In this episode of ‘Insights into Technology,’ host Joseph Whalen delves into the week’s top tech stories. Starting with a controversial directive from Defense Secretary Hegseth, the episode explores the strategic pause on U.S. Cyber Command’s offensive operations against Russia and its potential implications for cybersecurity.
The show also covers the imminent transition from Skype to Microsoft Teams, highlighting the benefits and challenges of this major shift. Additionally, the episode touches on Apple’s legal battle against a UK government order seeking backdoor access to its encrypted iCloud storage, raising significant data privacy concerns.
With expert insights and discussions on the future impact of these developments on businesses and individual users, this episode is packed with critical information for anyone interested in cybersecurity, data privacy, and technological advancements.
Transcription
00:00:02:15 – 00:00:07:05
Narrator
Insightful podcasts.
00:00:07:07 – 00:00:15:23
Narrator
By informative host for.
00:00:15:26 – 00:00:23:28
Narrator
Insights into things, a podcast network.
00:00:24:00 – 00:00:51:25
Narrator
Welcome to insights into technology, a podcast exploring the latest in computers, networking, home automation, mobile computing and all things technology related. Our hosts will take a deeper dive into the latest and greatest in tech trends, and give you the information you need to enable your tech centric world.
00:00:51:27 – 00:01:27:12
Joseph
This is insights into technology. Episode 22. No cyber command. No cyber control. I’m your host, Joseph Whalen, and this is your Tech News of the week. Our first article comes to us from Martin Matichak at the Record. Digital detente or security sabotage? Defense Secretary Pete Hegseth has directed US Cyber Command to halt all planning against Russia, including offensive cyber operations.
00:01:27:14 – 00:02:04:26
Joseph
This order, which does not affect the National Security Agency signals intelligence activities, aligns with the administration’s efforts to normalize relations with Moscow following its 2022 invasion of Ukraine. The duration of this directive remains uncertain, with Cyber Command instructed to assess ongoing missions and potential threats emanating from Russia. This strategic shift may have significant implications for the cyber security landscape affecting commercial and enterprise sectors.
00:02:04:28 – 00:02:47:04
Joseph
By pausing our offensive cyber operations against a major cyber adversary. There could be an increased risk of cyber threats targeting critical infrastructure, financial systems and corporate networks. Organizations need to bolster the defensive measures, reassess risk management strategies, and enhance the threat intelligence capabilities to mitigate potential escalations in cyber attacks. With U.S. Cyber Command standing down on offensive operations, could Russian cyber actors become more emboldened to target U.S. businesses?
00:02:47:06 – 00:03:22:27
Joseph
Well, the absence of offensive cyber deterrence could encourage Russian state sponsored and criminal cyber groups to ramp up attacks on US businesses. Historically, adversaries test boundaries when they perceive a reduction in defensive or retaliatory actions. Russian linked groups such as Apt29 or Cozy Bear, an APT 28 or Fancy Bear have previously targeted U.S. government agencies, financial institutions and infrastructure.
00:03:22:29 – 00:03:56:02
Joseph
So what should businesses do in this case, with Cyber Command being largely taken out of the picture at this point in time, we think the there’s an overall loss of vision of what Cyber Command does and the role they play, not just in protecting the federal government systems, but also commercial and enterprise systems in the country. With the absence of U.S. Cyber Command’s role in this, you’re going to want to secure your own organization.
00:03:56:03 – 00:04:27:00
Joseph
You’re going to want to subscribe to cybersecurity threat intelligence feeds to monitor emerging threats. A couple of the ones that I recommend are Alien Vault’s Open Threat Exchange, CCS Automated Indicator, Sharing Your Eyes. US cert puts out a list as well as the Dark Tracer. So these are some resources that you might find helpful in at least being aware of the threats out there and how you can mitigate some of them.
00:04:27:02 – 00:04:51:00
Joseph
You also want to implement zero trust security models, which if you haven’t done so already, you probably should do even with Cyber Command in play. It’s worthwhile going zero trust. This ensures strict identity verification and least privileged access to anyone inside your network. Obviously patching we talk about this and you know we harp on this all the time.
00:04:51:02 – 00:05:16:10
Joseph
Keep your software and systems up to date to reduce vulnerabilities. Training is another one that we harp on a lot. A lot of our, mitigation strategies rely on educated users. So educate your employees on the latest phishing, social engineering, and advanced persistent threats. How to spot them, what to do when they think they might have spotted one.
00:05:16:13 – 00:05:48:28
Joseph
And finally, you want to invest in proper endpoint detection and response your EDR solutions. Advanced tools can detect and mitigate sophisticated cyber threats as they’re happening or before they happen. So what’s going to happen with the resources that Cyber Command currently has? Because as far as I know, I haven’t seen anything yet. But, they’ve not fallen victim to the purge of Doge at this point in time.
00:05:49:00 – 00:06:26:27
Joseph
They could shift their focus. They’ve made mention of, strengthening their us, government and critical infrastructure to prevent attacks from other attackers, such as China, Iran, North Korea basically round up the usual suspects. They also may be allocating resources to disrupt ransomware gangs that often operate with state support. I don’t know of any any of that’s going to actually happen, given some of the other, decisions that are being made as far as cybersecurity goes.
00:06:27:00 – 00:07:08:28
Joseph
Could this lead to enhanced operations against other cyber threats, such as those from non-state actors? It’s possible Cyber Command may prioritize countering threats from financially motivated groups, hacktivists, and espionage operations by other nation states. China, we talked about, has increased cyber espionage operations. North Korean actors frequently target financial institutions to fund state operations. What implications? And I know with our new America First mentality, we probably aren’t thinking too much of this.
