11K
Downloads
70
Episodes
Stay ahead of the latest cybersecurity trends with Cyberside Chats! Listen to our weekly podcast every Tuesday at 6:30 a.m. ET, and join us live once a month for breaking news, emerging threats, and actionable solutions. Whether you’re a cybersecurity professional or an executive looking to understand how to protect your organization, cybersecurity experts Sherri Davidoff and Matt Durrin will help you stay informed and proactively prepare for today’s top cybersecurity threats, AI-driven attack and defense strategies, and more!
Join us monthly for an interactive Cyberside Chats: Live!
Youtube channel: https://www.youtube.com/LMGsecurity
Register Here: https://lmgsecurity.zoom.us/webinar/register/WN_4FpdxB0VQo6aURK1p7_k_g
Episodes
2 days ago
2 days ago
In this episode of Cyberside Chats, Sherri Davidoff and Matt Durrin break down what may be the largest education-sector data breach in history: the massive compromise of Canvas by Instructure. With more than 275 million records reportedly stolen and over 8,800 educational institutions impacted, the incident highlights the dangers of cloud concentration risk, where a single vendor breach can create a domino effect across an entire industry.
The discussion dives into the tactics allegedly used by the Shiny Hunters threat group, the risks of SaaS platform overreliance, and the troubling gap between vendor assurances and real-world containment. Matt and Sherri also explore lessons organizations can apply immediately, including phishing-resistant MFA, monitoring for bulk data exfiltration, data retention reduction, and why every “incident contained” statement should be treated cautiously until independently verified.
Key Takeaways:
1. Inventory every SaaS vendor that holds your identity, communications, or user data, and rank them by blast radius. You cannot manage concentration risk you have not measured. The output is a one-page list, ranked by how many users would be exposed if the vendor were breached tomorrow.
2. Enforce phishing-resistant multifactor authentication on every administrative and remote-access account. Hardware security keys or platform authenticators that meet the FIDO2 standard. SMS codes and push notifications are not sufficient against the current voice-phishing playbook. Apply this to every administrative account at every vendor in your inventory.
3. Monitor and alert on bulk data exfiltration across your critical SaaS platforms. Configure threshold-based alerts and additional controls to detect or prevent mass exports of sensitive information through APIs or administrative tools. If an account is compromised, the goal is to stop attackers before they can empty the entire database.
4. Set and enforce a data retention schedule that deletes records when their operational purpose ends. The Illuminate FTC consent order specifically requires this, which is a signal that retention is now in enforcement scope. Data you no longer need is data the next breach will steal.
5. Treat any vendor claim of "incident contained" as a hypothesis until your own monitoring confirms it. Maintain independent visibility into the data flowing in and out of critical SaaS platforms — through your identity provider logs, your CASB, or the vendor's own audit feed. The five-day gap between Instructure's containment claim and the second-wave defacement is the case study.
No comments yet. Be the first to say something!