Week in Review: Agriculture ransomware increase, Congress challenges CISA cuts, Disney’s slacker hacker
May 9, 2025
auto_awesome
Dan Holden, CISO at BigCommerce, shares his expertise on the surge of ransomware attacks targeting the agriculture sector, revealing its unique vulnerabilities. He discusses challenges faced by CISA, particularly regarding funding and the evolving nature of critical infrastructure post-COVID-19. The conversation also dives into insider threats, spotlighting a plea deal, and the NSO Group's legal battles over spyware like Pegasus. Lastly, Holden emphasizes the need for accountability in cybersecurity as organizations grapple with increasing threats in a digital landscape.
The alarming rise in ransomware attacks on the agriculture sector highlights the vulnerabilities of legacy systems, necessitating enhanced cybersecurity measures.
The congressional debate over CISA funding emphasizes the need for adequate resource allocation to effectively protect critical infrastructure from evolving cyber threats.
Deep dives
Rise in Ransomware Attacks on Food and Agriculture
Ransomware attacks targeting the food and agriculture sectors have escalated dramatically, with reports indicating that 84 attacks occurred in the first quarter of 2024, more than double the number in the same period of the previous year. This increased vulnerability is attributed to the prevalence of legacy systems and older operational technology, which are less secure and easier for attackers to exploit. Experts stress that many ransomware incidents remain unreported, obscuring the true extent of the problem and highlighting the critical need for organizations in these industries to enhance their cybersecurity defenses. As the threat landscape expands, businesses must not only address the risks posed by attackers but also manage increasing pressure from customers and partners regarding security measures.
Congressional Concerns Over CISA Funding Cuts
The proposal to cut funding for the Cybersecurity and Infrastructure Security Agency (CISA) by $491 million has raised alarm among Congress members, who argue that such reductions could undermine efforts to secure critical infrastructure amidst heightened international tensions. Homeland Security Secretary Kristi Noem defended the cuts by asserting that CISA is focusing its resources more effectively, but critics contend that the definition of 'critical infrastructure' must include various sectors beyond traditional categories like utilities or transportation. The ongoing debate underscores the importance of appropriately funding cybersecurity initiatives, especially as many businesses now rely heavily on government resources to bolster their security posture. A shared understanding of what constitutes critical infrastructure is essential to ensuring comprehensive protection across all sectors dependent on reliable cybersecurity.
Data Theft Incident at Disney Exemplifies Insider Threats
A significant cybersecurity breach at Disney, where over one terabyte of data was potentially compromised through a Slack channel exploit, underscores the pressing concern of insider threats. The attack was executed by Ryan Mitchell Kramer, who tricked a Disney employee into downloading malware disguised as an AI art generation app, leading to the theft of login credentials. This incident serves as a stark reminder that even well-resourced companies can face critical vulnerabilities, particularly when employees engage with unverified software. Cybersecurity leaders emphasize the need for robust policies and employee education on the risks associated with insider threats and the importance of due diligence when assessing software and technology integrations.
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
All links and the video of this episode can be found on CISO Series.com
Remember Everything You Learn from Podcasts
Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
