In today's episode of ILLUMINATOR, Josh sits down with Chase Cunningham (VP of Security Market Research at G2) to delve into the escalating crisis of data breaches. Josh, Joe, and Chase explore why data breaches are becoming more frequent, the evolving tactics of cyber attackers, and the limitations of current cybersecurity measures. Chase shares his insights on the importance of adopting a Zero Trust strategy, the pitfalls of relying on compliance over security, and practical steps CISOs can take to protect their organizations.

Plus, Josh and Joe review some basic need-to-know information and details of the highest profile breaches of the year, including 23andMe, MOVEit, the CrowdStrike incident, the 2023 Microsoft attacks, the AT&T breaches, and more. Don’t miss this crucial conversation on safeguarding your digital life from one of the original masterminds behind Zero Trust.

About today's special guest:

Dr. Chase Cunningham, better known online as “Dr. Zero Trust,” is a retired Navy Chief Cryptologist with over 20 years of experience in Cyber Forensic and Analytic Operations. Chase has worked in some of the most operationally demanding work centers in the world, including the NSA, CIA, FBI, and other government agencies. He is currently the Vice President of Security Market Research at G2, and hosts his own show, the DrZeroTrust podcast.

Notes & References

• “The Continued Threat To Personal Data: Key Factors Behind the 2023 Increase” by Dr. Stuart Madnick of MIT (study commissioned by Apple)
• Chase's article: "Why data breaches have been normalized and 6 things CISOs can do to prevent them"
• Chase’s newest book on leadership, How NOT to lead
• Chase on LinkedIn

Glossary of Terms

• Red/Blue/Purple Team: Red teams are offensive security professionals that test an organization’s security by mimicking the tools and techniques used by real-world attackers. The red team attempts to bypass the blue team’s defenses while avoiding detection. Blue teams are internal IT security teams that defend an organization from attackers, including red teamers, and are constantly working to improve their organization’s cybersecurity. Purple teams combine these tools and techniques to simulate both offensive and defensive methods.
• Zero Day: A zero-day vulnerability is a security flaw in software, hardware, or firmware that is unknown to the vendor and can be exploited before a patch is available. The term "zero-day" refers to the time the vendor has to prepare a patch after the vulnerability is discovered.
• Self-Sovereign Identity (SSI): an identity management model that enables organizations to create fraud-proof Verifiable Credentials and instantly verify the authenticity of those credential. It gives individuals full ownership and control of their digital identities without relying on a central authority.