00:07:08:28 – 00:07:48:22
Joseph
But what are the implications for international cyber security? Potentially, if the U.S. reduces cyber offensive operations, other nations may view this as a de-escalation signal or an opportunity to act more aggressively. The decision might also encourage diplomatic efforts to establish clearer international norms for cyber conflict. But adversarial nations likely won’t adhere to such agreements. How might other nations perceive and react to the US altering its cyber posture?
00:07:48:25 – 00:08:16:08
Joseph
Well, our allies, if we have any of those left at this point in time, like NATO and Five Eyes, may worry about decreased deterrence and could increase their own cyber operations. I don’t think they have much choice. They kind of have to. I suspect a good portion of what we do to protect ourselves, involves sharing intelligence on cyber threats.
00:08:16:10 – 00:08:41:09
Joseph
Russia might view this as an opportunity to expand its cyber espionage efforts, with less fear of U.S. retaliation. That’s almost a guarantee at this point. China may interpret this as a sign of reduced U.S. cyber engagement and could ramp up its own operations. I don’t know how they could ramp them up much more than they already are, because they’re hammering us on a daily basis.
00:08:41:12 – 00:09:08:28
Joseph
And then really, the the area I think of the most concern right now is that cyber criminal groups will take advantage of the low and offensive actions to increase ransomware attacks and data breaches. I think you’re going to see a significant increase in attacks coming forward. So I’m not really sure why they made this decision here, but combined with several other decisions, which we’ll talk about later in the show.
00:09:09:00 – 00:09:37:28
Joseph
It doesn’t bode well for cyber security. And it’s it’s actually kind of scary at this point in time. It’s almost like there’s a deliberate attempt right now to cripple our ability to defend ourselves against cyber attacks. And I don’t know what the motivation is behind that, but it’s it’s not good. Our next story comes to us from, Dark Reading’s Elizabeth Montalbano.
00:09:38:01 – 00:10:21:25
Joseph
Sharing is scary. The sophisticated phishing campaign is exploiting Microsoft SharePoint to compromised windows systems. Attackers send emails, prompting users to open a documents HTML file, which instructs them to execute a malicious PowerShell command. This command deploys the open source Havoc command and control framework, granting attackers full control over the compromised systems. This attack underscores the evolving tactics of cyber criminals who leverage trusted platforms like SharePoint to bypass security measures for enterprises.
00:10:21:27 – 00:11:01:07
Joseph
Such sophisticated phishing methods pose significant risks, including unauthorized access, data breaches, and potential operational disruptions. The use of legitimate services for malicious purposes challenges traditional security defenses necessitating advanced threat detection and comprehensive user education. By embedding malicious content within legitimate services. Attackers exploit the inherent trust that’s in those services, making it difficult for standard security protocols to detect and block such threats.
00:11:01:09 – 00:11:38:29
Joseph
Anytime you trust something when that trust is broken. It takes a while before most people tend to pick up on it. Requiring users to execute commands circumvent automated security measures, placing the onus on individuals who may not recognize the threat, thereby increasing the attack success rate. This goes back to the nag screens that everyone’s familiar with. With Microsoft User Account Control, where Microsoft had flooded people with the security prompts to the point that people trained themselves to ignore them.
00:11:39:01 – 00:12:16:18
Joseph
So you’re seeing similar things when it comes to similar methodologies when it comes to these types of attacks. Now, with users actually executing the commands themselves. You don’t have a chance to let your automated defensive systems actually detect these and stop them because it’s user initiated. The advanced obfuscation techniques conceal malicious code within seemingly benign operations, evading traditional signature based detection methods, and necessitating behavioral analysis for identification.
00:12:16:21 – 00:12:50:08
Joseph
The one advantage we have right now, or maybe the silver lining in all of this, is that current security systems and security infrastructures that are implementing artificial intelligence as part of its defense mechanisms is they’re very capable of detecting these types of attacks and mitigating them. Where traditional security, where we’re using signature based, obviously they’re not performing very well with these threats.
00:12:50:11 – 00:13:24:18
Joseph
Organizations should adopt multi-layered security approaches, including advanced threat protection and detection systems. Regular employee training on phishing recognition and strict access controls to minimize potential impact. User. It sounds like a broken record. I know it’s the same thing over and over again to defend against these things. They’re not foolproof techniques, but if you’re not doing these, then you’re simply ramping up the percentage chance of being attacked and breached.
00:13:24:20 – 00:13:54:13
Joseph
Significantly. Open source tools do provide attackers with customizable and cost efficient resources to develop sophisticated malware like this, thus lowering the barrier to entry for executing complex cyber attacks. The cat and mouse game where when they make it easier for the attackers, they make it harder for the defenders. And there’s really, unfortunately, no way to get around that.
00:13:54:20 – 00:14:24:07
Joseph
AI is becoming one of the leading sources of some of this malicious code, and we have to be very careful about that. So be aware of this. My note to my users was, to at least let them know about this threat, what to look for, and what not to expect. But we’re not going to send out emails asking you to run scripts and so forth.
00:14:24:09 – 00:14:47:02
Joseph
So a lot of times it’s just a matter of common sense at this point in time. And as long as the users are aware to look for these things, you’re usually okay. But make sure you communicate these types of threats to your users so that at least when they see something they know to question it, they don’t wonder if they need to question it.
