Get ready for an eye-opening episode recorded live at Infosecurity Europe in London. In this episode, Andy and Matt Frye dissect the results of a comprehensive IT compliance survey conducted by Hornetsecurity. In the rapidly evolving digital landscape, maintaining IT compliance has become a pressing concern for businesses worldwide.  

Tune in to explore the key findings from this survey, featuring insights from over 200 IT professionals representing diverse roles, regions, industries, and experience levels. 

Timestamps:

02:32 – Compliance is a growing concern 

03:52 – Do businesses see compliance as important? 

06:24 – The burden of compliance on IT teams

12:08 – How are businesses verifying compliance? 

14:46 – Trust in the cloud continues to be a problem for some organizations 

17:00 – M365 administrators are struggling with compliance tools 

20:57 – The cost of non-compliance 

Episode Resources:

IT Cybersecurity Compliance Survey 

365 Permission Manager 

Find Andy on LinkedIn, Twitter or Mastadon

Find Matt on LinkedIn

Microsoft’s recent decision to throttle traffic from old and outdated versions of On-Premises Exchange has sent shockwaves through the tech community. In today’s episode, Andy and Paul Schnackenburg delve into the details of Microsoft’s plans to protect Exchange Online against persistently vulnerable on-premises Exchange Servers by throttling and blocking emails from these unsupported servers.

Tune in to understand the reasoning behind Microsoft’s strategy with this change, how organizations can keep themselves protected through process, and where third-party vendors can plug in and provide value.

Timestamps:

4:00 – Microsoft’s plan details and communication

10:50 – Paul and Andy’s thoughts on why Microsoft is making this change

18:40 – Is it “Ethical” for Microsoft to block on-prem Exchange traffic?

26:31 – What should affected organizations do?

Episode Resources:

Microsoft’s Announcement

SMB1 Changes at Microsoft

Hornetsecurity’s 365 Total Protection

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

We’re back for another episode with Lia Fey, Customer Success Lead at Hornetsecurity. In today’s episode, Lia brings her wealth of experience working closely with CISOs on a daily basis to share valuable insights and strategies for effectively collaborating with them.

CISOs face a unique set of challenges as they operate in high-pressure environments and navigate the intersection of compliance requirements as well as the security needs of an organization.

Join us as we explore the multifaceted nature of working with CISOs on security awareness and discover tips and tricks for fostering effective partnerships in the ever-evolving security and compliance landscape.

Timestamps:

3:25 – Initial Impressions and responsibilities of CISOs?

5:47 – CISOs and Interactions with the Rest of the Organization

8:47 – Responsibilities of CISOs

15:59 – What is the Most Effective Way to Communicate with CISOs

21:40 – How can we help CISOs solve difficult business challenges?

Episode Resources:

EP09: Real World Guidance on Security Awareness Service

Security Awareness Service

Andy on LinkedIn, Twitter or Mastodon

Lia on LinkedIn

Senior executives oversee and manage an organization’s information security program. In larger organizations, there may also be a dedicated Compliance Officer. Based on our experience, CISOs often have a foot in the IT and security worlds, as they must navigate IT requirements, governance, legal obligations, and security measures. This presents an exciting challenge for them. However, one tool that can significantly assist in their efforts is the Security Awareness Service.

The Security Awareness Service, such as the one provided by your ultimate partner for complete security Hornetsecurity, offers a comprehensive solution to educate employees and cultivate a security-conscious culture. For more than 15 years, we have been helping organizations minimize the risks associated with cyber threats.

The Security Awareness Service we offer empowers employees with the knowledge and skills to identify and respond to potential security breaches by utilizing interactive training modules, simulated phishing campaigns, and engaging educational content, i.e., it will be your ultimate service to back off any potential threats to your organization if you involve your employees into a complete security of your system.

In today’s episode, our host Andy sits down with Lia Fey, Customer Success Lead at Hornetsecurity, to discuss why employees need to be trained on security awareness and what type of training works best. In addition, they explore the challenges businesses face when trying to train their employees in today’s digital landscape.

Lia Fey brings her expertise to the table and sheds light on real-world scenarios where organizations have successfully prevented attacks because an end user possessed the knowledge and ability to react appropriately.

