Off the Wire: A Play by Play on Cybersecurity and Technology Issues

## Off The Wire Podcast Show Notes

### Episode: Backups and Data Recovery with Brian Williams from Rubrik

**Guest:** Brian Williams, Rubrik

**Location:** NCLGISA Conference 2024, Downtown Wilmington

### Key Topics Discussed

#### Importance of Backups
- **Personal Anecdote:** Anthony shares advice from his mentor on the importance of backups.
- **Monthly Backup Reviews:** Ensuring regular checks and recovery plans.

#### Transition to Rubrik
- **Migration Experience:** Anthony discusses his positive experience migrating to Rubrik.
- **Onboarding Process:** Highlights the comprehensive onboarding and quarterly meetings Rubrik provides.

#### Role of Backup Engineers
- **Critical Role:** Brian emphasizes the evolving and crucial role of backup engineers.
- **Backups Beyond Cybersecurity:** Discussion on various scenarios where backups are vital.

#### Tape Backups and Air Gapping
- **Nostalgia:** Reminiscing about tape backups.
- **Air Gapping:** Importance of air-gapped backups for data security.

#### Modern Backup Strategies
- **Three-Two-One Method:** Explanation of three copies, two types of media, one off-site.
- **Four-Three-Two Method:** Discussion on more extensive backup strategies.

#### Cloud-Based Backups
- **Pros and Cons:** Evaluating the benefits and drawbacks of cloud-only backups.
- **Internet Dependency:** Challenges with relying solely on internet connections for backup and recovery.

#### Immutability and Data Security
- **Defining Immutability:** Data that cannot be edited or changed.
- **Zero Trust for Backups:** Ensuring no unauthorized access or changes to backup data.

#### Data Integrity and Reliability
- **Testing Restorations:** Regularly testing backup data for integrity and reliability.
- **Fingerprints and Checksums:** Using these methods to ensure data consistency.

#### Regional Backup Strategies
- **Geographic Distribution:** Replicating data to different locations to ensure regional disaster recovery.

#### Real-World Examples
- **Local Government Incidents:** Discussing the impact of ransomware on local governments and the importance of having robust backups.

### Quarterly Checkups with Rubrik
- **Relationship Building:** Importance of maintaining a strong relationship between Rubrik and its clients.
- **Health Checks:** Regular assessments of the backup system’s health and client needs.

### Recommendations for All Organizations
- **Robust Testing:** Developing a rigorous and regular testing schedule for backups.
- **Self-Scouting:** Continuously evaluating and improving backup strategies.
- **Courage to Address Gaps:** Identifying and addressing potential security gaps proactively.

### Conclusion
- **Final Thoughts:** Emphasis on the importance of backups and continuous improvement.
- **Next Steps:** Encouraging organizations to adopt best practices for data security and backup integrity.

### Call to Action
- **Subscribe to the Podcast:** Encouragement to subscribe to Off The Wire on all major podcast platforms.
- **Share the Podcast:** Request to share the podcast with others who might benefit from the content.

---

For more information on Rubrik and their backup solutions, visit [Rubrik's website](https://www.rubrik.com). 

Stay tuned for more episodes and insightful discussions on Off The Wire!

**Podcast Episode Summary: Off the Wire - Cybersecurity Insights from the Verizon 2024 Data Breach Investigations Report**

**Hosts:** Anthony Kent and Tanner Greer

**Episode Overview:**
In this episode of Off the Wire, hosts Anthony Kent and Tanner Greer dive deep into the Verizon 2024 Data Breach Investigations Report (DBIR). With their combined 35 years of experience in the IT industry, they provide valuable insights into the latest trends and findings in cybersecurity.

**Key Topics Discussed:**

1. **History and Importance of the DBIR:**
   - The DBIR, introduced by Verizon in 2008, has become a cornerstone report in the cybersecurity industry, analyzing thousands of real-world security incidents annually.
   - This year’s report analyzed 30,458 security incidents and 10,626 confirmed data breaches across 94 countries.

2. **Ransomware and Extortion:**
   - Ransomware and extortion account for 32% of all breaches. While ransomware attacks declined by 23%, extortion incidents rose by 9%.

3. **Human Element in Breaches:**
   - Human errors continue to play a significant role, with 68% of breaches involving a human element such as social engineering or misuse of privileges.
   - Financial costs of breaches vary widely, with the average cost in the 95th percentile being $46,000.

4. **Vulnerability Exploitation:**
   - Exploitation of vulnerabilities increased by 180% over the previous year, highlighting the importance of minimizing internet attack surfaces.

5. **Attack Vectors:**
   - The most common attack vectors include web application credentials, phishing emails, and web application vulnerabilities.

6. **Denial of Service Attacks:**
   - 50% of incidents involved denial of service (DoS) attacks, which are relatively easy to deploy and often highly successful.

7. **Lost and Stolen Assets:**
   - Laptops are the most likely assets to go missing, with lost assets more likely to result in data breaches than in previous years.