00:14:47:04 – 00:15:31:29
Joseph
Our next article comes to us from Dark Readings. Jay. I’m going to say this wrong. I apologize in advance. Vijayan, I want to say, I think that’s correct. VMware virtual breach. Virtual vault breached. VMware has released patches for three critical zero day vulnerabilities affecting its easy workstation and fusion products. These flaws, currently under active exploitation, allow attackers with administrative access to a virtual machine to escape the VM sandbox and execute code on the host system.
00:15:32:02 – 00:16:06:14
Joseph
This escalation can lead to unauthorized control over the host environment, posing significant security risks. The exploitation of these vulnerabilities threatens the foundational security of virtualized environments widely used in enterprise settings. Successful attacks could result in unauthorized access to critical systems, data breaches, and operational disruptions. The usual suspect of, or the usual result of these types of things.
00:16:06:17 – 00:16:39:08
Joseph
Organizations relying on VMware as virtualization solutions must act promptly to mitigate these risks. And again, we’re going to harp on the typical stuff that we talk about here. Timely patching is crucial for preventing exploitation. Implementing robust access management policies can limit potential attack vectors. Continuous monitoring can help identify and respond to exploitation attempts. It’s worthwhile to take a moment to talk about this for a second.
00:16:39:10 – 00:17:13:14
Joseph
Continuous monitoring isn’t just running a firewall. Continuous monitoring is running internal threat detection systems themselves that look for anomalies. They look for, unusual access requests. They may look for elevated data transfer rates. They may look for users who are accessing areas that are outside of their area of responsibility, or users who are requesting putting request access for access to areas that they don’t normally have access to.
00:17:13:16 – 00:17:36:02
Joseph
These are all the types of automated systems that you need to be running internally. No one person has the time to go through logs and and dig through all this stuff to try to find it. So these types of monitoring and detection systems need to be in place. Staying informed with your vendors enables proactive vulnerability management as well.
00:17:36:04 – 00:18:06:16
Joseph
Again, being on one of these vulnerability lists to see when these threats come out, preparedness, ensure swift action to mitigate damage. You see a lot of these advanced persistent threats penetrate networks and start exfiltrating data or compromising internal security. Precautions. And they could be in your network for six months to a year in some cases.
00:18:06:18 – 00:18:33:16
Joseph
But they’re not doing anything malicious other than gathering information and prepping the system for a future attack. And these are the types of things that throw up red flags when you have, processes that are running that you can’t identify or, high bandwidth utilization times or slow system performance periodically throughout the day, or your database starts to grind to a halt.
00:18:33:18 – 00:19:01:00
Joseph
You have to be aware of these things. Don’t discount them because they happen to go away after a period of time. Understand the patterns. Understand what the threats are to the dangerous world out there in cyberspace. And, we have to be vigilant. We have to be educated, and we have to be persist in our pursuits. That’s all we had for the first segment today for our cybersecurity segment.
00:19:01:03 – 00:19:41:29
Joseph
I did want to take a moment to, invite you to to reach out to us, give us your feedback. I’d love to hear your thoughts on the articles we discussed today. I’d love to hear your take on our opinions on things you can call in. Leave a voicemail for us. The number is (856) 403-8788. That’s (856) 403-8788. Or you can email us at comments and insights into things.com or you can get links to all of our, social media and contacts on our main website at Insights into things.com.
00:19:42:01 – 00:19:50:12
Joseph
We’ll be right back.
00:19:50:14 – 00:20:10:25
Narrator
Are you tired of your favorite gaming podcast finishing with a play? No. Well, check out no credits rolled where we play the games, but rarely finish them. How’s it going, folks? I’m Sam Whalen, your friendly host at No Credits Rolled the Ultimate gaming podcast, where we dish out the latest scoops and reviews on all your beloved video games.
00:20:10:28 – 00:20:33:03
Narrator
Hey, listen. Not only that, but we spice things up with some guest interviews and even give you, yes, you, a chance to have your say. Tune in every other week for a fresh dose of no credits roll. Available on all major podcast platforms, and hit us up on social media at no credits rolled. So why wait? Let’s dive into the gaming world together.
00:20:33:03 – 00:20:47:15
Narrator
We’re finishing games is optional, but the fun is guaranteed.
00:20:47:17 – 00:21:26:04
Joseph
Welcome back to insights into Technology. Our next story comes to us from Sergio Gatlin at Bleeping Computer, who tells us the end of the line for Skype is near. Microsoft has announced that it will discontinue Skype on May 5th of this year after 22 years of service. The company is encouraging users to transition to Microsoft Teams, which offer similar functionalities along with additional features like calendar management and meet meeting hosting.
00:21:26:06 – 00:22:03:27
Joseph
Existing Skype users can migrate their contacts and chat histories to teams using their current Skype credentials. The shift from Skype to Microsoft Teams reflects Microsoft’s strategy to consolidate its communication platforms, aiming to provide a unified solution for both personal and professional use. For businesses, this transition offers an opportunity to integrate various collaboration tools into a single platform, potentially enhancing productivity and streamlining workflows.
00:22:03:29 – 00:22:37:18
Joseph
However, organizations currently relying on Skype may need to plan and execute the migration to teams carefully to ensure continuity and address any training needs associated with the new platform. I have to say, I’m kind of sad to see this go. I’ve been a Skype user from practically day one before Microsoft acquired it. It was an excellent service for long distance communication before social media exploded.
