Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With attackers now logging in instead of hacking in, securing your identity infrastructure is more critical than ever. Relying on a patchwork of tools for Active Directory and Entra ID creates dangerous blind spots and slows your response to threats.

Cyber resilience in financial services is often treated as a checklist of tools and controls, rather than what it truly is: a system of people, intelligence, and collaboration working together.

A ransomware attack will take a hospital down for 2-3 weeks on average. When you define the few core applications most critical to maintaining patient continuity of care, and create a plan to quickly recover them, you can turn disaster into a testament to preparedness. This is your Minimum Viable Hospital.

With attackers now logging in instead of hacking in, securing your identity infrastructure is more critical than ever. Relying on a patchwork of tools for Active Directory and Entra ID creates dangerous blind spots and slows your response to threats.

Ransomware isn’t just about locking files anymore; attackers like Scattered Spider can take entire backup systems offline. Joe Hladik explains how hypervisor encryption lets them access virtualization interfaces and encrypt entire ESXi clusters, leaving organizations with no way to recover. Joe lays out why this tactic is so dangerous: it turns a backup, your last line of defense, into another point of failure.

Identity-based ransomware is no longer a fringe tactic; it’s becoming the playbook of today’s most dangerous adversaries. Scattered Spider, a financially motivated e-crime group, has shifted the model from smash-and-grab encryption to a far more devastating combination of double extortion, social engineering, and hypervisor encryption attacks.

Chinese cyber operations aren’t random hacks; they are part of a broader geopolitical competition for information, economic advantage, and strategic influence. Every operation ties back to China’s long-term national objectives. Mei Danowski, Co-Founder of Natto Thoughts Online Publication, explains how these attacks serve national objectives and why cybersecurity defenders must adapt.

Chinese state-backed cyber operations are often misunderstood as a single, centrally controlled machine. In reality, they are fragmented, diverse, and strategically aligned with China’s national objectives, from economic development to critical infrastructure positioning. In this episode of Data Security Decoded, join Caleb Tolin as he sits down with Mei Danowski, Co-Founder of Natto Thoughts and expert in geopolitical intelligence, to explore how China’s cyber ecosystem operates and how it is shaped by cultural, political, and economic structures.

In traditional intel roles, analysts avoid making direct recommendations. But Scott Scher explains why that doesn’t work in the business world. CTI teams can’t just present options, they need to say what should happen next. Scott breaks down why effective CTI must go beyond context and offer clear, actionable guidance for defenders. Hidden Truths: Traditional intel avoids giving direct recommendations Business leaders and defenders want clear next steps CTI teams must say.

CTI isn’t just about detecting threats, it’s about helping defenders justify the decisions they make. Scott Scher explains why cyber threat intelligence should be seen as cover, not an excuse. It should be seen as a way to prioritize and explain security actions with confidence. Scott lays out how CTI can give defenders clarity, accountability, and the ability to say.