance of frameworks like VERIS for understanding the threat landscape. Tune in to gain actionable insights directly supported by the data and analysis from the DBIR sources.
 
breached.company/navigating-the-modern-threat-landscape-key-insights-from-the-verizon-dbir-2025

Explore the complex and widespread cybersecurity threat landscape currently facing the European Union. This episode delves into the findings of recent reports, highlighting how geopolitical tensions and the rapid pace of digitisation are fueling a surge in malicious cyber activity. We discuss the substantial threat level assessed for the EU, meaning direct targeting and serious disruptions are realistic possibilities [previous turn]. You'll learn about the most reported attacks, including Denial-of-Service (DoS/DDoS/RDoS) and ransomware, and how threats against data are also prevalent. We break down the key threat actors – from financially motivated cybercriminals and well-funded state-nexus groups focused on espionage and disruption, to increasingly unpredictable hacktivists driven by geopolitical events. Discover how threats are evolving, including the shift in ransomware tactics, the rise of hacker-for-hire services, the use of AI in creating fake content and misinformation, and the persistent danger posed by the exploitation of unpatched vulnerabilities and sophisticated supply chain attacks. We also look at which sectors are most targeted, including public administration and transport, and peer into the future to understand how emerging technologies like AI and quantum computing will shape the threat landscape towards 2030.
www.compliancehub.wiki/understanding-the-evolving-cybersecurity-threat-landscape-in-the-eu-an-in-depth-analysis-for-compliance/
https://gdpriso.com/
https://baseline.compliancehub.wiki/
 

Incident response is a critical part of cybersecurity risk management and should be integrated across organizational operations. This episode explores the recommendations and considerations for incorporating cybersecurity incident response throughout an organization’s cybersecurity risk management activities, as described by the new NIST Special Publication (SP) 800-61 Revision 3. We'll discuss how NIST SP 800-61r3, a CSF 2.0 Community Profile, uses the NIST Cybersecurity Framework (CSF) 2.0 Functions to provide a common language and structure for these efforts. Learn how the Govern, Identify, and Protect functions support preparation activities, while the Detect, Respond, and Recover functions cover the incident response itself. We'll also highlight the crucial role of continuous improvement, feeding lessons learned back into the overall strategy. This guidance aims to help organizations prepare for incidents, reduce their number and impact, and improve the efficiency and effectiveness of detection, response, and recovery activities. This episode is intended for cybersecurity program leadership, cybersecurity personnel, and others responsible for handling cybersecurity incidents
 
www.compliancehub.wiki/beyond-reaction-integrating-incident-response-into-your-cybersecurity-risk-management-strategy-with-nist-sp-800-61r3
https://irmaturityassessment.com
https://cyberinsurancecalc.com
 

Achieving cyber resilience is a complex and dynamic journey with no one-size-fits-all solution. This episode explores how organizations can significantly improve their cyber resilience posture by leveraging the shared experiences, insights, and front-line practices of their peers and the wider ecosystem. Drawing on insights from the Cyber Resilience Compass initiative, we discuss why sharing what works in practice is essential for building collective knowledge in the field. You'll hear how participating in consultations and workshops, engaging in information-sharing networks like ISACs and CERTs, collaborating with external parties, and learning from real-world case studies can provide vital inspiration and direction. Discover how this collaborative approach helps organizations identify effective strategies, shape their resilience roadmaps, make well-informed decisions, and transition towards a more consistent and future-ready approach, ultimately enhancing the resilience of the entire ecosystem.
 
breached.company/navigating-the-digital-storm-why-shared-experiences-are-your-compass-to-cyber-resilience

Join us as we delve into the European Data Protection Board's (EDPB) 2024 Annual Report to understand how they championed data protection in a year marked by significant technological and regulatory shifts. This episode will cover the key milestones and priorities outlined in the EDPB's 2024-2027 Strategy, designed to strengthen, modernise, and harmonise data protection across Europe
 
www.compliancehub.wiki/edpb-2024-navigating-the-complexities-of-data-protection-in-a-rapidly-evolving-digital-landscape

Join us as we delve into the key findings of the FBI's 2024 Internet Crime Complaint Center (IC3) Annual Report. This year marks the 25th anniversary of IC3, which serves as the primary destination for the public to report cyber-enabled crime and fraud. The report reveals a staggering new record for losses reported to IC3, totaling $16.6 billion in 2024. This represents a 33 percent increase from 2023. We'll explore the most impactful crime types by reported loss, including Investment fraud ($6.57 billion), Business Email Compromise ($2.77 billion), and Tech Support scams ($1.46 billion), which are collectively responsible for the bulk of reported losses. A major factor contributing to these losses is the increasing use of cryptocurrency, which served as a descriptor in 149,686 complaints and was associated with $9.3 billion in losses in 2024, a 66% increase in losses. We'll also examine the significant impact on different age groups, noting that individuals over the age of 60 suffered the most losses ($4.885 billion) and submitted the most complaints (147,127). For this age group, Investment fraud ($1.834 billion) and Tech Support scams ($982 million) resulted in the highest reported losses, and cryptocurrency was referenced in 33,369 complaints with over $2.8 billion in losses. The episode will also touch upon the IC3's core functions including collection, analysis, public awareness, and referrals, its role in partnering with law enforcement and the private sector, and notable efforts like the IC3 Recovery Asset Team which assists in freezing funds for victims of fraudulent transactions, demonstrating a 66% success rate in 2024, and Operation Level Up, which successfully notified victims of cryptocurrency investment fraud, resulting in estimated savings
 
breached.company/the-2024-ic3-report-record-cybercrime-losses-highlight-escalating-digital-threats