Business Security Weekly (Audio)

The top social engineering attacks involve manipulating human psychology to gain access to sensitive information or systems. The most prevalent methods include various forms of phishing, pretexting, and baiting, which are often used as initial entry points for more complex attacks like business email compromise (BEC) and ransomware deployment. How do you control what users click on?
Even with integrated email solutions, like Microsoft 365, you can't control what they click on. They see a convincing email, are in a rush, or are simply distracted. Next thing you know, they enter their credentials, approve the MFA prompt—and just like that, the cybercriminals get in with full access to users' accounts. Is there anyway to stop this?
Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how ThreatLocker Cloud Control leverages built-in intelligence to assess whether a connection from a protected device originates from a trusted network. By only allowing users from IP addresses and networks deemed trusted by ThreatLocker to get in—phishing and token theft attacks are rendered useless. So, no matter how successful cybercriminals are with their phishing attacks and token thefts—all their efforts are useless now.
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
In the leadership and communications segment, Finance and security leaders are at odds over cyber priorities, and it's harming enterprises, The Importance of Strong Leadership in IT and Cybersecurity Teams, How CIOs [and CISOs] can retain talent as pay growth slows, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-432

Key emerging risks include cybersecurity (41%) and Generative AI (Gen AI) (35%), both of which present challenges in skill development and retention. The growing reliance on external providers reflects these gaps. In two years, strategic risk has fallen 10% as technological advancements have shifted auditors' attention away from strategy. So what are the top concerns?
Tim Lietz, National Practice Leader Internal Audit Risk & Compliance at Jefferson Wells, joins Business Security Weekly to discuss the shifting priorities for internal audit leaders, with technology, business transformation and digitization remaining central amid rising economic uncertainty. This reflects the broader economic challenges and uncertainties that organizations are facing in the current environment. Tim will discuss the need for enhanced skills inAI, cybersecurity and digital transformation and why Internal Audit is increasingly seen as a strategic partner in navigating transformation within their organizations.
Segment Resources: - https://www.jeffersonwells.com/en/internal-audit-report-2025
In the leadership and communications segment, Conventional Cybersecurity Won't Protect Your AI, Will Cybersecurity Budgets Increase in 2026?, To Execute a Unified Strategy, Leaders Need to Shadow Each Other, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-431

The three proactive security principles of visibility, prioritization, and remediation have always been the foundation of vulnerability management teams. But these teams face continuous challenges. How do you address these challenges?
Erik Nost, Senior Analyst at Forrester, joins Business Security Weekly to break down the six questions that need to be answered for each proactive security principle: who, what, when, where, why, and how. The introduction of generative AI (genAI) into proactive security promises to provide a broader and speedier ability to answer these questions, providing further opportunities for the proactive security market to grow.
In the leadership and communications segment, What the CEO and C-Suite Must Ask Before Building an AI Enabled Enterprise, Don't Underestimate the Value of Professional Friendships, What Kevin Bacon Can Teach You About Cybersecurity Career, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-430

Cyber threats and cyber criminals indiscriminately target the old as well as young regardless of race, creed or origin. Teens and young adults must realize that on the Internet nobody knows you're a rat. How do we keep kids and young adults safe in an era of AI-driven attacks?
Tom Arnold, Adjunct Professor, Digital Evidence & Forensics, Cybersecurity Graduate Program at the University of Nevada Las Vegas, joins Business Security Weekly to discuss his new book: The Digital Detective: First Intervention. We examine how technologies like deepfakes, voice cloning, and hyper-personalized scams are being used to target younger audiences, and what parents, educators, communities, and CISOs can do to build awareness, resilience, and smart digital habits.
Learn how today's highly organized operations, powered by automation and advanced AI, power the bad actors' tools, techniques, and procedures—making them more effective than ever. Understanding the past helps us prepare for the future—and protect the next generation online, including our employees.
Segment Resources:
https://www.idigitaldetective.com/blog
https://www.idigitaldetective.com/
https://www.unlv.edu/degree/ms-cybersecurity
In the leadership and communications segment, Executives say cybersecurity has outgrown the IT department, The Most Dangerous Leadership Mistake Isn't a Wrong Answer. It's a Wrong Question, Building cyber talent through competition, residency, and real-world immersion, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-429

CISO pressures are on the rise - board expectations, executive alignment, AI, and personal liability - and that's all on top of your normal security pressures. With all these pressures, CISO burnout is on the rise. How do we detect it and help prevent it? Easier said than done. In this Say Easy, Do Hard segment, we tackle the health and wellness of the CISO.
In part 1, we discuss the increased pressures CISOs face. We all know them, but how are they impacting our daily lives, both at work and at home. In part 2, we discuss detection and prevention techniques to help avoid burnout, including:
Detecting the signs of stress
Acknowledging there is a problem
Asking for help
Techniques to deal with stress
Industry and community support
This is a serious problem in our industry and one we want to continue to focus on as we head into another stressful 2026.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw-428