Crucial Tech

With the exception of people in insurance, nobody like to talk about insurance. That's why, three years ago, few people felt sorry for the insurance industry as it reeled from claims due to multiple natural disasters, rising costs of automobile repairs and, more specifically, data breaches. Last year, however, was a banner year for cyber insurance while cyber criminals took the financial hit. The size of the global cyber insurance market is predicted to see rapid growth the total market size increasing $20 billion (U.S.) by 2025. That turnaround is largely due to insurance companies requiring heavy prerequisites for cyber awareness, basic cyber hygiene an mandatory, ongoing audits. One of those companies is Upfort, providing a variety of services to the insurance industry to vet potential clients and make sure they stay secure through training, unique firewalls, and red teaming services. We talked to their CEO XingXin about how companies like his are turning the tables on criminals and making insurance

It has been a bad month for cybercrime. Yes, attacks are on the way up. Yes, they are still extorting money and causing infrastructure chaos. But there is a massive, shadow-busting spotlight on them right where they live and defense technology is advanced enough that they are hearing footfalls of law enforcement behind them. Recently a faked call from "President Joe Biden" to New Hampshire Democrats urged them not to vote in the state’s primary. It only took a few weeks using AI-detection tools to not only identify what company provided the technology but also the user himself. For today’s episode, we followed this theme and called one of our favorite technologists, Vijay Balasubramaniyan, CEO of Pindrop, whose technology can reliably identify AI-generated video and audio tech. Vijay would not confirm whether his product was used in this investigation. You will hear him demur that “we can’t comment on an active investigation.” But he said it in such a way that I’m pretty sure it was. Also, he was i

Biometric multi-factor authentication is all the rage in security. And yet it is also the cause of terror for security-minded folk. For every breakthrough we get a news story about how it has caused harm. Some systems can’t identify people of color as well as it can caucasian people, which has been a problem of photographic technology for decades. Police using the systems have ended up surveilling if not arresting the wrong people. Using DNA to get an AI to develop a suspect’s face has similar weaknesses. Most recently in Southeast Asia, thieves set up a video call employing deep fake videos to pose as a CFO and financial team and get an employee to transfer $25 million to the thief’s account. In Thailand and Vietnam, hackers stole biometric data to drain accounts in local banks. The last example demonstrates the need for industrywide cooperation in establishing safeguards. The theft was facilitated by the banks using their facial ID recognition software, not that has been developed to industry standards

Generally speaking, 70-90 percent of digital breaches in the world result from human error; someone just not taking proper precautions like not clicking on a link in an email from someone you don't know. But in the healthcare industry, human error is the least of their problems. A whopping 84 percent of breaches are the result of vulnerabilities in the network, both hardware and software. One of those vulnerabilities is in how a clinic or other provider collects and stores that data, so we talked with Hari Prasad, CEO of Yosi Health, about that particular problem and how we can protect that important information. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Sam Altman, CEO of OpenAI has infamously said the goal of AI companies is to build AI without concern for application or safety. The safety stuff can be figured out later, he thinks. Luckily there are multiple industries popping up to take care of the application and safety issues concurrently with AI development. Companies like Centific are prt of that effort making sure the data used in training AIs is "clean." In other words, it is both accurate and safe. That's a tough job, according to CEO Venkat Rangapuram, but doable. This interview was conducted in October and my apologies for the delay. If it is true that we have a certain number of things to finish before we die, then I am so far behind I may live forever. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Every year, Wired Magazine publishes an article naming the most dangerous people on the internet and, quite frankly, who gets chosen is fairly obvious, but not altogether accurate. At least that is what we think at Cyber Protection Magazine. So this year, we took our shot at naming the most dangerous people. Give a listen and tell us what you think. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Harri Hursti is an internationally recognized expert on election security and was a focal point in two HBO specials on the subject: Hacking Democracy (2006) and Kill Chain: The Cyber Wars Against America's Elections. So when we decided to do a special issue on election security at Cyber Protection Magazine this year, getting an interview with him was high on our priority list. We didn't expect it to happen so early, but it's a great start. Hursti runs the Voting Village program at DefCon every year in Las Vegas, under the sponsorship of the Election Integrity Foundation In this longer-than-normal interview we got deep into whether the world's elections are secure (they aren't but it is getting better), what companies are producing secure technology for voting (they aren't), and how good intentions make voting insecure. Forget the coffee, get an adult drink and listen. This is also the first episode of many this year to be sponsored by Safety National Insurance, providing protection f

In a world awash in AI-generated, intentional misinformation and urban myths, would you bet your job on the reliability of the information you want to share? You might be betting someone's life on it. Disinformation (intentional misinformation) has become a major support for both sides of all conflicts in the world. Once called propaganda, technology, mostly social media, has turned state-controlled information into a virtually immortal beast that can end up turning on its creator. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Two years ago we interviewed Jen Caltrider, head of Mozilla foundation's Privacy Not Included group and got an earful about how bad Meta's privacy was in its products. This year we caught up to Jen and she said they are still bad, but in two years they've been surpassed by Amazon and Google. Before you head out to buy those IoT gifts for Christmas, you might want to listen to this podcast and then check out the site. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Synthedia, a data research company focused on generative AI and synthetic media markets, dropped a study recently on awareness of deep fake and voice cloning technology that raised some interesting numbers. We are doing a deeper dive on the subject at Cyber Protection Magazine next week, but we sat down with Vijay Subramaniyan, the CEO of PinDrop, a study sponsor, to talk more generally about the findings and what the dangers of the technology are. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

