Summary
In this episode of “The Defender’s Log,” host David Redekop interviews Alexander Rau, a cybersecurity partner at KPMG, about the evolving incident response (IR) landscape.
Rau notes that the past summer was exceptionally busy for IR, driven largely by zero-day firewall vulnerabilities. He highlights that threat actors are innovating, even using AI chatbots for initial ransom negotiations.
They discuss the challenges of the “human element.” Rau warns that multi-factor authentication (MFA) is no longer a silver bullet against Business Email Compromise (BEC) due to threats like session token stealing and sophisticated deepfakes.
Rau expresses significant concern for small-to-medium businesses (SMBs), which he calls the “backbone of the Canadian industry.” He observes that SMBs often lack the resources for proactive cybersecurity, only prioritizing it after a devastating breach. When an incident occurs, Rau says his team’s role is to bring a calm, methodical “marathon, not a sprint” approach to the client’s chaos.
Rau’s final advice, especially for SMBs, is to ask for help. He stresses that investing in proactive security, even through a small managed services provider, is far cheaper than the costs of recovering from an attack.
Full episode of The Defender’s Log here:
Defending the Frontline: Ransomware, AI, and Real-World Lessons | Alexander Rau | The Defender’s Log
TL;DR
- This past summer was the busiest on record for KPMG’s incident response (IR) team, driven largely by threat actors exploiting zero-day vulnerabilities in common firewalls.
- The two biggest threats are Ransomware (often technical) and Business Email Compromise (BEC), which targets the human element. Attackers now bypass MFA with session-token stealing and use AI/deepfakes to create highly convincing scams.
- A major concern is the cybersecurity gap for Small-Medium Businesses (SMBs). They often lack the resources to be proactive and only address security after a devastating incident, even though they are the backbone of the economy
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from Security BoulevardRead the original article: