Podcast Appearances
So you don't want something to leak, for example, then
You default deny everyone who doesn't need to be working on it.
Right.
And then slowly over time, you start to bring in more and more people.
The closer you get to announcing something, that way you can keep track of who is in the know about something so that it doesn't go where it's not supposed to.
So the zero trust model actually feels very familiar to me.
Yeah, that's true.
I don't know if you look at the Threat Labs report, it's called In the Wild.
I've taken a look through it.
And what's interesting to me is like how automated these attack campaigns and deep fakes can become at this stage.
So it's almost like the same as like you would try to automate processes within an actual business.
And that's how a lot of these cybercrime organizations are functioning now is more like a Fortune 500 and less like an underground seedy institution.
But use of AI for like deep faking or
phishing and things like that.
That to me is scary.
And I feel as though I've heard stories about like now there's needs to be like more human level security protocols with people because you'll have a person who's being impersonated maybe on the phone calling a lower level person and that person works in finance and they're being directed to do something that they're actually not supposed to do.
But they're getting the pressure of I'm the CEO or I'm the CFO.
I'm telling you I'm giving permission.
But now there need to be more human sort of level protocols where it's like, is there a secret word that only you know and you've spoken verbally?
Or how do you prevent the impersonation from threatening your organization?