00:22:37:21 – 00:23:02:29
Joseph
I used to use it for long distance phone calls at the time because the rates were so much cheaper. I even had a subscription to it and, I was just, notified by Microsoft very politely, that the credit, the $0.18 of credit that I still had on the account, has been, revoked or lost or whatever because I haven’t used it, in 90 days or something like that.
00:23:02:29 – 00:23:34:07
Joseph
But I was a longtime user of it. So how can businesses effectively migrate from Skype to teams? But organizations should develop a detailed migration plan with timelines, data transfer procedures, and employee training programs. Pretty much any time you’re you’re migrating any platform over using Microsoft’s migration tools and resources can facilitate a smooth transition. Now, caveat I’ve not tried their transition tools yet.
00:23:34:09 – 00:23:59:27
Joseph
One of the things that I have traditionally found is that transition tools in situations like this rarely work 100% as advertised. So with that in mind, you probably want to have a rollback planning or some type of failover plan. If it doesn’t go well. So what additional features does teams offer compared to Skype? And how can enterprises leverage them?
00:24:00:00 – 00:24:39:09
Joseph
Microsoft is selling this transition with the notion that they’re providing you more services and teams. Does teams provides integrated collaboration tools such as file sharing, project management and application integration, which can enhance team productivity and communication efficiency. We recently started the transition to teams at my organization. Most of our functionality is reserved or restricted or, handled, I should say, by an internal SharePoint server.
00:24:39:09 – 00:25:04:07
Joseph
Which teams is also looking to, supplement and replace that as well. So the transition for us, it’s awkward. The teams interface isn’t the most intuitive, but it’s also fairly user friendly, and it takes just a little bit of a learning curve to get used to. So how does teams address security and compliance requirements for enterprises, especially when you’re putting your files up there?
00:25:04:07 – 00:25:46:11
Joseph
That’s a significant concern that a lot of companies have. Teams does include robust security features such as data encryption, multi-factor authentication and compliance certifications, aligning with various industry standards and, to protect organizational data. I will mention, though, the teams does currently allow SMBs to factor. And as we’ve talked about on the podcast in the past, as SMS is literally the least secure version of two factor, I would absolutely opt for another two factor method other than, SMS.
00:25:46:13 – 00:26:20:20
Joseph
We use, YubiKey for hours or authenticator apps for our access. But I would definitely recommend something stronger than SMS. Another big question will existing third party integrations with Skype be compatible with teams? This is another another catch here where you’ll find a lot of the tools you’ve come to rely on that you’ve worked used in conjunction with Skype may not necessarily be available.
00:26:20:22 – 00:26:48:03
Joseph
Some integrations may require adjustments. Microsoft Teams supports a wide range of third party applications, so your organization needs to review their current integrations and consult with vendors to ensure compatibility. So a lot of vendors have been trying to move over to teams already. You may find a lot of the third party, helper apps that you use maybe over there already.
00:26:48:05 – 00:27:14:04
Joseph
Either way, no one likes change, and it’s human nature to kind of resist change. But this is one where you obviously don’t have a choice at this point in time. And I think you’ll probably find that teams is, probably not the best video conferencing app out there, but I think it’s adequate for most people. But, you you don’t have much of a choice, right?
00:27:14:05 – 00:27:49:27
Joseph
We have to move on here. So make the most of it. Train your people. Make sure your third party apps are working and have a plan. Next up. Cloudy with a chance of downtime. Sergio Gatlin from BleepingComputer comes to us with this one again. On March 3rd, 2025, Microsoft experienced a significant outage affecting its Microsoft 365 services, notably disrupting teams functionality and causing widespread call failures.
00:27:50:00 – 00:28:13:26
Joseph
Now you take this with the last article on you wonder, okay, why am I moving the teams that they can’t keep it up and running? It’s a valid question. Microsoft’s had several outages in the last few months that have a lot of people scratching their heads. Users reported issues with authentication across multiple services, including outlook, OneDrive and exchange.
00:28:13:28 – 00:29:01:27
Joseph
Microsoft acknowledged the problem, stating, quote, users may not be able to receive calls placed through Microsoft Teams, provisioned auto attendance and call queues, unquote, and initiated an investigation to identify the root cause. This outage highlights the vulnerabilities inherent in relying on cloud based communication platforms. Having recently started a transition to a more cloud centric environment at my facility, I can totally understand the skepticism here because it’s very disheartening to move over to a large cloud environment like Microsoft, only to find that you’re having consistent outage problems.
00:29:01:29 – 00:29:32:15
Joseph
And unfortunately, Microsoft is a big giant target. They’ve got a target on their back. Most of the malicious actors out there are going after Microsoft one, because Microsoft is notoriously insecure with how they do things. And two, they’ve got a massive customer base, so they’re ripe for further picking. Now. For businesses, such disruptions can lead to operational inefficiencies, decreased productivity, and potential financial losses.
00:29:32:18 – 00:30:11:06
Joseph
The incident underscores the necessity for robust contingency planning and diversified communication strategies to mitigate the impact of unforeseen service disruptions. So what led to the authentication token failures that caused this outage? The outage, according to Microsoft, was attributed to, quote, problematic a problematic code change, unquote, in Microsoft’s authentication system, leading to widespread service disruptions. Which, again, is alarming.
00:30:11:08 – 00:30:44:17
Joseph
It’d be one thing if it was a malicious attack or a denial of service or something along those lines that Microsoft is invariably going to get hit with and can respond quickly, too. But in this case, here, it’s a problem of their own making, which, you know, speaks to the insecure way that they code their software, which is also why their operating system releases 70 to 100 over 100 patches a month.
