Some CISOs fear auditors more than they fear actual hackers…
Table of Contents
Compliance has become a crucial focus with the implementation of regulations like the GDPR, CCPA, and various global data privacy directives. But whilst many organizations have rightfully turned their focus to said compliance, does it actually ensure better (cyber)security?
The unfortunate truth is that, even if a company, program or appliance is compliant with all relevant regulations, it doesn’t necessarily mean that said company, program or appliance is also well secured.
In this ‘Bridging the Gap’ episode of Threat Talks, host Lieuwe Jan, special guest Pieter de Lange (CISO Transdev) and ON2IT CISO Tim Timmermans discuss how to bridge the gap between compliance and practical cybersecurity requirements.
Compliance isn’t the be-all-end-all of cybersecurity; so how do we approach it then?
P.S. Think you can spot the secret code in this episode? Join the treasure hunt, submit the code and win your very own Threat Talks t-shirt!
Deep Dive – Accellion File Transfer Application
You’ve diligently chosen a file transfer tool that is widely trusted, certified and compliant with all the necessary regulations – so you’ve done everything right, yes? But what if being compliant doesn’t actually mean you’re secure?
For this Deep Dive, host Lieuwe Jan Koning is joined by Threat Intel Specialist Luca Cipriano and CISO Tim Timmermans as they explore a critical case study: Accellion.
Over 300 companies, including major players like Shell and the Reserve Bank of New Zealand, relied upon this trusted secure file transfer solution.
But when an attack hit its legacy version, these organizations found out the hard way that compliance doesn’t always equal security.
Deep Dive – OKTA Data Breach
How does a company specializing in Identity and Access Management like OKTA suffer a data breach?
In this case, a service account password was inadvertently saved by an OKTA employee to their personal Google account, which led to the credentials being leaked. This incident exposed a significant gap in compliance and highlighted how human error can result in even the most well-respected cybersecurity companies being compromised.
In this Deep Dive, Tim Timmermans (CISO ON2IT) and Rob Maas (Field CTO ON2IT) join host Lieuwe Jan Koning to unpack how this breach occurred, and what lessons we can all learn from it.
If even cybersecurity companies are vulnerable, how can you ensure your organization stays protected?
Deep Dive – Capital One Data Breach
Capital One—a leader in finance—learned the hard way that even compliant systems can fail if they’re not configured correctly. In this Deep Dive, we explore how a simple misconfiguration in their web application firewall (and a hacker with insider knowledge) led to over 100 million credit applications being leaked.
Host Lieuwe Jan Koning, Tim Timmermans (CISO ON2IT) and Luca Cipriano (Threat Intel Specialist CTO ON2IT) reveal how this could happen, and what lessons we can all learn from it. How do you make sure you catch misconfigurations? And what other steps can you take to protect yourself against data breaches?
Did you know?
Each series of Threat Talks episodes comes with it’s own infographic, detailing all the threats that were discussed.
If you’re looking for a brief overview of these threats, listing each specific step the hacker took, and what mitigations would’ve helped stop them, check out our Compliance infographic!
Follow our Threat Talks podcast
Stay up to date with the latest developments in the world of cybersecurity! Alongside industry experts, we explore recent cyber threats, what their impact was and how to prevent these threats in the future.