MGM Grand breach: How attackers got in and what it means for security | Guest Aaron Painter
HTML-код
- Опубликовано: 19 июн 2024
- Today on Cyber Work, we’re talking about last September’s breach of the MGM Grand Casino chain, an attack that led to a week of tech failure, downtime and over a hundred million dollars in lost revenue. The attackers were able to get in via a point that my guest, Aaron Painter of Nametag Inc, said is a common point of failure: the request for a password and credential reset from the helpdesk, and the ever-frustrating “security questions” approach to making sure you are who you are. Nametag is built to create an alternative to security questions and go beyond MFA to create a method of verification that is even resistant to AI Deepfake attempts!
This conversation goes into lots of interesting spaces, including career mapping, the importance of diverse design teams and the benefits of security awareness training, plus you get to learn about an amazing piece of emergent tech!
0:00 - A new method of online verification
3:15 - First getting into cybersecurity and computers
7:03 - Aaron Painter's work experiences
10:37 - Learning cybersecurity around the world
11:32 - Starting Nametag
16:25 - Average work week as Nametag CEO
19:10 - Cybersecurity learning methods
21:15 - The MGM cyberattack explained
26:07 - MGM fail safes bad actors surpassed
29:26 - Security awareness training
31:35 - Are data breaches the new normal
34:05 - How Nametag safeguards online data
37:59 - AI deepfakes
40:19 - Using Nametag
42:20 - How to learn AI deep fake defense
44:14 - Design choices in digital identity
45:54 - Different backgrounds in cybersecurity
46:59 - Aaron Painter's favorite part of his work
48:01 - Best cybersecurity career advice
49:00 - Learn more about Nametag
50:06 - Outro
- Get your FREE cybersecurity training resources: www.infosecinstitute.com/free
- View Cyber Work Podcast transcripts and additional episodes: www.infosecinstitute.com/podcast
About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com. 
Наука
This video has given me two more subjects the investigate.😃👍
Thanks
I've always despised security questions. The questions are recycled and how many of these answers have been breached and leaked?
Not to mention the number of people that give their own security answers away every time a friend posts a Facebook engagement quiz! "Your first dog's name + the street you grew up on = your Jedi name" etc. etc.
Social Engineering, the only technique feared even by the elite cyber security professionals🤞🏾