00:30:44:20 – 00:31:17:21
Joseph
The outage primarily affected users across Canada and parts of the US impacting services, as you said, like outlook, teams and OneDrive. Microsoft identified the issue within hours, attributing it to a recent code update and reverted the changes to restore services. Organizations should implement multi-channel communications platforms, establish robust incident response plans, and regularly review their service level agreements with providers.
00:31:17:23 – 00:31:45:04
Joseph
Not that that’s going to get you too far with Microsoft, because the slides that Microsoft have are predominantly favorable towards them. This underscores the need for businesses to assess their reliance on single providers and consider hybrid solutions to ensure continuity. I don’t know how a hybrid solution would have solved this. You’re not going to have multiple providers for the services.
00:31:45:07 – 00:32:10:03
Joseph
You know your outlook. For instance, you’re not going to have multiple email providers. It’s just not practical. Your team’s environment, the same thing. You’re one drive environment, same thing. Having an offline repository where you can access these things that then sync to the cloud, that might be doable. But other than that, I think you’re kind of at Microsoft Mercy here.
00:32:10:03 – 00:32:49:11
Joseph
I don’t know of any solution out there that really offers a robust, multi-pronged approach to having multiple vendors provide these services without unnecessary duplication, synchronization issues, or security concerns. Not to mention the expense of recreating multiple different infrastructure networks. So this is one of those situations where you need to be very careful about what cloud provider you choose, and have a plan for what to do when that provider goes down, because it’s going to happen.
00:32:49:14 – 00:33:25:13
Joseph
Apple insider gives us our next article. This one’s from Andrew or the Big Apple Bites Back. Apple is challenging a UK government order demanding a backdoor into its encrypted iCloud storage, specifically targeting its advanced data protection feature. This legal action, filed with the UK’s Investigatory Powers Tribunal, marks the first court test of the 2016 Investigatory Powers Act’s provision on encryption.
00:33:25:15 – 00:33:57:16
Joseph
In response to the order. Apple has withdrawn ATP from the UK, emphasizing its commitment to user privacy and its stance against creating backdoors in its products. The UK’s demand for access to encrypted data, which they’re not the first ones to want this. The politicians in the US have been pushing for this, and local authorities have been pushing for this in the United States for quite some time now.
00:33:57:18 – 00:34:40:11
Joseph
Their demand for access to encrypted data raises significant concerns for businesses relying on cloud services for secure data storage. Some key considerations include data privacy and security. Obviously, mandating backdoors could compromise the confidentiality of sensitive business information. Increasing vulnerability to unauthorized access, compliance, and trust. Companies may face challenges aligning with global data protection regulations, potentially eroding trust in service providers perceived as susceptible to government interventions.
00:34:40:14 – 00:35:08:02
Joseph
This is exactly why the United States won at the band TikTok, because of the government intervention in China on the EFF. There’s also a concern for operational continuity. The removal of security features like ATP may prompt businesses to seek alternative solutions, potentially disrupting established workflows. What those alternative solutions would be that would still be legal in the UK under this law.
00:35:08:03 – 00:35:44:03
Joseph
I don’t know. I have to imagine any law that encrypts the data to the point that the government can’t access it if it needs to would not be considered acceptable. So you’re not going to have a solution in-country. This may force companies to go outside the country in order to get the services that they need. And these actions by the UK could set precedents encouraging other nations to impose similar requirements, complicating the global landscape for data security and privacy.
00:35:44:05 – 00:36:21:11
Joseph
But you also have the question the technical feasibility. This is the same argument Apple’s had about the demands by the U.S. law enforcement agencies to unlock phones in criminal cases. Introducing a backdoor inherently weakens encryption, making systems more susceptible to exploitation by malicious actors. Once you put a backdoor in, you can’t assume it’s only the government that’s going to use it, and that’s assuming that the government’s intentions are on the up and up, which in today’s political climate, that’s a big if.
00:36:21:13 – 00:36:50:06
Joseph
But once you compromise the ability to secure a system, anybody who finds that exploit can then take advantage of it, and there’s nothing you can do about it. Businesses may adopt additional encryption measures, diversify service providers, which again, we talked about being difficult to do or implement on premise data solutions to maintain control over the data security. Now this is an interesting concept.
00:36:50:09 – 00:37:14:15
Joseph
So for the longest time everyone had on prem solutions on prem email, on prem, file storage, on prem, data collaboration and so forth. And the push over the last ten years, 5 to 10 years has been go to the cloud. It’s cost effective. You don’t have to have the hardware. You don’t have to maintain it. You don’t have to worry about licensing all that stuff.
00:37:14:17 – 00:37:45:03
Joseph
Well, now we’re getting to the point now where the government is making sure that we can’t trust the service providers if we can’t encrypt our data securely. So you bring it all back in-house, you’re going to negate the advantages that being in the cloud gives. You would then that also begs the question of if I secure my data internally and I don’t put it in the cloud, can the government come and make me unlock my data for them?
00:37:45:06 – 00:38:18:08
Joseph
There’s there’s a lot of, you know, legal wrangling going on with this one. Companies could face conflicts also between complying with local laws and adhering to international data protection standards, potentially leading to legal disputes and operational complexities. What the UK is asking Apple to do would effectively violate GDP or potentially. And it would it would, it would affect other laws in different countries as well.
00:38:18:10 – 00:38:43:15
Joseph
So it’s like I said, legal wrangling here. Is it legal to create a law that breaks other laws? I’m not a I’m not a legal scholar. I couldn’t talk to that effect. But that’s really what the questions coming down to. It’s, it’s an overreach of of government. Unfortunately it’s not me United States government this time. It usually is.
