Cyberside Chats: Cybersecurity Insights from the Experts

When a company built on sensitive data collapses, what happens to the information it collected? In this episode of Cyberside Chats, we examine 23andMe’s data breach, its March 2025 bankruptcy, and the uncomfortable parallels with the 2009 Flyclear shutdown. What happens to biometric or genetic data when a vendor goes under? What protections failed—and what should corporate security leaders do differently? 

Drawing from past and present breaches, we offer a roadmap for corporate resilience. Learn practical steps for protecting your data when your vendors can’t protect themselves. 

#Cybersecurity #Databreach #23andMe #CISO #IT #ITsecurity #infosec #DFIR #Privacy #RiskManagement

Unauthorized communication platforms—aka shadow channels—are increasingly used within enterprise and government environments, as demonstrated by the recent Signal scandal. In this week's episode of Cyberside Chats, special guest Karen Sprenger, COO at LMG Security, joins Matt Durrin to delve into the critical issue of shadow IT, focusing on recent controversies involving unauthorized communication tools like Signal and Gmail in sensitive governmental contexts. Matt and Karen discuss the risks associated with consumer-grade apps in enterprise environments, the need to balance usability and security, and how organizations can better manage their communication tools to mitigate these risks.

This episode will cover:

• What platforms like Signal offer—and their limitations in enterprise settings.

• Why users bypass official channels and how it leads to compliance failures.

• Real-world implications from recent incidents, including U.S. officials using unsecured communication tools.

• The broader shadow IT landscape and why it’s a pressing issue for security leaders.

Join us in exploring the headlines and takeaways that can help organizations avoid similar pitfalls!

#Cybersecurity #ShadowChannels #CybersideChats #UnauthorizedPlatforms #Signal #DataLeaks #Compliance #Infosec #ShadowIT #IT #Cyber #Cyberaware ETech #CISO

Governments are pushing for encryption backdoors—but at what cost? In this episode of Cyberside Chats, we break down Apple’s fight against the UK’s demands, the global backlash, and what it means for cybersecurity professionals. Are backdoors a necessary tool for law enforcement, or do they open the floodgates for cybercriminals? Join us as we explore real-world risks, historical backdoor failures, and what IT leaders should watch for in evolving encryption policies.

Stay informed about how these developments affect corporate data privacy and the evolving landscape of cybersecurity legislation. A must-watch for anyone interested in understanding the complex interplay between technology, privacy, and government control.

#cyberthreats #encryptedcommunications #Apple #encryption #encryptionbackdoors #cybersecurity

AI-generated deepfakes and voice phishing attacks are rapidly evolving, tricking even the most tech-savvy professionals. In this episode of Cyberside Chats, we break down real-world cases where cybercriminals used deepfake videos, voice clones, and trusted platforms like YouTube, Google, and Apple to bypass security defenses. Learn how these scams work and what IT and security leaders can do to protect their organizations. 

Takeaways: 

• Educate Staff on Deep Fake & Voice Cloning Threats – Train employees to recognize red flags in AI-generated phishing attempts, including voice calls that sound slightly robotic, rushed password reset requests, and unexpected changes in vendor communications. 

• Verify Before You Trust – Encourage employees to independently verify unexpected requests, even if they appear to come from trusted platforms (e.g., YouTube, Apple, Google). Use known contacts, not the contact information in the suspicious message. 

• Strengthen MFA Policies – Require phishing-resistant MFA methods (e.g., FIDO2 security keys) and educate users on MFA fatigue attacks, where criminals bombard them with authentication requests to wear them down. 

• Limit Publicly Available Information – Reduce exposure by minimizing executives' and employees' personal and professional information online, as attackers use this data to create convincing deepfakes and social engineering schemes. 
• Monitor Trusted Platforms for Abuse – Attackers are exploiting YouTube, Google Forms, and other legitimate services to distribute phishing content. Set up alerts and regularly review security logs for unusual access attempts or fraudulent messages. 

Tune in to understand the impact of digital deception and discover practical steps to safeguard against these innovative yet insidious attacks affecting individuals and businesses alike.

#Deepfakes #Phishing #SocialEngineering #CISO #Cyberattacks #VoicePhishing #Cybersecurity #VoiceCloning #CybersideChats

Recent telecom breaches have exposed a critical security risk for businesses everywhere. Nation-state hackers and cybercriminals are stealing metadata, tracking high-profile targets, and even intercepting calls—all without breaking into corporate networks. In this episode, we analyze major telecom hacks, including the Salt Typhoon breach, and share practical strategies for IT leaders to protect their organizations from targeted attacks using telecom data. 