Timestamps:

2:32 – What is a security awareness service?

9:38 – Why is security awareness training so effective?

12:45 – Measuring end-user success and right-sizing training

20:11 – What is the right kind of end-user security training?

24:22 – Some real-world scenarios

28:35 – Do security awareness services help spot threats outside of email?

Episode Resources:

Security Awareness Service

Cyber Security Report 2023

Andy on LinkedIn, Twitter or Mastodon

Lia on LinkedIn

At Hornetsecurity, we understand that maintaining a sustainable Security Awareness Service can challenge many SEC-OPS teams. It often consumes valuable time and resources. That’s why our Security Awareness Service is designed to alleviate this burden by putting your awareness training on autopilot.

Our Intelligent Awareness Benchmarking feature delivers a patented ESI® (Employee Security Index) that continuously measures and compares employee security behavior throughout your organization. This industry-unique benchmark helps identify individual e-training needs and guides tailored learning content.

Our automated and demand-driven e-training solution, powered by our Awareness Engine, ensures that the relevant learning materials are effortlessly delivered to your employees from where each training is customized to handle their specific requirements and group dynamics.

Regarding spear phishing, our Spear Phishing Engine is at the forefront, providing the highest level of security. It uses multiple realistic and up-to-date email phishing scenarios to equip your employees effectively against sophisticated spear phishing attacks.

Therefore, let Hornetsecurity’s Security Awareness Service take care of your awareness training while you focus on other critical aspects of your organization’s security.

We’re back for another episode with Umut Alemdar – Head of Security Lab here at Hornetsecurity. Today, we’re discussing Advanced Threat Protection (ATP) and its crucial role in detecting, preventing, and responding to increasingly sophisticated cyber threats.

Throughout the episode, Andy and Umut discuss common ATP techniques such as sandboxing, time of click protection, and spam filters, all of which are critical in fortifying defenses against malicious actors. Furthermore, they emphasize the vital function of the natural language understanding module in ATP in detecting sophisticated social engineering attacks.

While this episode focuses on ATP in general, Andy and Umut draw concrete examples from our own ATP scanning methods here at Hornetsecurity.

Timestamps:

2:05 – What is Advanced Threat Protection

5:50 – What are common scanning techniques used by ATP technologies

10:35 – How does Sandboxing work in ATP scanning techniques?

13:07 – What is the role of AI within ATP scanning?

18:09 – Concrete example of where ATP saves the day

20:11 – Scanning for malicious QR codes

Episode Resources:

Advanced Threat Protection

We used ChatGPT to Create Ransomware

Bit.ly QR Code Index

Andy on LinkedIn, Twitter or Mastodon

Umut on LinkedIn

The prevalence of malware in corporate email inboxes has increased, with cybercriminals using CEO fraud, forged invoices, and fake application emails to sneak in harmful software. These nefarious tactics can result in encrypted files, stolen sensitive information, and monitoring of confidential business transactions. The consequences of ransomware, spyware, and viruses can be devastating, causing significant financial damage to companies.

Advanced Threat Protection employs advanced detection mechanisms like spy-out detection, fraud attempt analysis, and intention spoofing recognition to ensure maximum protection from targeted social engineering attacks on employees. To detect malicious intentions, incoming emails are thoroughly checked for specific content patterns, such as payment requests or requests for data output. Luckily, with Advanced Threat Protection, even the most complex cyber-attacks are no match.

In today’s episode, Andy and Umut Alemdar explore one of the most malicious botnets in today’s digital threat landscape: Qakbot. What makes Qakbot so dangerous?

Qakbot originally started out as an information stealer back in 2007. Over the years, it has undergone significant transformations, evolving into a multi-modular malware that poses a severe threat to businesses. In our discussion and analysis, we uncover its attack chain from infecting a system to downloading malicious payload.

Timestamps:

3:24 – What is Qakbot?

5:18 – An overview of Qakbot’s attack chain and capabilities

14:38 – Mitigation and defence strategies for Qakbot

19:48 – What does the future look like for Qakbot?

Episode Resources:

The Reemergence of Emotet and Why Botnets Continue to Return

Security Awareness Service

Advanced Threat Protection

Find Andy on LinkedIn, Twitter or Mastadon

Find Umut on LinkedIn