00:38:43:17 – 00:39:04:25
Joseph
But it’s an overreach of government that could potentially be a violation of other regulations and laws that are out there. That puts the end user in quite a quandary at that point in time. So we’ll have to watch this one and see where it goes. I mean, Apple’s first approach was we’re just not going to offer the service anymore.
00:39:04:27 – 00:39:32:26
Joseph
You have to find it somewhere else. And there’s you know, the problem is the the encryption genie is out of the bottle. If you want to do something. I don’t even want to say illegal. But if you want to do something that you don’t want the government or law enforcement or competitors or someone else to to see or be aware of, there’s an infinite number of encryption options and I can encrypt data before I put it into the cloud.
00:39:32:26 – 00:40:02:03
Joseph
It doesn’t need to be encrypted by the cloud. There’s nothing that say, I can’t encrypt my data. It’s my data. I can do whatever I want with it. And the government trying to come in here and get access to it, it’s really it’s it’s lazy. You know, there’s plenty of methods out there for law enforcement and, and government agencies to do their job without having us break encryption, break the internet.
00:40:02:05 – 00:40:22:19
Joseph
And that’s really what they’re asking you to do is break the internet, basically for their, their citizens. And I think that’s sketchy at best. We’re going to take our second break right now. And when we come back, I was going to do a deep dive on. I was going to start the deep dive on our artificial intelligence, but I’m going to hold off on that.
00:40:22:19 – 00:40:42:17
Joseph
It is done and ready to go. I’m going to hold off on that right now. I think there are a number of issues, number of concerning, things that came up in the news lately that I, I just I’m trying to wrap my head around and I want to throw it out there for the audience. I’d love to get your thoughts on it.
00:40:42:17 – 00:41:01:04
Joseph
I’m going to throw out some information on, some theories and a lot of questions, and, we’ll see where we go. So we’ll be right back.
00:41:01:06 – 00:41:19:08
Narrator
Insights into entertainment a podcast series taking a deeper look into entertainment and media. Our husband and wife team of pop culture fanatics are exploring all things, from music and movies to television and fandom.
00:41:19:10 – 00:42:03:29
Narrator
We’ll look at the interesting and obscure entertainment news of the week. We’ll talk about theme park and pop culture news. We’ll give you the latest and greatest on pop culture conventions. We’ll give you a deep dive into Disney, Star Wars, and much more. Check out our video episodes at youtube.com. Backslash insights into things. Our audio episodes at Podcast Insights into entertainment.com, or check us out on the web at Insights into things.com.
00:42:04:01 – 00:42:34:00
Joseph
Welcome back to insights in the technology. So what do you think a little little moment here to talk about some of the things that have been in the news. So since taking office President Trump has issued several executive orders and directives that have raised concerns regarding their potential negative impact on national cyber security efforts. I’m just going to run down a couple here real quick and then try to try to figure things out here.
00:42:34:03 – 00:43:11:28
Joseph
So on January 22nd, there was a an order basically that came out. And this is almost immediately after he, he took the oath of office. There was an order that came out the dismantled the Cyber Safety Review Board. The administration disbanded members of the review board, which was an advisory board responsible for investigating significant cybersecurity incidents. The move raised questions about the future of cybersecurity oversight and the nation’s preparedness to handle major cyber events.
00:43:11:29 – 00:44:03:28
Joseph
So we talked about this earlier. Then on, February 3rd, there was a regulatory freeze affecting cybersecurity measures. An executive memorandum was issued to implement a regulatory freeze across the executive departments and agencies. This freeze may delay or halt the implementation of new cybersecurity regulations, potentially hindering efforts to strengthen national cyber defenses. Now, this one I think I speak, you know, from the heart on this one because it a it’s likely going to affect me and my organization where, we’re we’re in the process of of going through the Cybersecurity Maturity Model Certification 2.0.
00:44:04:00 – 00:44:38:18
Joseph
And it’s been a process that we started back in 2018 that may be frozen now, but it’s a process that’s been designed to protect vendors and the federal government from cybersecurity intrusions when dealing with federal government contracts. Then on March 1st, a lot of stuff happened, in the first week of March year, the March 1st, we have a deep prioritization of Russian cyber threats, which we talked about earlier.
00:44:38:21 – 00:45:19:15
Joseph
The administration has shifted its focus away from Russian cyber threats, emphasizing concerns over China and Iran. Instead, this pivot has led to reduced monitoring of Russian cyber activities, potentially leaving the nation more vulnerable to Russian hacking efforts. Now, to put things into perspective, let’s let’s look at a few statistics on Russia’s cyber security, threats. So in 2023, Russia accounted for over 30% of unsolicited spam emails globally, making it a major source of phishing attacks in 20.
00:45:19:15 – 00:46:00:10
Joseph
A 2024 study ranked Russia as having the highest cyber crime threat worldwide, and between July of 2023 and June of 24, approximately two thirds of cyber attacks by Russian state and affiliated groups targeted countries in Europe and Central Asia, particularly Ukraine. And then, Germany reported the 39% of companies that experienced cyber attacks in the past year attributed at least one attack to Russia, highlighting the country’s role in cyber threats against businesses.
00:46:00:10 – 00:46:41:10
Joseph
So clearly, Russia has proven itself to be a clear and present danger to this country. They’ve shown no signs of reducing that threat. They’ve shown no signs of changing their tactics, being less aggressive are clear and present danger. The data points here underscores Russia’s prominent role in global cyber threat activities, affecting both government and private sectors. Then we have on March 4th, suspension of offensive cyber operations against Russia.
