UnHacked Episode 15 – The War Room-Surviving Cyber Attacks
Jimmy (Hats.ai):
- Focused on AI data governance and security
- Emphasized the importance of controlling where AI data is stored and processed
- Warned about employees using free AI tools that could expose company data
- Suggested AI adoption is moving 100x faster than early internet adoption
- Recommended businesses implement AI now to maintain competitive advantage
Mike Hornsby (BlockWorks):
- Emphasizes prevention is possible with proper precautions
- Provides vendor diversity by evaluating and scoring different security tools
- Offers a free roadmap called "21 blocks" for security implementation
- Noted many organizations haven't implemented basic free security measures like MFA
Cynthia (CyberQP):
- Focuses on password management and security
- Addresses the problem of "standing privilege" in admin accounts
- Provides identity verification for help desk password resets
- Offers self-service password reset capabilities
- Includes SOC 2 Type 2 certification
Kelsey (Infamous Security):
- Specializes in security awareness training
- Uses behavioral science-based approach
- Provides phishing simulation tests
- Emphasizes the human element as the weakest security link
Jennifer (Galactic Advisors):
- Provides third-party cybersecurity assessments
- Helps identify unknown vulnerabilities
- Generates detailed reports (often 100+ pages)
- Validates MSP recommendations to clients
Schedule Your Free Security Assessment
Key Takeaways:
The two biggest security vulnerabilities identified:
- Phishing attacks (#1 threat)
- Password breaches (#2 threat)
Critical Security Elements:
- Employee training and security awareness
- Strong password management
- Regular third-party assessments
- Incident response planning
Cultural Aspects:
- Security awareness needs to be embedded in company culture
- Leadership must participate in security training
- Consider both incentives (rewards) and consequences for security compliance
- Security should be treated as an ongoing journey, not a destination
Business Owner Advice:
- Don't rely solely on internal IT or family members for security
- Security needs constant updating and verification
- Consider working with MSPs who have access to enterprise-level tools
- Implement both preventive measures and incident response plans
The hosts emphasized that while 100% security might not be achievable, organizations can reach high levels of protection through proper implementation of security measures, regular assessment, and maintaining a security-focused culture.
