Skip to main content

Breakfast Bytes with Felicia King

-

In this riveting episode of Breakfast Bytes, host Felicia sits down with Crystal Redmann, the inquisitive Operations Director from Redmann Farms, to dive into the intricacies of network security. Crystal brings forth compelling questions about network segmentation, shedding light on how this fundamental security measure can protect even the smallest of organizations.

As the conversation unfolds, Felicia and Crystal explore the evolving landscape of cybersecurity threats, particularly focusing on the alarming use of AI by cyber criminals. Through vivid analogies and real-life examples, Felicia illustrates the critical need for advanced security measures and the role of zero trust in safeguarding digital assets.

This episode promises to not only educate but also captivate listeners with its deep dive into the world of cybersecurity, making complex topics accessible and engaging for all. Tune in to discover practical insights and proactive strategies to protect your digital world.

Quick recap
Felicia and Crystal discussed the importance of network segmentation and micro segmentation for enhancing security, and the challenges of balancing security and functionality in an organization. They also explored the potential risks of deep faking in financial transactions, the evolving threat landscape, and the need for vigilance in device maintenance. Lastly, they emphasized the concept of zero trust in computer security, the significance of personal data protection, and the need for enterprise-grade security for home use.
   
Understanding Network Segmentation and Security
Crystal expressed her need to understand more about network segmentation and its benefits, particularly in terms of security. Felicia explained the concept of network segmentation, emphasizing its foundational role in network layer security. She elaborated on the concept of micro segmentation, which involves treating different assets differently based on their needs and requirements. Felicia highlighted that this approach can bring enterprise-grade security to even the smallest organizations, making it economically feasible and sustainable.
   
Security Profiling for Device Segments
Felicia discussed the importance of creating a security profile for different segments of devices, such as printers, to prevent unauthorized access, data leakage, and the spread of malware. She emphasized the need to restrict communication between devices to enhance security. However, she pointed out the challenges in implementing this approach across various devices, including TVs, printers, and corporate laptops, on the same subnet, stating that it would be practically and economically impossible. Crystal agreed with Felicia's assessment.
   
Balancing Security and Functionality in AI
Felicia discussed the importance of balancing security and functionality in an organization, using the example of the unregulated use of AI leading to potential risks. She emphasized the need for a governance system and leadership that prioritize risk management. Felicia also highlighted the potential of AI being used by cybercriminals, mentioning its use in creating deepfakes and its ability to collect and analyze vast amounts of data. She suggested using services like Abine's Delete Me to reduce the number of lists an individual is on and advised against publicly listing employees on company websites.
   
Deep Faking Risks in Financial Transactions
Felicia discussed the potential risks of deep faking in the context of financial transactions. She highlighted an instance where seven people at a company were deep faked, with one legitimate participant, who was the only one to realize the fraud. Crystal expressed her concern after learning about this case. Felicia further explained that AI could potentially execute a video conference call deep fake to manipulate financial decisions, emphasizing the importance of having proper protocols in place.
   
AI Training and Evolving Threat Landscape
Felicia emphasized the importance and effectiveness of the AI training they offer, highlighting its practicality and relevance. She also discussed the evolving threat landscape, particularly the increasing sophistication of malware and the emergence of ransomware kits that allow even novice users to generate their own variants. Felicia pointed out the limitations of signature-based detection in the face of such evolving threats and advocated for a zero trust approach. She also expressed skepticism about the effectiveness of paying ransomware demands, suggesting it to be a naive approach.
   
Computer Maintenance and Device Integrity Concerns
Felicia explained the challenges and potential threats in computer and device maintenance, emphasizing the need for vigilance and dynamic live updating databases. She highlighted the risks associated with malware and the need to question the integrity of peripherals like USB devices, keyboards, and monitors. Felicia also discussed the importance of procurement policies that prevent the use of unverified or potentially compromised devices. Crystal expressed concern about the threats posed by USB phone chargers, leading Felicia to suggest the use of wireless chargers as a safer alternative.
   
Zero Trust Concept in Computer Security
Felicia explained the concept of zero trust in computer security, emphasizing the importance of assuming all unknown or unclassified computer behavior is malicious until it's been inspected. She detailed how this approach, coupled with machine learning and AI, has led to no breaches among clients under their full management. Felicia also clarified the term's significance, stating that 'antivirus' only represents a small portion of the necessary protection capabilities for an individual computer. Crystal, on the other hand, questioned the effectiveness of antivirus software and its impact on machine learning.
   
Personal Data Protection and Enterprise-Grade Security
Crystal and Felicia discussed the importance of personal data protection and the need for enterprise-grade security for home use. Felicia emphasized the risks of using unverified or low-quality devices and highlighted the significance of brand reputation in ensuring security. Crystal acknowledged her previous naivety about these threats and expressed her commitment to further inquire about these issues. Both agreed to continue this discussion in future meetings.