00:46:41:12 – 00:47:20:22
Joseph
In an effort to improve diplomatic relations with Russia, the administration ordered U.S. Cyber Command to halt offensive cyber operations targeting Russian entities. Critics argue the pause could embolden Russian cyber actors and diminish the US’s proactive cyber security stance. And then on March 5th, we see a reduction in cyber security workforce. The Department of Government Efficiency initiated significant layoffs within federal agencies, notably affecting the cybersecurity, infrastructure, security Agency.
00:47:20:22 – 00:48:09:15
Joseph
Caesar. The dismissal of over 136 employees has disrupted essential cybersecurity functions and raised concerns about the government’s capacity to defend against the threats. One last one to throw out, I want to throw out here and we haven’t talked about it on this on this show yet. There was a study that came out yesterday or today talking about the security risk posed by the massive layoff efforts that the Department of Government Efficiency is executing right now, and the number of, high security personnel that are being let go and not following the standard procedures.
00:48:09:18 – 00:48:40:27
Joseph
Typically, when you let someone with a top secret or a secret security clearance go, there is a debriefing that they have an exit interview, you can say. And in that exit interview, they’re informed of what they can and can’t do. They’re reminded of the names and security precautions that they have to take. Nobody’s taking any of those. And there’s already been reports that foreign adversaries are attempting to recruit these U.S government officials that have been laid off.
00:48:40:29 – 00:49:10:10
Joseph
So there’s a massive, massive threat right now, security threat from these layoffs of brain drain. First of all, you don’t have people that are doing their jobs to defend the country. And the people that are being let go are potentially disgruntled employees that are being approached by foreign agents to pose an even bigger threat. So it makes me stop and wonder why we’re doing this.
00:49:10:13 – 00:49:44:02
Joseph
It’s basically a perfect storm for increased cyber risks. The policy decisions have collectively weakened US cyber security by reducing oversight, limiting regulatory advancements, prioritizing key threats, and shrinking the workforce responsible for national cyber defense. The diminished focused on Russian cyber threats, in particular, stands in stark contrast to mounting evidence that Russia remains a leading actor in global cyber crime.
00:49:44:04 – 00:50:14:29
Joseph
Without proactive measures to counter these trends, the risk of large scale cyber incidents affecting both public and private sectors will likely increase. Cyber security experts, including Bruce Schneier, warn that unless these trends are revised, the US could face heightened risks in the form of data breaches, ransomware attacks and infrastructure disruptions. With fewer resources available to mitigate the threats.
00:50:15:01 – 00:50:51:26
Joseph
So what’s the motivation for this? What is the administration trying to accomplish? Are they trying to accomplish? Do they understand the implications of these actions? And I think honestly, I don’t think they do. The recent weakening of cybersecurity defenses were executive orders, workforce reductions and strategic shifts raises significant concerns. While official explanations may frame these changes as efforts to streamline government operations were realigned, national security priorities, several underlying motivations could be at play.
00:50:51:28 – 00:51:23:28
Joseph
Let’s let’s take them at face value with their diplomatic realignment with Russia relations, the suspension of offensive cyber operations against Russia, and the deep prioritization of Russian cyber threats suggest a broader geo geopolitical strategy. The administration may be pursuing a policy of diplomatic rapprochement with Moscow, seeking to reduce tensions and foster cooperation in other areas such as trade or military de-escalation.
00:51:24:00 – 00:52:00:00
Joseph
However, this approach could come at the cost of allowing cyber, Russian cyber actors more freedom to operate against U.S. interests. Is it worth the cost? Is the question. There? The administration sees offensive cyber operations as an obstacle to improving U.S. Russian relations, and believes that scaling them back will encourage diplomatic engagement. I don’t disagree with that. However, I don’t necessarily think that improve relations with Russia is in our best interest at this time.
00:52:00:02 – 00:52:39:12
Joseph
The policy shift may be interpreted as a sign of weakness, leading to increased Russian cyber aggression rather than de-escalation. And I honestly, I think that’s where this is going to go. We’re going to get burned by this well before we reap any benefits from it. The other angle of this is the austerity approach. The government downsizing, the layoff of 136 employees and the disbanding of the Cyber Safety Review Board, aligned with broader efforts by Doge to reduce the size and scope of federal agencies.
00:52:39:14 – 00:53:15:29
Joseph
But then you have to wonder, maybe those agencies need to exist in that capacity for some reason, in protecting us, there’s a pretty good reason the cuts could be driven by a belief that private sector cybersecurity firms and decentralized corporate responsibility should play a larger role in national cyber security defense. Coming from the business world, you would think somebody like a Donald Trump or an Elon Musk would understand the value of the federal government providing the level of intelligence and oversight in cybersecurity.
00:53:16:01 – 00:53:43:27
Joseph
Being a tech guy, you would think Musk would understand that, but clearly he’s got a different motivation in mind at this point. The administration believes that cybersecurity should be more prioritized. They’ve not been shy about that at all, shifting responsibility to corporations and state governments. But you can’t have the same level of of service or of of protection when you go that route.
00:53:44:00 – 00:54:18:01
Joseph
And I think there’s a fundamental lack of understanding of that limitation. Weakening federal cybersecurity resources may leave critical infrastructure, including utilities, transportation and financial networks, more vulnerable to attacks. There’s also the idea of deregulation and anti bureaucratic processes. I’m sorry, I can’t believe any politician when they when they talk about that what they really mean is is anti opposite party bureaucracies is what they’re talking about.
