The Changelog: Software Development, Open Source

Big breaches (and how to avoid them) (Interview)

Mar 24, 2021

Neil Daswani, a renowned security expert and Co-Director of Stanford's CyberSecurity Program, dives into the world of security breaches. He discusses the six key causes of breaches and highlights infamous cases like Equifax, Capital One, and SolarWinds. The conversation emphasizes the evolution and sophistication of cyber threats, the role of two-factor authentication, and the necessity for proactive security measures in agile development. Daswani also advocates for collaboration between developers and security teams to enhance overall cybersecurity awareness.

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

INSIGHT

Breach Severity Exceeds Predictions

Data breaches are increasingly common and severe, exceeding predictions.
Software vulnerabilities and malware are just two of the root causes.

INSIGHT

Gradual Rise of Mega-Breaches

The rise in mega-breaches isn't sudden but gradual, involving evolving attack vectors.
Phishing, unencrypted data, third-party compromises, and employee errors play major roles.

ANECDOTE

Sophistication of Phishing

Early phishing attempts were easily detectable, but now they're sophisticated.
Adam Stacoviak describes a recent Google-themed phishing attempt involving Google Forms.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

This week we’re talking about big security breaches with Neil Daswani, renowned security expert, best-selling author, and Co-Director of Stanford University’s Advanced CyberSecurity Program. His book, Big Breaches: Cybersecurity Lessons for Everyone helped to guide this conversation. We cover the six common key causes (aka vectors) that lead to breaches, which of these causes are exploited most often, recent breaches such as the Equifax breach (2017), the Capital One breach (2019), and the more recent Solarwinds breach (2020).

Join the discussion

Changelog++ members save 3 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Linode – Get $100 in free credit to get started on Linode – Linode is our cloud of choice and the home of Changelog.com. Head to linode.com/changelog OR text CHANGELOG to 474747 to get instant access to that $100 in free credit.
Retool – Retool makes it super simple to build back-office apps in hours, not days. The tool is is built by engineers, explicitly for engineers. Learn more and try it for free at retool.com/changelog
Render – Get $100 in free credit to give Render a try! Plus they’re going to assign a world-class engineer to your account to provide guidance and answer any questions. Render is built for modern applications and offers everything you need out-of-the-box — one-click scaling, zero-downtime deploys, built-in SSL, private networking, managed databases, secrets and config management, persistent block storage, and Infrastructure-as-Code. Send an email to changelog@render.com to get your free credits.
Grafana Cloud – Grafana Cloud is our dashboard of choice – Grafana is the open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.

Featuring:

Neil Daswani – Website, LinkedIn, X
Adam Stacoviak – Website, GitHub, LinkedIn, Mastodon, X
Jerod Santo – GitHub, LinkedIn, Mastodon, X

Show Notes:

Something missing or broken? PRs welcome!