The bulk of this episode is about the importance of updating your software no matter how painful it is, and we learn some valuable information about the FREE services of Trackd from its CEO Mike Starr that will help you do that with minimum fuss. But the REAL reason I did this interview is that in their pitch to me and in Mike's interview, they used some statistics about the problem of cybercrime and its effects that are not based on truth. They've just been repeated over and over again. That is an inherent problem in technology companies in particular: nobody checks their "facts" and, eventually, the customers learn that the vendors don't know what they are talking about, which kills sales. That is at the heart of the SEC lawsuit against SolarWinds. What the company thought their services and tools could do was not accurate. They weren't trying to fool the customers, but they did fool themselves. For the next few months, I'll be digging into the theme of "Lies, damn lies, a

Instances of LinkedIn users having their accounts hijacked are a familiar occurrence on social media. Reddit has multiple discussions about the nightmare of trying to restore access to this crucial business tool. So when a friend called me in a panic about having it happen to him, I knew it would be a great opportunity to test out the advice I give to others who have been hit. It isn't easy. It requires patience. And you need all the help you can get from friends. But it can be done. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

The breach of the Las Vegas casinos in August has been the subject of a lot of news and commentary, but one thing that hasn't been discussed is what went on in the 15-minute call to the help desk. This interview with Ryan Healy-Ogden of Click Armor, and Bojan Simic of HYPR takes two completely different takes on that conversation and what can be done to prevent similar breaches. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

The rise of generative AI products for commercial use is probably the fastest and most controversial of any technological advance in history. Governments are scrambling to understand and regulate its use. Billions are being invested in development. At the same time, the general public’s interest in the technology has waned and industry pioneer OpenAI announced a potential bankruptcy in 2024 unless significant new investment is forthcoming. But there is apparently no putting the genie back in the bottle and it is left to all of us to figure out what we can do with it without causing outright disaster. So, for this episode, we have brought this panel of experts to talk about how we can defend against the malicious use of the technology while we mine the benefits. Hyrum Anderson, co-Not With a Bug But a Sticker and an accomplished data scientist with a historical understanding of the tech going back decades; Haseeb Khan, Generative AI Ambassador and at Google; and representing the user base, Milan Lazich, a seni

An August report from the Canadian Centre for Cyber Security said over the next two years, Canada is going to face significant threats from state-supported cyberattacks from Russia, China and North Korea. Canada? What the heck did Canada do to earn the ire of those folks. Canadians are arguably the nicest people in the world. So we called up our favorite Canadian “cybersleuth”, Ian Thornton-Trump, Cyjax’s CISO. to get the skinny. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Most people don't think about accessibility when it comes to the internet. We think of ramps and braille signs and audiobooks. But physical and developmental issues are much more complex than being able to get into a restaurant, especially when it comes to security. I talked with Justin Merhoff, chief of security for Deque (pronounced Dee-cue) Systems in Virginia about the need to make software and digital systems usable for all people, not just most people. And there is an action item for all you in the audience. The National Institute for Science and Technology is working on the first draft of NIST SP 800-50, a standard for cybersecurity and privacy learning, but this draft contains virtually nothing related to people with physical and learning disabilities. If you or people you care about fit that category, now is your chance to give feedback for that standard≥ Go to the site and download the form for comments. Make your voice heard now. --- Send in a voice message: https://podcasters.spotify.com/p

There are several reports indicating that the gravy train is about to come to a screeching halt in the cybersecurity industry. Fortune 1000 companies are freezing or cutting back on purchasing budgets for tools and services, which will hit the majority of private and start-up companies that have focused on that segment for 10 years. It's not all bad news. 80 percent of the potential market is all blue water, but it comprises small to medium businesses (SMB) that are not cyber-savvy, and are ready to buy... as long as you can explain what you do in their terms, and demonstrate it works. We talked with Richard Stiennon, founder and chief analyst for IT-Harvest, and Grant Wernick, CEO of Fletch that is enjoying remarkable success and growth by serving the smaller customers. While you are listening, drop us a line and we will send you information about how you can sponsor our special edition to be distributed at it-sa365 in Germany this year. --- Send in a voice message: https://podcasters.spotify.com/pod

As generative AI (GAI) platforms become more commonplace, concern over their security issues is growing. As with any digital product, security relies on four arenas. User responsibility, corporate accountability, government regulation and industry standards. The first two are unreliable because users feel put out by having to protect themselves and corporations don’t like to spend money on security upfront. That leads to the third arena, legislation produced by people who don’t know the difference between a thumb drive and a thumbtack. That put a lot of the load on industry standards and one of the most active is the European Telecommunications Standard Institute (ETSI). Cyber Protection Magazine’s (CPM) editors Lou Covey and Patrick Boch sat down with Scott Cadzow, chair of ETSI’s Specification Group for Securing Artificial Intelligence about the progress and problems of standardizing safe GAI. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast:

One of the major points of contention in the SAG-Aftra/Writers Guild strike is over ownership of the image and voice of performers. Bob Iger said allowing actors to control the use of the image is disruptive to the current paradigm. But my conversation with Anna Bulakh of Repeecher revealed what the studios want is actually the disruption. Anna is the head of ethics for Respeecher. Yes, you heard that right. The HEAD OF ETHICS. Blows my mind. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support

Most of the discussion about generative AI is either focused on how good or bad it is, without ever discussing that it is JUST a tool. We talked with Anurag Gurtu, chief product officer of StrikeReady, about how the technology can enhance, not replace human involvement. --- Send in a voice message: https://podcasters.spotify.com/pod/show/crucialtech/message Support this podcast: https://podcasters.spotify.com/pod/show/crucialtech/support