00:54:18:01 – 00:54:40:20
Joseph
They’re there’s also this talk of a strategic shift towards China and Iran. Well unfortunately you don’t get to pick the people that you defend yourself against. When a lot of people are attacking you you need to defend against all of them. And Russia is not going to stop attacking us. Yes, China is a threat. And yes, Iran and North Korea are threats.
00:54:40:23 – 00:55:12:12
Joseph
But ignoring Russian cyber activities will backfire. Cyber cybercriminal groups and state sponsored hackers may see this as an opportunity to escalate their attacks without fear of retaliation. What it probably really boils down to, and again, this is just my opinion. Leave a note in the comments or drop a voicemail on me here and tell me I’m wrong. But it’s political and it’s an ideological thing.
00:55:12:15 – 00:55:46:10
Joseph
Given the history of Russian election interference and cyber influence campaigns, some critics argue the administration’s stance on cyber security could be politically motivated. Not that I’d ever accuse a politician of being politically motivated and not putting the country’s best interests at heart, but by prioritizing Russian cyber threats, the administration may be seeking to downplay concerns about foreign influence operations that have previously benefited certain political factions.
00:55:46:12 – 00:56:16:08
Joseph
The administration may wish to avoid policies that could strain political alliances or draw attention to the past cyber related controversies, and that’s a possibility. This could have road public trust, and I can almost guarantee it will in national security leadership and raise concerns about the political, political ization of cybersecurity policy. In general, it’s a risky strategy and it has long term consequences.
00:56:16:08 – 00:56:48:27
Joseph
And I don’t think those consequences have been fully vetted by the administration. Regardless of the motivations, the cumulative effect of these policies is a weaker national cyber security posture at a time when cyber threats are increasing. While the administration may view these decisions as strategic, it carries significant risks, including emboldening adversaries, exposing critical infrastructure, and reducing the nation’s ability to respond to emerging cyber threats.
00:56:48:27 – 00:57:13:25
Joseph
The fear that I have here and claim that I’m alarmist because of it, but the fear that I have here is we’re letting our guard down. We’re literally we’re we’re at war with these nations from a cyber security standpoint. And we’re literally pulling the, our, our troops off the front line here that are fighting this war for no good reason.
00:57:13:25 – 00:58:05:23
Joseph
And we’re exposing ourselves. And that exposure will increase exponentially the likelihood of advanced persistent threats penetrating our military, our government, our infrastructure, so that should there be a shooting war. The Donald Trump had an interview with Zelensky just the other day where he had raised concerns about provoking World War three. Should that happen under these current circumstances, Russia could literally click a button and shut down our infrastructure, shut down our satellites, shut down our electrical grid, shut down our water system, shut down our sewer system, shut down, pipelines with oil and natural gas.
00:58:05:25 – 00:58:34:23
Joseph
They could they if we allow them this foothold in the door, they don’t need to attack us. We’re surrendering to them already. We’re literally giving them everything that they need at this point in time, by not pursuing cybersecurity measures against them. I think it’s reckless. I think it’s dangerous, and I think it’s ultimately going to backfire in the end.
00:58:34:25 – 00:59:04:03
Joseph
Anyway, I think that’s it for preaching today. Before we do go, I want to do a quick round of shout outs. We did something right. I don’t know what we did, but we had a huge influx of followers on Twitch in the last few days. I don’t know if we hit the right search engine at the right time, but I would love to figure out what we did so we can keep up the good work.
00:59:04:06 – 01:00:02:20
Joseph
Because of that, I can’t possibly shout out to everybody here, so I’m going to shout out to, the ten, the the most recent ten that followed. Here we go. Ready. Here’s the rundown. Big thank you to Jackson Bari SC I’m sorry Jackson Arias UCB. Big shout out to fresh J hlc K Jack p3 AP baseball g n and M l would any c Sherman UT to key two I’m sorry Sherman UT to q the one GB k Clinton nine for I five and dark side f u s I.
01:00:02:22 – 01:00:22:25
Joseph
So thank you to everyone who followed us. And I wish I could shout out to everybody. Unfortunately, I’d be here all day because we had a lot of people follow us. But thank you to those who did. I would encourage you, and all of our users to follow us. We do stream, five days on Twitch.
01:00:22:25 – 01:00:46:15
Joseph
Technically, we stream 70, but I only target five days a week on Twitch. If you’re an Amazon Prime subscriber, you get a free Twitch Prime subscription. I’d love it if you threw that our way. It helps us keep the lights on. You can also find us, in. Actually, I would prefer that. I’d love to get some people, voice mails on the air.
01:00:46:17 – 01:01:11:21
Joseph
You can call in to (856) 403-8788. That’s (856) 403-8788. You can email us at. Comments and insights into things.com. Give us your opinion. You know. What do you think of of the news articles that we’re talking about? What do you think of our take on them and our our opinions and suggestions? I’d love to hear your your thoughts on that.
01:01:11:21 – 01:01:36:21
Joseph
Tell me I’m on, you know, like we don’t have to have an argument. I’m perfectly capable of having a, adult discussion with people who have a different opinion of mine, and maybe you can convince me otherwise. High res versions of our videos can be found on YouTube at youtube.com. Slash insights in the things where you can find all that and more on our official website at Dwarka.
01:01:36:24 – 01:01:41:22
Joseph
Insights into things.com. That’s it. Another one in the books.