Key Takeaways: 

• Strengthen authentication for financial transactions. Don’t rely on the phone!  

• Train staff to recognize spoofed calls and phishing texts that mimic trusted partners. Stay aware – assume telecom metadata can be weaponized 

• Limit what employees share over calls and texts. Consider using encrypted communications, such as Signal, for any highly sensitive conversations.  

• Require telecom service providers to disclose security practices and past breaches 

• Have a contingency plan for telecom outages, including backup communication channels and alternative ways to verify urgent requests. 

Don't forget to follow our podcast for fresh, weekly cybersecurity news!

#Cybersecurity #TelecomSecurity #SaltTyphoon #Spoofing #Metadata #Infosec #Phishing #CyberThreats #NationStateHackers #BusinessSecurity #CybersideChats #EncryptedCommunications #ITSecurity

The March 2025 Microsoft Outlook outage left thousands of organizations scrambling. But this wasn’t just an isolated event—recent outages from CrowdStrike, AT&T, and UK banks highlight the systemic risks businesses face. In this episode, we break down the latest Microsoft outage, discuss its impact on cyber insurance, and provide actionable steps to help organizations reduce the risk of business disruption.

Join Sherri Davidoff and Matt Durrin as they discuss the broader implications of such outages, emphasizing the importance of effective risk management, especially for organizations heavily reliant on cloud services.

Actionable Takeaways:

• Develop a Communications Plan – Ensure employees have backup communication methods for cloud service outages.
• Strengthen Vendor Risk Management – Assess dependencies on critical providers and establish alternative solutions.
• Test Business Continuity Plans (BCP) – Run outage simulations to improve response time and decision-making.
• Evaluate Cyber Insurance Coverage – Confirm policies include business interruption coverage, not just cyberattacks.
• Monitor for Early Warnings – Set up alerts for vendor status updates and cybersecurity advisories.
• Reduce Single Points of Failure – Implement multi-cloud or hybrid infrastructure to avoid total reliance on a single provider.

Links & References:

• Microsoft’s Global Outage Coverage (CNBC)
• Cyber Insurance Report – Business Interruption Trends (AM Best)
• CrowdStrike Q4 2025 Earnings Report
• UK Banking System Outage (The Times)
• World Economic Forum Cybersecurity Outlook 2025

#microsoft #microsoftoutage #cybersecurity #cyberaware #businesscontinuityplanning #businesscontinuity #cyberinsurance #LMGsecurity #CybersideChats

Do you think your old cloud storage is harmless? Think again. This week on Cyberside Chats, Sherri and Matt dive into shocking new research from Watchtowr that reveals how hackers can take over abandoned Amazon S3 buckets—and use them to infiltrate government agencies, Fortune 500 companies, and critical infrastructure. We’ll break down real-world examples of how this risk can be exploited, including malware-laced software updates, hijacked VPN configurations, and compromised open-source dependencies. Plus, we’ll share practical strategies to protect your organization from this growing cybersecurity threat!

Links & Resources: 

• Watchtowr’s Research on Abandoned S3 Buckets: https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/ 

• How Encryption Works by Sherri: https://www.youtube.com/watch?v=ALsXbShTWJk 

• LMG Security’s Cloud Security Audits: https://www.LMGsecurity.com/services/advisory-compliance/cloud-security-assessment/ 

Like what you heard? Subscribe to Cyberside Chats for more expert cybersecurity insights every week. 

#cybersecurity #databreach #AWS #S3 #CISO #Cloud #AWSsecurity #Hackers #Infosec #IncidentResponse

In this episode of Cyberside Chats, we dive into the world of ransomware, focusing on the notorious Ghost Ransomware Gang. Recently flagged by the FBI and CISA, Ghost has targeted organizations in over 70 countries. We explore their methods of infiltration, with a spotlight on outdated software vulnerabilities, and discuss how organizations can fortify their defenses.

We'll also provide insights into the broader ransomware landscape, including trends and statistics for 2024, and offer practical advice on protecting against these cyber threats. Lastly, we delve into the operations of the RansomHub group, revealing their so-called 'ethical' hacking practices.

Join Sherri Davidoff and Matt Durrin as they unravel these cyber threats and equip you with strategies to safeguard your organization.

#ransomware #ransomwareattacks #cybersecurity #cyberaware #GhostRansomware #CISA