Drex covers three critical cybersecurity trends: companies swapping full-time security staff for platform subscriptions (requiring premium salaries for contract managers), the rise of AI agents in both cyber defense and attacks, and voice phishing campaigns targeting CRM systems like Salesforce that have compromised major brands including Adidas and Victoria's Secret. Healthcare organizations face unique risks from PHI exposure and must balance automation with human oversight while training staff on voice-based social engineering attacks.
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Everyone. I'm Drex and this is the two minute drill where I cover three hot security stories twice a week. All part of the 2 29 Project. Cyber and Risk community here at this week. Health Sign Up. I'll keep you posted on the latest webinars and podcasts and other inside info, including our upcoming in-person events like the 2 29 Project City Tour dinners and summits.
And if you've not been to one of those and you're a CXO, send me a note. You should be there. The question I'm most often asked at the end of these events is, when can I come again? So hopefully you'd have the same experience. It's easy to stay in the know. Go to this week, health.com/subscribe and sign up for all the latest insights, including of course, our security and risk updates.
Great to see everyone today. Here's some stuff you might wanna know about a new trend. I don't know if it's a new trend. It's a trend. Companies are swapping full-time security pros for cybersecurity platform subscriptions. On paper, it may be cheaper. The platform tools promised automated detection response and even compliance reporting, especially when it's paired with some really solid services from that company.
But there's a catch. The tools don't replace kind of human intuition, especially when attackers are creative and patient and it's not. So much about replacing people, or at least to me it shouldn't be. It's about kind of reshaping what those people do. Unfortunately, I think sometimes that means lower level security jobs are being automated, are rolled into managed services providers who may be able to do some of that work better and more reliably than many healthcare organizations can accomplish on their own.
But I'd probably think of this not just as an HR shift, it's a risk shift. If you thought it was tough to get entry-level security staff, it's even tougher now to get experienced staff to manage those outsource contracts. So I'm saying, I'm not saying don't do it. I'm actually saying that if you can do it better, faster, cheaper than by all means, I understand the financial pressures, but ultimately somebody who works.
For the health system, we'll have to conduct that orchestra of contracts and staff because you can't really outsource responsibility for patient safety, business operations, and clinical operations. So be prepared to pay a premium for your InfoSec architect and that orchestra conductor. And I'm hearing CISOs now are being paid more than CDs at some organizations, and I'm not surprised.
There's another story from CNBC that's adjacent to this one. In it, they're also emphasizing the idea that tech is replacing people in security shops and cybersecurity AI agents are on the rise, and cyber thugs have proven to be very handy with AI tools at this point. They're doing everything from video and voice deep fakes to personalizing phishing campaigns.
So if they can do it, we can do it. A lot of organizations now are sort of pulling AI agents into the corporate cyber defense efforts. For scanning logs, for flagging anomalies, even kicking off incident response playbooks. And if you trust them enough, they're even taking some of those actions without waiting for human input and targeted initially.
I think you'll see, you see, um, menial time consuming or boring security tasks, which frees the human to work on more important tasks. And I think in this model, you think of the agents as a teammate who. Love combing through the details 'cause that's what they're really good at. And all this sounds great, but these systems are only as good as the data that they're trained on.
And like any new recruit that recruit needs supervision. So give them a job. Once they're consistently great at it, you can ease off on the supervision. And while the model, while this model is likely the future. I think in healthcare, at least in the near term, we'll need to pair AI speed with human judgment to make sure that we keep patients and families safe and all of our systems online.
And the final story. Today, Google and Cisco are warning about attackers targeting customer relationship management, CRM software like Salesforce, using Vishing, that's voice phishing to trick employees into revealing login credentials. And besides Google and Cisco as victims, there's a bunch of others over the past month or so including Adidas, Victoria's Secret, Chanel Diora, Louis Vuitton, Tiffany.
Qantas Airlines and Insurance Company Allianz Life and check me out. I just got my notification letter from Allianz today, and guess what? They're gonna give me more. More credit monitoring. Exciting. CRM breaches aren't just marketing headaches In healthcare, they can expose PHI and disrupt patient communications, so train staff to spot suspicious calls just as aggressively as you're training them on email phishing today.
More on all those stories and a lot of other healthcare innovation, tech and security news at this week, health.com/news, and you can find all our security podcasts, including all the ones you might've missed at this week, health.com/unh. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid.
I'll see you around campus.
© Copyright 2024 Health Lyrics All rights reserved
