EP229 Beyond the Hype: Debunking Cloud Breach Myths (and What DBIR Says Now)

Topics covered:

• How would you define “a cloud breach”? Is that a real (and different) thing? 
• Are cloud breaches just a result of leaked keys and creds?
• If customers are responsible for 99% of cloud security problems, is cloud breach really about a customer being breached?
• Are misconfigurations really responsible for so many cloud security breaches? How are we still failing at configuration?
• What parts of DBIR are not total “groundhog day”?
• Something about vuln exploitation vs credential abuse in today’s breaches–what’s driving the shifts we’re seeing? DBIR
• Are we at peak ransomware? Will ransomware be here in 20 years? Will we be here in 20 years talking about it?
• How is AI changing the breach report, other than putting in hilarious footnotes about how the report is for humans to read and and is written by actual humans?