8. **Privilege Misuse:**
   - Privilege misuse, mainly by internal actors, remains a steady threat, with personal and banking data being the most targeted.

9. **Artificial Intelligence:**
   - Despite the hype, AI’s role in cyberattacks is minimal, though there is some concern about its potential use in social engineering and deep fakes.

**Mitigation Strategies:**
- Stick to cybersecurity fundamentals like updating and patching systems.
- Leverage multifactor authentication and employee training.
- Implement device hardening and least access policies.
- Follow the CIS controls referenced in the DBIR to strengthen cybersecurity frameworks.

**Call to Action:**
- Subscribe to Off the Wire on your favorite podcast platform for more cybersecurity and technology insights.
- Visit their new website, offthewirepodcast.com, and follow them on social media (YouTube, X, Facebook, LinkedIn).
- Download the full Verizon 2024 DBIR at verizon.com/DBIR.

**Upcoming Episodes:**
- Off the Wire will release new episodes every other Monday before 8 AM, perfect for your commute.

## Off the Wire Podcast Show Notes

### Episode Summary
Welcome to the Off the Wire podcast, your go-to source for insights into the fast-paced world of cybersecurity and technology. This episode features a new co-host, Tanner Greer, who joins Anthony Kent to discuss a critical topic: what happens when users work from home.

### Key Topics Covered
1. **Introduction of New Co-host Tanner Greer**
   - Anthony Kent introduces Tanner Greer, highlighting his extensive experience in the co-op world and his contributions to the field of IT and cybersecurity.
   - Tanner shares his background and journey from entry-level IT roles to his current position as CTO.

2. **Impact of COVID-19 on Remote Work**
   - Discussion on how COVID-19 has forced organizations to support remote work, highlighting both challenges and opportunities.
   - The shift to remote work and its implications on cybersecurity, including the need for new security measures.

3. **Challenges of Securing Remote Work Environments**
   - The increased complexity of securing networks as employees work from home or other remote locations.
   - The vulnerabilities of home networks and the risks posed by mobile devices and personal usage on work devices.
   - Real-life examples of phishing attacks and other security breaches.

4. **Best Practices for Remote Work Security**
   - The importance of endpoint protection and hardening, including the use of EDR (Endpoint Detection and Response) tools like CrowdStrike.
   - Strategies for patch management and remote support using tools like Endpoint Central and Secure Gateway Server.
   - Implementing DNS protection and micro-segmentation to limit lateral movement and protect sensitive data.

5. **User Education and Awareness**
   - The role of continuous user education in maintaining security, including live training sessions and the use of security awareness platforms.
   - Encouraging good security habits like locking devices when not in use and avoiding the use of work email addresses for personal accounts.
   - The importance of tools like Duo for multifactor authentication and additional security checks.

6. **The Future of Remote Work Security**
   - Emphasizing the need for organizations to adopt a Zero Trust approach, treating all devices and networks as potentially insecure.
   - The potential benefits of using VDI (Virtual Desktop Infrastructure) to maintain control over remote work environments.
   - The ongoing need for adaptation and vigilance in cybersecurity practices as remote work continues to evolve.

### Key Takeaways
- Remote work introduces significant security challenges that require robust solutions and continuous education.
- Tools like EDR, DNS protection, and multifactor authentication are essential in securing remote environments.
- User education is crucial in fostering a culture of security awareness and proactive behavior.
- Adopting a Zero Trust approach and leveraging modern security tools can help mitigate risks associated with remote work.

### Resources Mentioned
- CrowdStrike for EDR and vulnerability scanning.
- Endpoint Central and Secure Gateway Server for patch management and remote support.
- Duo for multifactor authentication and device security checks.
- Cisco Umbrella for DNS protection.
- Have I Been Pwned for checking compromised email addresses.

### Closing Remarks
Anthony and Tanner emphasize the importance of staying vigilant and continuously improving security practices to protect against evolving threats in the cybersecurity landscape. They encourage listeners to implement the discussed strategies and remain proactive in their security efforts.

Tune in next time for more insights and expert analysis on the Off the Wire podcast!

Join us in this episode as we delve into the world of cybersecurity with the Center for Internet Security (CIS). As a community-driven nonprofit, CIS is responsible for establishing the CIS Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. 

Discover how CIS supports the cyber threat prevention, protection, response, and recovery efforts of U.S. State, Local, Tribal, and Territorial government entities through the Multi-State Information Sharing and Analysis Center® (MS-ISAC®) and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®). 

Learn about CIS Membership pricing tiers and the benefits they offer, including access to essential cybersecurity resources like the CIS Controls and CIS Benchmarks. Explore the different Implementation Groups (IG) within the CIS Controls and the recommended security settings provided by CIS Benchmarks for various systems, such as Microsoft Server, Linux, and IOS.

Find out about other CIS offerings and how CIS, in partnership with Accenture and CrowdStrike, provides Managed Security Services (MSS) and Endpoint Security Services (ESS) to help organizations enhance their cybersecurity posture. Additionally, discover innovative solutions like Malicious Domain Blocking and Reporting Plus (MDBR+) and Albert Network Monitoring and Management, designed to bolster security for government organizations and private hospitals. Join us to uncover the comprehensive cybersecurity offerings available through CIS and why they're essential for safeguarding your digital assets in today's threat landscape.

