How do phishing scams, AI-powered attacks, and strategic governance intersect? Together, they're redefining the future of cybersecurity. Organizations are navigating a mix of challenges and implementing innovative solutions to proactively address today's threats.

Today's guest is Kelly Hood. She is the EVP and cybersecurity engineer at Optics Cyber Solutions. She is a CISSP who specializes in implementing cybersecurity and privacy best practices to manage risks and to achieve compliance. She supports the NIST cybersecurity framework and serves as a CMMC registered practitioner, helping organizations strengthen their cybersecurity posture and develop effective risk management strategies.

• [01:06] - Kelly is a cyber security engineer at Optic Cyber Solutions. It's her job to help companies protect themselves.
• [02:17] - Don't be embarrassed if you fall for a phishing scam.
• [03:01] - These attempts are getting more realistic. Kelly shares how she was briefly fooled by a phishing scam that looks like an email from her mother.
• [05:25] - The NIST Cybersecurity Framework is a voluntary framework for defining cybersecurity. An update was put out in February of 2024. They also added a new function.
• [06:01] - The five functions that organize a cybersecurity program have been to identify, protect, detect, respond, and recover. They recently added the govern function.
• [06:38] - The govern function is about defining your business objective and then putting protections in place that makes sense for those objectives.
• [09:01] - The identify function is focused on knowing what we have.
• [09:40] - Protect includes everything from identity management, authentication, training, data security, and platform security.
• [10:12] - Detect is looking at what's happening around us. It's continuous monitoring and knowing what happens if something goes wrong.
• [11:00] - Respond is knowing what the plan is when something does happen.
• [12:01] - Recover is about getting back to normal after something happens.
• [16:22] - Data centers want to make sure that they have redundant power supplies.
• [17:33] - We discuss some of the things that people might forget when identifying cybersecurity assets. Data and people need to be thought about as well as systems and hardware.
• [21:00] - We need to write things down and understand what systems and data connections we have.
• [23:10] - We talk about the importance of being aware of the physical space and who is actually supposed to be there.
• [24:46] - Data is one of the assets that often gets overlooked for protection. There are many new requirements that require data to be protected.
• [27:54] - Monitoring to understand what traffic you should expect and what is and isn't normal activity is also important.
• [31:10] - Transparency and communication are paramount for creating trust.
• [33:51] - Sometimes recovery doesn't mean 100%. Get up and running and prioritize the systems that matter most.
• [36:56] - With governance, you really want to look at what you're trying to do with the business and then translate cybersecurity to fit that objective.
• [37:27] - Have guidance documentation in place and have oversight.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Optic Cyber Solutions
• (MaPT) Maturity and Progress Tracker
• Optic Cyber Solutions on LinkedIn
• Optic Cyber YouTube
• NIST Cybersecurity Framework

When you search for customer service numbers online, you might come across a scammer’s number instead. It’s important to be cautious when sharing personal information, and to verify identities before responding to requests for sensitive data.

Today’s guest is Mona Terry. As Chief Victims Officer at Identity Theft Resource Center, she navigates the complexities of identity protection and identity crime recovery and management of multi-million dollar federal grants. She analyzes victim experiences to create ITRC’s Identity Report and to provide information about new and ongoing trends in identity crimes.

• [0:55] - Mona describes her role as Chief Victims Officer at Identity Theft Resource Center and how she found herself in this job.
• [3:18] - Identity crimes include theft, compromise, and misuse. What’s the difference?
• [4:26] - The number one recorded compromise is through scams, where people give their information to someone else.
• [5:30] - It is also becoming more common for someone to search for a customer service number and come across a scammer’s number instead.
• [7:01] - Some of the strategies in detecting fake websites are not helpful any longer with scammers using AI tools to make things look more legitimate.
• [10:10] - Misuse is when someone else takes over your account and is making charges or establishing new accounts in your name.
• [11:41] - Account takeovers don't only include credit cards. Social media account takeovers can be just as dangerous and more common.
• [13:28] - Identity theft is what it sounds like—stealing information with the intent to misuse it.
• [15:24] - If you suspect something is compromised, Mona recommends freezing your credit account.
• [16:45] - Freezing your account and checking credit reports is easier than it used to be.
• [19:32] - Mona describes how the Identity Theft Resource Center walks victims through the steps in resolving problems.
• [21:23] - Some situations are harder to resolve than others.
• [23:51] - Team members at Identity Theft Resource Center are not therapists, but they are trauma informed and listen to victims as they are guided through a process.
• [26:27] - When working with the Identity Theft Resource Center, clients get a recovery plan.
• [29:08] - If victims have tried something or don’t feel comfortable with something, ITRC can step in and help.
• [31:50] - Don’t be afraid to check for problems. Sometimes problems don’t show themselves immediately.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Identity Theft Resource Center Website