In Episode 12 of our podcast series, we delve into the world of cybersecurity, focusing on the benefits and drawbacks of implementing vendor access solutions.

We kick off by exploring the pros of enhancing cybersecurity measures. From fortified security protocols to streamlined centralized management and strict compliance adherence, we uncover how these solutions can bolster your organization's defenses against cyber threats.

However, as with any solution, there are potential drawbacks to consider. We delve into how implementing robust cybersecurity measures may inadvertently slow down support processes, increase overhead for IT departments, and result in ongoing costs that can strain budgets.

Join me as we navigate the intricate landscape of cybersecurity, empowering you with the knowledge to make informed decisions to safeguard your organization's digital integrity.

Available on Apple Podcasts, Spotify, YouTube, and your favorite podcast app, this episode promises valuable insights into cybersecurity and its implications for your business. Stay tuned for expert analysis and practical advice.

In this episode, we dive deep into the fundamental practices necessary for safeguarding your organization's digital infrastructure.

Join us as we explore crucial topics such as patch management, application control, vulnerability scanning, and the principle of least privilege. With insights gleaned from years of experience in protecting sensitive networks, we offer actionable strategies that apply to every level of your organization.

Learn why patching everything is non-negotiable, and why it's imperative to speak with authority when it comes to operating securely. Discover the importance of limiting applications and questioning the necessity of ubiquitous tools like Chrome.

We delve into the necessity of vulnerability scans, emphasizing the need for regular, credentialed scans to ensure your defenses remain robust. And when vulnerabilities are found, we discuss mitigation strategies to minimize risk effectively.

But security isn't just an IT concern—it's a company-wide responsibility. Find out why all IT personnel, from help desk to data analysts, should possess a baseline understanding of security principles.

Discover how the use of Security Technical Implementation Guides (STIGs) and CISA Benchmarks can elevate your security posture, reinforcing the principle of least privilege and hardening your systems against potential threats.

In our discussion on policy enforcement, we highlight the importance of technical solutions in achieving compliance. While policies are crucial, we emphasize the need for practical, technical measures to fortify your network against evolving threats.

So join us as we share our insights, lessons learned, and practical advice in "Securing Your Network." Because in today's digital landscape, proactive defense is the key to staying ahead of the curve.

Tune in to uncover the 10 essential lessons learned from protecting a DoD network, and embark on your journey towards a more secure tomorrow.

Summary of Podcast Notes:

Introduction:
- The podcast welcomes listeners with a brief introduction to the episode.
- The episode overview discusses the future of the IT Manager role.

Main Content:
- The role of IT Managers is explored, detailing responsibilities such as overseeing IT systems, managing personnel, training, budget management, and day-to-day operations.
- Differences between an IT Manager, VP of IT, and CIO are outlined.
- The importance of having a strategic IT leadership role, such as a CIO or VP of IT, is emphasized, including their responsibilities in aligning technology with business objectives, long-term planning, and ensuring efficiency.
- The absence of a CIO or similar leadership role can lead to various challenges such as lack of strategic direction, inefficient resource utilization, security vulnerabilities, limited innovation, and poor decision-making.
- The increasing importance of technology in organizations, with IT leaders potentially transitioning into CEO roles.
- IT professionals are encouraged to adopt a CIO mindset regardless of their current role, and the importance of seeking organizations that support professional growth is highlighted.

Outro:
- The episode concludes with a recap of key points and closing remarks thanking listeners and encouraging engagement through social media.

Timeline Bullets:
- Responsibilities of IT Managers are detailed, covering various aspects of IT operations and management.
- Responsibilities of CIOs are outlined, focusing on strategic direction and long-term planning.
- Challenges associated with the absence of a CIO or similar leadership role are highlighted.
- The evolving role of technology in organizations, with potential opportunities for IT professionals to transition into CEO roles, is discussed.
- The importance of adopting a CIO mindset and seeking growth-supportive organizations is emphasized.

Broadcom's acquisition of VMware has created uncertainty among many, leading some to explore alternatives. Broadcom has shifted from perpetual licensing to a subscription model, with significant price increases. Layoffs have occurred, and the company plans to divest some assets. VMware partner agreements are being canceled, requiring reapplication for partnership. Broadcom's focus on global enterprise systems raises questions about support for coops and local governments. The free version of ESXi is discontinued, while other VMware offerings undergo restructuring. Broadcom intends to halve VMware Cloud Foundation offerings to encourage migration. The move away from VMware products prompts consideration of alternatives like Microsoft's Hyper-V, Scale, Nutanix, and open-source tools. Investors are eyeing potential returns following Broadcom's stock increase. CEO Hock Tan emphasized VMware's hardware and cloud agnostic approach. VMware Cloud Foundation facilitates seamless operation across various environments, supporting hybrid multi-cloud setups.